From 94955a0a429ba9143ee934f0b728dbce937cf392 Mon Sep 17 00:00:00 2001
From: Curry141 <135717077+Daniongithub@users.noreply.github.com>
Date: Mon, 24 Nov 2025 18:34:35 +0100
Subject: [PATCH] Get api endpoint from config, not from user input.
---
README.md | 3 +++
docker/php/config.php | 3 +++
htdocs/admin/importer.php | 12 ++----------
3 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index c707466..8082a55 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,9 @@ if (!defined('APP_NAME')) {
if (!defined('YEAR')) {
define('YEAR', '2025/26'); // Anno Scolastico Corrente
}
+if (!defined('API_URL')) {
+ define('API_URL', 'http://localhost:3006/classe');
+}
if (!defined('DEV_MODE')) {
define('DEV_MODE', false); // Modalita' di sviluppo: abilita messaggi di debug aggiuntivi. Imposta su false se sei in produzione
}
diff --git a/docker/php/config.php b/docker/php/config.php
index 47ce5ae..6e53ccf 100644
--- a/docker/php/config.php
+++ b/docker/php/config.php
@@ -19,6 +19,9 @@ if (!defined('APP_NAME')) {
if (!defined('YEAR')) {
define('YEAR', '2025/26');
}
+if (!defined('API_URL')) {
+ define('API_URL', 'http://localhost:3006/classe');
+}
if (!defined('DEV_MODE')) {
define('DEV_MODE', false); // Modalita' di sviluppo
}
diff --git a/htdocs/admin/importer.php b/htdocs/admin/importer.php
index 45480b0..5ce6c9e 100644
--- a/htdocs/admin/importer.php
+++ b/htdocs/admin/importer.php
@@ -2,7 +2,7 @@
session_start();
if (!isset($_SESSION['admin'])) { header("Location: login.php"); exit; }
include("../lib/db.php");
-
+include("../config/config.php");
$message = "";
$messageType = "";
@@ -10,7 +10,6 @@ $messageType = "";
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['import'])) {
$classe_codice = trim($_POST['classe_codice']);
$classe_id = intval($_POST['classe_id']);
- $api_url = trim($_POST['api_url']);
if (empty($classe_codice) || $classe_id === 0) {
$message = "Compila tutti i campi obbligatori.";
@@ -18,7 +17,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['import'])) {
} else {
try {
// Chiama l'API Node.js
- $url = $api_url . "?classe=" . urlencode($classe_codice);
+ $url = API_URL . "?classe=" . urlencode($classe_codice);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
@@ -292,13 +291,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['import'])) {
Codice della classe nel sistema esterno
-
-
-
- Endpoint dell'API Node.js per lo scraping
-
-