fix: address code review findings for bookmark feature (H1–L5)

Fix broken tests (H1), align interface signatures with implementations (H3),
remove dead code (H4), add missing input guard (M1), replace raw $_SESSION
access with SessionStoreInterface (M2), sync update script schema (M4),
use shared getAppBase utility (L2), document fragment stripping (L3),
and apply app- CSS class prefix convention (L5).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-17 22:58:07 +01:00
parent 9688848401
commit d9805c45d3
10 changed files with 195 additions and 91 deletions

View File

@@ -22,7 +22,18 @@ if (!Session::checkCsrfToken()) {
$session = app(SessionStoreInterface::class)->all();
$userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) {
http_response_code(401);
Router::json(['ok' => false, 'error' => 'unauthorized']);
return;
}
$bookmarkId = (int) requestInput()->body('id');
if ($bookmarkId <= 0) {
http_response_code(400);
Router::json(['ok' => false, 'error' => 'invalid_bookmark_id']);
return;
}
$data = [];
if (requestInput()->body('name') !== null) {
@@ -37,6 +48,8 @@ $result = $service->updateBookmark($userId, $bookmarkId, $data);
if ($result['ok']) {
app(SessionStoreInterface::class)->set('user_bookmarks', $service->listGroupedForUser($userId));
} else {
http_response_code(400);
}
Router::json($result);