From 397f8b770a44df20ed27fe53c4767bcdb282aaf0 Mon Sep 17 00:00:00 2001
From: leosw <leo@lstronic.com>
Date: Sun, 18 Jan 2026 15:09:09 +0100
Subject: [PATCH] =?UTF-8?q?Petites=20s=C3=A9curit=C3=A9s=20blgo=20&=20wiki?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 models/d.blog.php      | 8 ++++++++
 models/d.wiki.php      | 8 ++++++++
 views/d.blog.edit.html | 2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/models/d.blog.php b/models/d.blog.php
index 3671577..8369b4b 100755
--- a/models/d.blog.php
+++ b/models/d.blog.php
@@ -103,6 +103,8 @@ class BlogArticle
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "UPDATE content_versions SET is_archive = TRUE WHERE locale_id = $1";
 
 		pg_prepare($con, "prepare1", $query) 
@@ -136,6 +138,8 @@ class BlogArticle
 		pg_execute($con, "prepare4", array($this->is_commentable ? 't' : 'f', $this->content_id))
 			or die ("Cannot prepare statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(
@@ -204,6 +208,8 @@ class BlogArticle
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "INSERT INTO contents (permalink, creation_date, is_public, is_commentable, type) VALUES
 			($1, $2, TRUE, $3, 'blog') RETURNING id";
 
@@ -244,6 +250,8 @@ class BlogArticle
 		$result = pg_execute($con, "prepare4", array($this->locale_id, $user->id))
 			or die ("Cannot execute statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(
diff --git a/models/d.wiki.php b/models/d.wiki.php
index 6d21c60..5970e23 100755
--- a/models/d.wiki.php
+++ b/models/d.wiki.php
@@ -102,6 +102,8 @@ class WikiPage
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "UPDATE content_versions SET is_archive = TRUE WHERE locale_id = $1";
 
 		pg_prepare($con, "prepare1", $query) 
@@ -129,6 +131,8 @@ class WikiPage
 		$result = pg_execute($con, "prepare3", array($this->locale_id, $user->id))
 			or die ("Cannot execute statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(
@@ -197,6 +201,8 @@ class WikiPage
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "INSERT INTO contents (permalink, creation_date, is_public, is_commentable, type) VALUES
 			($1, $2, TRUE, FALSE, 'wiki') RETURNING id";
 
@@ -237,6 +243,8 @@ class WikiPage
 		$result = pg_execute($con, "prepare4", array($this->locale_id, $user->id))
 			or die ("Cannot execute statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(
diff --git a/views/d.blog.edit.html b/views/d.blog.edit.html
index 5d50df8..98c5882 100755
--- a/views/d.blog.edit.html
+++ b/views/d.blog.edit.html
@@ -33,7 +33,7 @@
 				<? if(isset($new) AND $new==1) { ?>
 					<div id="permalink_container">
 						<label id="permalink_label" for="permalink"><?=$config['web_root_folder']?>blog/</label>
-						<input type="text" name="permalink" id="permalink" placeholder="URL">
+						<input type="text" name="permalink" id="permalink" placeholder="URL" required>
 					</div>
 				<? } ?>