PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix: anchor vendor/ gitignore to root so app/public/assets/js/vendor/ is tracked (htmx, OverType, FilePond)

Browse Source
This commit is contained in:
Pontoporeia
2026-06-08 10:12:06 +02:00
parent f398a0f1ff
commit 2bb520bb8c
9 changed files with 1054 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
TODO.md
View File

@@ -3,3 +3,4 @@
- [x] Fix `account.php`: replace `!==` CSRF token check with `hash_equals` (constant-time comparison)
- [x] Fix `ShareLink::setPassword()`: also encrypt and store plain-text password, matching `create()` behavior
- [x] Audit: confirm all remaining credential comparison sites use constant-time `hash_equals` or `password_verify`
- [x] Fix `.gitignore`: anchor `vendor/` to root (`/vendor/`) so `app/public/assets/js/vendor/` (htmx, OverType, FilePond) is tracked