olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/internal
History
Ole-Morten Duesund 395b1b7523 fix: address security and quality issues from code review 
Security fixes:
- Fix XSS in Atom feed: escape user-supplied URLs in HTML content
- Wrap signup request approval in a transaction to prevent
  partial state on crash (user created but request still pending)
- Stop leaking internal error messages to admin UI
- Add request body size limit on API import endpoint
- Log SetMustResetPassword errors instead of silently discarding

Correctness fixes:
- Handle errors from API fave update/delete instead of returning
  success on failure
- Use actual data timestamp for feed <updated> instead of
  time.Now() (improves HTTP caching)
- Replace hardcoded 10000 export limit with named constant
  (maxExportFaves = 100000)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:19:44 +02:00
..
config feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
database feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
handler fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00
image feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
middleware feat: add profiles, public views, settings, and code quality fixes 2026-03-29 16:01:41 +02:00
model feat: add admin panel with user, tag, and signup management 2026-03-29 16:09:30 +02:00
render feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
store fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00