style(set_2): Mocca redesign — new espresso/caramel palette, larger radius, deeper shadows #54

Merged
christin.loehner merged 10 commits from develop into master 2026-06-19 07:44:28 +02:00
christin.loehner commented 2026-06-19 07:43:29 +02:00 (Migrated from gitlab.apboard.de)

What does this MR do?

Changes

Checklist

Code quality

  • Follows naming conventions (apb_ prefix on all functions and classes)
  • No hardcoded user-facing strings — all go through the translation system
  • No var_dump, print_r, or debug output left in the code
  • New functions and non-obvious logic have a short comment

Security — mandatory

  • All new POST handlers validate apb_ValidateCsrfToken()
  • All new HTML forms include the CSRF hidden field
  • All new database queries use prepared statements (no string concatenation with user input)
  • New access-controlled pages have a hard gate (apb_IsAdmin() / apb_CheckAccessRights()) at the very top
  • File uploads (if any) use MIME/extension whitelist and GD re-encoding

Database

  • Migration included if schema or translation strings changed
  • Migration filename follows YYYY-MM-DD-HH-ii-title.php format
  • Migration is idempotent (IF NOT EXISTS / IF EXISTS, existence checks on INSERT)

Templates

  • Changes applied to both set_1 and set_2
  • No hardcoded strings in templates — keys exist in migration
  • |raw only used on content that went through apb_SanitizeHtml()

Testing

  • Tested locally (Docker or LAMP)
  • Tested as logged-out guest, logged-in user, moderator, and admin (where relevant)
  • Edge cases considered (empty input, missing record, unauthorized access attempt)

CI

  • Pipeline is green

Screenshots

## What does this MR do? <!-- One or two sentences. What is the change and why? --> ## Related issue(s) <!-- Closes #123 / Refs #456 — or "none" --> ## Changes <!-- Brief bullet list of what was changed, added, or removed. --> - ## Checklist <!-- Go through this before marking the MR as ready. --> ### Code quality - [ ] Follows naming conventions (`apb_` prefix on all functions and classes) - [ ] No hardcoded user-facing strings — all go through the translation system - [ ] No `var_dump`, `print_r`, or debug output left in the code - [ ] New functions and non-obvious logic have a short comment ### Security — mandatory - [ ] All new POST handlers validate `apb_ValidateCsrfToken()` - [ ] All new HTML forms include the CSRF hidden field - [ ] All new database queries use prepared statements (no string concatenation with user input) - [ ] New access-controlled pages have a hard gate (`apb_IsAdmin()` / `apb_CheckAccessRights()`) at the very top - [ ] File uploads (if any) use MIME/extension whitelist and GD re-encoding ### Database - [ ] Migration included if schema or translation strings changed - [ ] Migration filename follows `YYYY-MM-DD-HH-ii-title.php` format - [ ] Migration is idempotent (`IF NOT EXISTS` / `IF EXISTS`, existence checks on INSERT) ### Templates - [ ] Changes applied to **both** `set_1` and `set_2` - [ ] No hardcoded strings in templates — keys exist in migration - [ ] `|raw` only used on content that went through `apb_SanitizeHtml()` ### Testing - [ ] Tested locally (Docker or LAMP) - [ ] Tested as logged-out guest, logged-in user, moderator, and admin (where relevant) - [ ] Edge cases considered (empty input, missing record, unauthorized access attempt) ### CI - [ ] Pipeline is green ## Screenshots <!-- If the MR changes anything visible in the UI, add before/after screenshots. -->
christin.loehner (Migrated from gitlab.apboard.de) merged commit into master 2026-06-19 07:44:28 +02:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
APBoard/apboard3!54
No description provided.