Leahnaya/sendou.ink
1
0
Fork 0
mirror of https://github.com/Sendouc/sendou.ink.git synced 2026-05-09 04:02:40 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
f216423089
sendou.ink/app/features
History
Kalle f216423089 Validate builds page limit search param 
A crawler hitting /builds/:slug?limit=48%27 (URL-encoded single quote,
likely an SQL injection probe) was triggering SQLITE_MISMATCH errors
server-side. The loader was calling Number() on the raw string, which
returned NaN, and then forwarding NaN as the LIMIT bind parameter on
the underlying Kysely query. No injection was possible (params are
bound), but the bad value only failed at the DB boundary.

Parse the param through a zod schema that coerces to a positive int,
falls back to the default batch size on any invalid input, and clamps
to the page max.
2026-04-24 21:34:44 +03:00
..
admin Bye bye .png 2026-03-29 16:48:47 +03:00
api Update Biome to 2.4.8 2026-03-21 15:19:32 +02:00
api-private A/B (bipartite) round robin variation (#2985) 2026-04-18 14:21:28 +03:00
api-public Remove redundant isOwner column (#2944) 2026-04-06 15:21:15 +03:00
art Validate image extensions serverside 2026-04-15 21:09:20 +03:00
articles Use Node.js globSync method to check for valid article 2026-04-15 20:55:37 +03:00
associations Scrims random fixes 2026-04-09 20:03:50 +03:00
auth More actionable auth error messages for user 2026-04-12 17:07:14 +03:00
badges badge: add badge for OCE Open Series (#2993) 2026-04-24 18:02:40 +03:00
ban Update Biome to 2.4.8 2026-03-21 15:19:32 +02:00
bracket-test Add test bracket route 2026-03-29 14:49:04 +03:00
build-analyzer Fix Tri-Stringer/Wellstring range in comp analyzer 2026-04-06 13:56:14 +03:00
build-stats Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00
builds Validate builds page limit search param 2026-04-24 21:34:44 +03:00
calendar A/B (bipartite) round robin variation (#2985) 2026-04-18 14:21:28 +03:00
chat Don't show own messages as unread in chat 2026-04-19 14:36:56 +03:00
comp-analyzer Drag to reorder weapons in comp analyzer 2026-04-21 08:59:58 +03:00
components-showcase Migrate to nested CSS 2026-03-28 16:30:28 +02:00
core/streams Hide tournaments from Streams section if it has no streams (#2968) 2026-04-12 07:22:55 +03:00
friends Fix sidebar showing stale groups 2026-04-09 20:26:23 +03:00
front-page Fix hydration error with rotations component 2026-04-21 08:59:58 +03:00
img-upload Validate image extensions serverside 2026-04-15 21:09:20 +03:00
info/routes Add to contributions 2026-04-24 20:24:30 +03:00
layout Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
leaderboards Admin only setting to have enough SQ sets to sign up for the tournament 2026-04-11 14:56:32 +03:00
lfg Migrate to nested CSS 2026-03-28 16:30:28 +02:00
links Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
live-streams Save tournament streamers for future usage 2026-03-28 13:23:12 +02:00
map-list-generator Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
map-planner Map planner ranges (#2986) 2026-04-18 17:31:08 +03:00
mmr Update Typescript 2026-04-24 20:12:43 +03:00
notifications Attempt to fix notifications not arriving right away by setting urgency 2026-04-21 08:59:58 +03:00
object-damage-calculator Migrate to nested CSS 2026-03-28 16:30:28 +02:00
plus-suggestions Migrate to nested CSS 2026-03-28 16:30:28 +02:00
plus-voting Migrate to nested CSS 2026-03-28 16:30:28 +02:00
scrims Scrims random fixes 2026-04-09 20:03:50 +03:00
search Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
sendouq Builds cleanup/fixes (#2957) 2026-04-08 22:10:48 +03:00
sendouq-match Update Typescript 2026-04-24 20:12:43 +03:00
sendouq-settings Team map list (#2935) 2026-04-03 17:51:26 +03:00
sendouq-streams Bye bye .png 2026-03-29 16:48:47 +03:00
session-id Add session ID to server logs for user reporting (#2720) 2026-01-13 21:02:16 +02:00
settings Disable custom theme submit buttons when request sent 2026-04-02 17:34:15 +03:00
sidebar/core Allow 1v1/2v2/3v3 tournaments to show on the sidebar for streams 2026-04-11 16:34:55 +03:00
splatoon-rotations Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
team Show tournament tier pills on team results page 2026-04-11 07:28:12 +03:00
theme Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
tier-list-maker Allow tier list labels to wrap again 2026-04-24 21:28:04 +03:00
top-search Migrate to nested CSS 2026-03-28 16:30:28 +02:00
tournament Round robin only tournament support (#2996) 2026-04-24 18:03:53 +03:00
tournament-bracket Round robin only tournament support (#2996) 2026-04-24 18:03:53 +03:00
tournament-lfg No LFG tab/prompt if tournament is invitational 2026-04-20 21:29:08 +03:00
tournament-organization Migrate to nested CSS 2026-03-28 16:30:28 +02:00
tournament-subs Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
user-page User results page search 2026-04-18 18:14:07 +03:00
user-search/routes Design refresh + a bunch of stuff (#2864) 2026-03-19 17:51:42 +02:00
vods Migrate to nested CSS 2026-03-28 16:30:28 +02:00