Cancel in-flight diagnostic poll when user selects a new port

Previously switching ports while a diagnostic was running left the setInterval timer active, causing the result to be written into the old (now detached) DOM elements and never shown to the user. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix empty-object false negative in links page no-data check
2026-05-11 23:26:53 -04:00 · 2026-05-11 23:21:50 -04:00 · 2026-05-11 23:17:11 -04:00 · 2026-05-11 23:02:09 -04:00 · 2026-05-11 15:11:05 -04:00
5 changed files with 5 additions and 4 deletions
@@ -78,7 +78,7 @@ class DiagnosticsRunner:
            f'ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 '
            f'-o BatchMode=yes -o LogLevel=ERROR '
            f'-o ServerAliveInterval=10 -o ServerAliveCountMax=2 '
-            f'root@{ip_q} \'{remote_cmd}\''
+            f'root@{ip_q} {shlex.quote(remote_cmd)}'
        )

    # ------------------------------------------------------------------
@@ -220,7 +220,7 @@ function updateEventsTable(events, totalActive) {
      ? GANDALF_CONFIG.ticket_web_url : 'http://t.lotusguild.org/ticket/';
    const ticket = e.ticket_id
      ? `<a href="${lt.escHtml(ticketBase)}${lt.escHtml(String(e.ticket_id))}" target="_blank"
-            class="ticket-link">#${e.ticket_id}</a>`
+            class="ticket-link">#${lt.escHtml(String(e.ticket_id))}</a>`
      : '–';
    const supBadge = e.is_suppressed
      ? `<span class="lt-badge badge-suppressed" title="Alert suppressed">🔕 sup</span>`
@@ -218,6 +218,7 @@ let _apiData        = null;
 function selectPort(el) {
  const swName = el.dataset.switch;
  const idx    = parseInt(el.dataset.portIdx, 10);
+  if (_diagPollTimer) { clearInterval(_diagPollTimer); _diagPollTimer = null; }
  document.querySelectorAll('.switch-port-block.selected')
    .forEach(e => e.classList.remove('selected'));
  el.classList.add('selected');
@@ -548,7 +548,7 @@ function checkLinksStale(updatedStr) {
 async function loadLinks() {
  try {
    const data = await lt.api.get('/api/links');
-    if (!data.hosts && !data.unifi_switches) {
+    if ((!data.hosts || !Object.keys(data.hosts).length) && (!data.unifi_switches || !Object.keys(data.unifi_switches).length)) {
      document.getElementById('links-container').innerHTML =
        '<div class="link-no-data">No link data yet — monitor has not completed a full cycle.</div>';
      return;
@@ -51,7 +51,7 @@
            <label class="lt-label" for="s-reason">Reason <span class="required">*</span></label>
            <input type="text" class="lt-input" id="s-reason" name="reason"
                   placeholder="e.g. Planned switch maintenance, replacing SFP on large1/enp43s0"
-                   required>
+                   required aria-required="true">
          </div>
        </div>
Author	SHA1	Message	Date
jared	2d6dcd782f	Cancel in-flight diagnostic poll when user selects a new port Lint / Python (flake8) (push) Successful in 45s Details Lint / JS (eslint) (push) Successful in 10s Details Security / Python Security (bandit) (push) Successful in 52s Details Test / Python Tests (pytest) (push) Successful in 1m2s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 2s Details Previously switching ports while a diagnostic was running left the setInterval timer active, causing the result to be written into the old (now detached) DOM elements and never shown to the user. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 23:26:53 -04:00
jared	a1a3a52dd8	Fix empty-object false negative in links page no-data check Lint / Python (flake8) (push) Successful in 51s Details Lint / JS (eslint) (push) Successful in 10s Details Security / Python Security (bandit) (push) Successful in 46s Details Test / Python Tests (pytest) (push) Successful in 1m3s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 3s Details The check `!data.hosts && !data.unifi_switches` never caught empty objects `{}`, which are truthy. Replace with Object.keys length checks so the friendly "no data yet" banner renders when both collections are empty. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 23:21:50 -04:00
jared	bcc2ad7f5c	Use shlex.quote for remote_cmd in build_ssh_command Lint / Python (flake8) (push) Successful in 1m3s Details Lint / JS (eslint) (push) Successful in 10s Details Security / Python Security (bandit) (push) Successful in 49s Details Test / Python Tests (pytest) (push) Successful in 1m10s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 4s Details Matches the pattern already used in monitor.py's _ssh_batch(); prevents quoting breakage if shlex.quote(iface) emits single-quoted tokens inside the remote command string. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 23:17:11 -04:00
jared	d4f159ee7c	fix: escape ticket_id text content in dynamic events table Lint / Python (flake8) (push) Successful in 44s Details Lint / JS (eslint) (push) Successful in 8s Details Security / Python Security (bandit) (push) Successful in 42s Details Test / Python Tests (pytest) (push) Successful in 1m7s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 3s Details ticket_id was already escaped in the href attribute but the visible text (#<id>) used the raw value in an innerHTML template literal. Apply lt.escHtml() for defense-in-depth against a compromised ticket API. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 23:02:09 -04:00
jared	61019418d3	fix: add aria-required to s-reason field in suppressions form Lint / Python (flake8) (push) Successful in 40s Details Lint / JS (eslint) (push) Successful in 7s Details Security / Python Security (bandit) (push) Successful in 57s Details Test / Python Tests (pytest) (push) Successful in 1m27s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 6s Details The reason input had `required` for browser validation but was missing `aria-required="true"`, so screen readers did not announce it as required. Matches the fix already applied to the equivalent field in base.html. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 15:11:05 -04:00