Leahnaya/sendou.ink
1
0
Fork 0
mirror of https://github.com/Sendouc/sendou.ink.git synced 2026-05-06 13:19:31 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
2e8ff8d034
sendou.ink/app/features/builds
History
Kalle f216423089 Validate builds page limit search param 
A crawler hitting /builds/:slug?limit=48%27 (URL-encoded single quote,
likely an SQL injection probe) was triggering SQLITE_MISMATCH errors
server-side. The loader was calling Number() on the raw string, which
returned NaN, and then forwarding NaN as the LIMIT bind parameter on
the underlying Kysely query. No injection was possible (params are
bound), but the bad value only failed at the DB boundary.

Parse the param through a zod schema that coerces to a positive int,
falls back to the default batch size on any invalid input, and clamps
to the page max.
2026-04-24 21:34:44 +03:00
..
components Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00
core Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00
loaders Validate builds page limit search param 2026-04-24 21:34:44 +03:00
routes Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00
BuildRepository.server.ts Simplify BuildRepository.allByWeaponId 2026-04-09 20:37:11 +03:00
builds-constants.ts Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00
builds-schemas.server.ts Validate builds page limit search param 2026-04-24 21:34:44 +03:00
builds-types.ts Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00