Fix CSS variables, missing utility classes, API hardening, and audit log UX

- base.css: add --lt-border/--lt-surface aliases so dashboard.css respects theme instead of using hardcoded fallback colors - base.css: add lt-select-sm/lt-input-sm compact size variants (used in 15+ places), lt-msg-danger alias for lt-msg-error, lt-form-hint--warn, lt-font-mono utility class - audit_log.php: cap ?limit= at 500 to prevent DoS via oversized queries - ApiKeysView.php: replace deprecated execCommand('copy') with lt.copy(); add integer casts on api_key_id in id attr and data-id - AuditLogView.php: rebuild pagination with windowed prev/next/ellipsis pattern matching DashboardView; integer cast on user_id select option Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 13:22:12 -04:00
parent e721b33911
commit b42597c927
4 changed files with 57 additions and 14 deletions
@@ -38,7 +38,7 @@ include __DIR__ . '/../../views/layout_header.php';
        <select name="user_id" id="user_id" class="lt-select lt-select-sm">
          <option value="">All Users</option>
          <?php if (isset($users)): foreach ($users as $u): ?>
-            <option value="<?= $u['user_id'] ?>" <?= ($filters['user_id'] ?? '') == $u['user_id'] ? 'selected' : '' ?>>
+            <option value="<?= (int)$u['user_id'] ?>" <?= ($filters['user_id'] ?? '') == $u['user_id'] ? 'selected' : '' ?>>
              <?= htmlspecialchars($u['display_name'] ?? $u['username']) ?>
            </option>
          <?php endforeach; endif ?>
@@ -112,13 +112,35 @@ include __DIR__ . '/../../views/layout_header.php';
    <div class="lt-pagination" role="navigation">
      <?php
      $params = $_GET;
-      for ($i = 1; $i <= min($totalPages, 10); $i++) {
+      $start = max(1, $page - 2);
+      $end   = min($totalPages, $page + 2);
+      if ($page > 1) {
+          $params['page'] = $page - 1;
+          $pUrl = htmlspecialchars('?' . http_build_query($params), ENT_QUOTES, 'UTF-8');
+          echo '<a href="' . $pUrl . '" class="lt-btn lt-btn-sm" aria-label="Previous page">&#xAB;</a> ';
+      }
+      if ($start > 1) {
+          $params['page'] = 1;
+          echo '<a href="' . htmlspecialchars('?' . http_build_query($params), ENT_QUOTES, 'UTF-8') . '" class="lt-btn lt-btn-sm">1</a> ';
+          if ($start > 2) echo '<span class="lt-text-muted lt-text-xs">&hellip;</span>';
+      }
+      for ($i = $start; $i <= $end; $i++) {
          $params['page'] = $i;
          $url   = htmlspecialchars('?' . http_build_query($params), ENT_QUOTES, 'UTF-8');
          $class = ($i == $page) ? ' lt-btn-primary' : '';
-          echo "<a href='$url' class='lt-btn lt-btn-sm$class'>$i</a> ";
+          $curr  = ($i == $page) ? ' aria-current="page"' : '';
+          echo '<a href="' . $url . '" class="lt-btn lt-btn-sm' . $class . '"' . $curr . '>' . $i . '</a> ';
+      }
+      if ($end < $totalPages) {
+          if ($end < $totalPages - 1) echo '<span class="lt-text-muted lt-text-xs">&hellip;</span>';
+          $params['page'] = $totalPages;
+          echo '<a href="' . htmlspecialchars('?' . http_build_query($params), ENT_QUOTES, 'UTF-8') . '" class="lt-btn lt-btn-sm">' . $totalPages . '</a> ';
+      }
+      if ($page < $totalPages) {
+          $params['page'] = $page + 1;
+          $nUrl = htmlspecialchars('?' . http_build_query($params), ENT_QUOTES, 'UTF-8');
+          echo '<a href="' . $nUrl . '" class="lt-btn lt-btn-sm" aria-label="Next page">&#xBB;</a>';
      }
-      if ($totalPages > 10) echo '<span class="lt-text-muted lt-text-xs">&hellip;</span>';
      ?>
    </div>
    <?php endif ?>