mirror of
https://github.com/lmg-anon/mikupad.git
synced 2026-07-09 17:19:17 +00:00
This PR introduces a whitelist check to mitigate SQL injection risks when handling user input. Previously, user-controlled input was being used directly in dynamic SQL queries, which could allow an attacker to manipulate database queries. E.g. https://github.com/lmg-anon/mikupad/blob/HEAD/server/server.js#L285 |
||
|---|---|---|
| .. | ||
| package.json | ||
| server.js | ||
| start.bat | ||
| start.sh | ||