fix: hide scroll-indicator on mobile to prevent overlap with hero terminal #85
Reference in New Issue
Block a user
Delete Branch "fix/policy-container-width"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Security fixes applied
Phase 1: Auth bypass (CRITICAL)
ApiController::register()now requires authentication (admin+)admintooperatorrolevalidation rulePhase 2: Mass assignment (HIGH)
$fillablewhitelist withfilterData()method inServermodelinsert()/update()from APIPhase 3: XSS (CRITICAL)
escapeHtml()on server names in sidebar JS (main.php)JSON_HEX_TAGflag on 3json_encode()calls embedded in<script>tagsviews/servers/show.php,views/dashboard/index.php,views/servers/services.phpPhase 4: IDOR (HIGH)
canView()checks toTerminalController::history()andclearHistory()Phase 5: Command injection (CRITICAL)
escapeshellarg()on$domainsand$emailin certbot SSL actionServerController::servicesAction()(was missing vsrestartService())shutdown,reboot,halt,poweroffto blocklistPhase 6: Session/config hardening (HIGH)
SESSION_SECURE=true(wasfalseon HTTPS deploy)SESSION_SAME_SITE=Strict(wasLax).envpermissions changed to640(nginx:nginx)Phase 7: Rate limiting (MEDIUM)
rate_limitsdatabase table (migration015)RateLimitMiddlewarerewritten to use DB instead of session storagePOST /api/auth/loginandPOST /api/auth/register