mikupad/server
Vasilii Ermilov 911db4c6a2
Add whitelist to normalizeStoreName to avoid injection
This PR introduces a whitelist check to mitigate SQL injection risks when handling user input. Previously, user-controlled input was being used directly in dynamic SQL queries, which could allow an attacker to manipulate database queries.
E.g. https://github.com/lmg-anon/mikupad/blob/HEAD/server/server.js#L285
2025-02-27 11:29:47 -05:00
..
package.json Open browser by default on server start 2024-04-23 12:45:50 -03:00
server.js Add whitelist to normalizeStoreName to avoid injection 2025-02-27 11:29:47 -05:00
start.bat Update server.js 2024-04-15 18:53:41 -03:00
start.sh Add start.sh 2024-04-15 19:15:54 -03:00