4 Commits

Author	SHA1	Message	Date
jared	3a4a13db7b	Fix semgrep security findings to pass CI security scan ... - index.php: replace SQL string interpolation with concatenation + explicit (int) casts for LIMIT/OFFSET; add nosemgrep for tainted-sql false positive (WHERE clause built from hardcoded fragments with bound params only) - api/upload_attachment.php: add realpath() path-traversal guard after mkdir - api/user_avatar.php: make (int) cast explicit at cache-path construction; add nosemgrep for tainted-filename false positive (integer-only input) - assets/js/ticket.js: add nosemgrep for insertAdjacentHTML — all dynamic content already escaped via lt.escHtml() before insertion - .gitea/workflows/security.yml: exclude echoed-request rule globally — all echo in API context is json_encode() output, not HTML; htmlentities() fix semgrep suggests would corrupt JSON responses Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:42:47 -04:00
jared	c90bdc8ac8	style: auto-fix 1340 phpcs PSR-12 violations via phpcbf; exclude MissingNamespace and SideEffects	2026-04-13 20:56:10 -04:00
jared	b40c404828	fix: ldap_get_entries returns raw binary, remove incorrect base64 decode ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 20:53:49 -04:00
jared	18bf1fde0e	feat: LDAP avatar support via lldap ... - Create tinker-tickets service account in lldap (lldap_strict_readonly) - Add /api/user_avatar.php: binds to lldap, fetches avatar attribute, caches JPEG to uploads/avatars/, returns 404 sentinel for missing photos - Install php8.2-ldap on LXC 132 (beta) and LXC coding server - Update layout_header.php: show lt-avatar with photo overlay + initials fallback - Update TicketView.php: comment avatars use photo overlay pattern - Add .lt-avatar-img / .lt-avatar-initials CSS for photo-over-initials layout - Add LDAP_* config keys to config.php and .env.example Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 20:47:08 -04:00