tinker_tickets

LotusGuild/tinker_tickets

Fork 0

Files

T

History

jared 3a4a13db7b

Lint / PHP (phpcs PSR-12) (push) Successful in 28s

Details

Lint / JS (eslint) (push) Successful in 14s

Details

Security / PHP Security (semgrep) (push) Failing after 1m27s

Details

Lint / Deploy (push) Successful in 3s

Details

Lint / Notify on failure (push) Has been skipped

Details

Fix semgrep security findings to pass CI security scan

- index.php: replace SQL string interpolation with concatenation + explicit
  (int) casts for LIMIT/OFFSET; add nosemgrep for tainted-sql false positive
  (WHERE clause built from hardcoded fragments with bound params only)
- api/upload_attachment.php: add realpath() path-traversal guard after mkdir
- api/user_avatar.php: make (int) cast explicit at cache-path construction;
  add nosemgrep for tainted-filename false positive (integer-only input)
- assets/js/ticket.js: add nosemgrep for insertAdjacentHTML — all dynamic
  content already escaped via lt.escHtml() before insertion
- .gitea/workflows/security.yml: exclude echoed-request rule globally —
  all echo in API context is json_encode() output, not HTML; htmlentities()
  fix semgrep suggests would corrupt JSON responses

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-16 08:42:47 -04:00

advanced-search.js

Fix double-firing event handlers, non-bubbling keyboard status event, and saved filter status type

2026-04-05 10:40:16 -04:00

ascii-banner.js

Accessibility pass: ARIA roles, label associations, CSS class migrations

2026-03-20 20:29:58 -04:00

base.js

Fix sidebar toggle, ? shortcut, footer hint styling

2026-04-06 23:52:06 -04:00

dashboard.js

Fix kanban drag-and-drop to send ticket_id as string