PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

security: fix all LOW priority items from TODO.SECURITY.md

Browse Source 
Item 13 — Remove deprecated X-XSS-Protection header
- nginx/posterg.conf: header removed (was '1; mode=block')
- nginx/SECURITY_HEADERS.md: new file documenting header decisions
  and explaining why X-XSS-Protection is counterproductive

Item 14 — Add rel="noreferrer" to external target="_blank" link
- public/admin/thanks.php: rel="noopener" → rel="noopener noreferrer"

Item 15 — Explicit (int) casts on all integer HTML outputs
- public/index.php: (int) on item id, page numbers
- public/search.php: (int) on totalItems, year options, item id, pagination

Item 16 — Remove unused DATABASE_PATH constant
- config/bootstrap.php: define('DATABASE_PATH', ...) removed

docs/TODO.SECURITY.md updated: items 13-16 marked resolved and
moved to the  Resolved section.
This commit is contained in:
Théophile Gervreau-Mercier
2026-02-08 11:58:51 +01:00
parent 94d110438f
commit f5d3281c43
8 changed files with 490 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/bootstrap.php
View File

@@ -6,9 +6,6 @@
// Define application root
define('APP_ROOT', dirname(__DIR__));
// Database path
define('DATABASE_PATH', APP_ROOT . '/database/test.db');
// Error reporting
if (php_sapi_name() === 'cli-server') {
// Development mode