- Add tools/php_syntax_check.sh (supports full scan + single-file mode)
- CI workflow now calls the shared script
- All 6 agents updated to reference the script
- CONTRIBUTING.md: add Pre-Commit Checks section
- Exclude src/bin/* (third-party stubs) from lint
Steps 11.1–11.6: migrated all standalone API entry points to controller classes
dispatched via the Front Controller, then deleted the legacy PHP files.
Controllers created:
- PlayerApiController (player_api.php, 12 actions + numeric aliases)
- Enigma2ApiController (enigma2.php + xplugin.php)
- PlaylistApiController (playlist.php)
- EpgApiController (epg.php)
- InternalApiController (api.php, ~40 server-to-server actions)
Nginx changes (MAIN + LB configs):
- Add location block for streaming API endpoints → FC with XC_SCOPE=api
- Add location block for internal API (/api.php) → FC with XC_API=internal
- Change 6 rewrite rules from break→last for deleted file URLs
- Remove allow/deny from /api.php location — auth handled by PHP
(password + IP whitelist + brute-force guard)
Front Controller (public/index.php):
- Add section 3a: REST API dispatch (XC_SCOPE=includes/api/*)
- Add section 3b: Streaming API dispatch (XC_SCOPE=api, XC_API=*)
- Move autoloader require to top (section 1b) for all code paths
- Controller map: endpoint name → controller class → init → dispatch
Bootstrap changes:
- www/init.php, www/stream/init.php: replace FC_API_NAME constant with
direct $rFilename variable (set by FC before require, checked via isset)
Bug fixes:
- PlayerApiController: fix 3 PHP 8 warnings ($rBouquets undefined,
missing 'rating'/'subtitle' array keys in get_vod_info)
- Fix server-to-server API calls blocked by nginx deny all (api_url_ip
uses external server IP, not 127.0.0.1)
Deleted files (8):
- www/player_api.php, www/enigma2.php, www/xplugin.php
- www/epg.php, www/playlist.php, www/api.php
- includes/api/admin/index.php, includes/api/reseller/index.php
New files:
- tools/test_player_api.sh — comprehensive Player API test suite (13 sections)
- Updated multiple files to use global variables for `$db` and `$rSettings` instead of calling `SettingsManager::getAll()` repeatedly.
- Removed unnecessary variable assignments and improved code readability.
- Deleted unused scripts for cleaning and scanning PHP file headers.
- Removed a file containing PHP syntax errors.
- Adjusted various repository and service classes to streamline database interactions.
