sendou.ink

mirror of https://github.com/Sendouc/sendou.ink.git synced 2026-05-09 04:02:40 -05:00

History

Kalle f216423089 Validate builds page limit search param A crawler hitting /builds/:slug?limit=48%27 (URL-encoded single quote, likely an SQL injection probe) was triggering SQLITE_MISMATCH errors server-side. The loader was calling Number() on the raw string, which returned NaN, and then forwarding NaN as the LIMIT bind parameter on the underlying Kysely query. No injection was possible (params are bound), but the bad value only failed at the DB boundary. Parse the param through a zod schema that coerces to a positive int, falls back to the default batch size on any invalid input, and clamps to the page max.		2026-04-24 21:34:44 +03:00
..
components	Fix react-aria-components warnings	2026-04-21 08:59:58 +03:00
db	A/B (bipartite) round robin variation (#2985 )	2026-04-18 14:21:28 +03:00
features	Validate builds page limit search param	2026-04-24 21:34:44 +03:00
form	Migrate to nested CSS	2026-03-28 16:30:28 +02:00
hooks	Tournament auto vods & censor mode (#2933 )	2026-04-02 17:29:58 +03:00
modules	Slight brackets-manager cleanup	2026-04-18 14:38:06 +03:00
routines	Fix sidebar showing stale groups	2026-04-09 20:26:23 +03:00
styles	Fix file input text color	2026-04-15 21:13:05 +03:00
utils	Show error toast if uploaded img too big	2026-04-11 15:21:37 +03:00
browser-test-setup.ts	Disable i18next console log	2026-03-22 13:31:26 +02:00
entry.client.tsx	Design refresh + a bunch of stuff (#2864 )	2026-03-19 17:51:42 +02:00
entry.server.tsx	Increase sync rotations frequency	2026-03-20 16:58:22 +02:00
root.tsx	Remove custom theme when supporter subscription ends	2026-04-02 17:34:14 +03:00
routes.ts	Add test bracket route	2026-03-29 14:49:04 +03:00
test-setup.ts	Upgrade to React Router 7 (#2681 )	2025-12-29 19:21:11 +02:00