maciejpi/nordabiz
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
e718d96a7d
nordabiz/templates
History
Maciej Pienczyn e718d96a7d
Some checks are pending
NordaBiz Tests / Unit & Integration Tests (push) Waiting to run
Details
NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions
Details
NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions
Details
NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions
Details
fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 
- HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries
- MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection
- MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint
- MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API
- MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via |safe)
- MEDIUM: Remove partial API key from Gemini service logs
- MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS
- MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 05:25:18 +01:00
..
admin fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 2026-02-06 05:25:18 +01:00
announcements fix: Show (Ty) label for current user, not first reader 2026-01-31 20:44:02 +01:00
auth feat: Add waiting animation for email verification polling 2026-02-02 19:32:35 +01:00
benefits feat: Redesign benefits list page with hero section and modern card design 2026-02-03 09:03:01 +01:00
board feat(board): Add PDF download for meetings, remove documents section 2026-02-04 15:12:39 +01:00
calendar feat: Allow members to see Rada Izby events without joining 2026-02-03 12:46:06 +01:00
classifieds refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
company refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
contacts refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
education feat(education): Integracja wideo z Platformą Edukacyjną 2026-01-29 14:53:15 +01:00
errors Sync: Current production state 2026-01-08 12:26:22 +01:00
forum fix(forum): Improve tooltip readability with fixed colors 2026-02-06 04:14:08 +01:00
konto feat: Add membership links in user navigation 2026-02-01 12:41:21 +01:00
membership fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 2026-02-06 05:25:18 +01:00
messages feat: Add B2B classifieds interactions (interest, Q&A, context messages) 2026-01-31 21:15:30 +01:00
reports refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
settings feat(ui): Żółta kategoria "Do uzupełnienia" + email w dropdown blokowania 2026-01-29 00:07:07 +01:00
zopk refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
admin_seo_dashboard.html refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
base.html refactor(rbac): Complete RBAC migration - 154/154 admin routes protected 2026-02-05 21:36:14 +01:00
base.html.bak.20251229_142208 Sync: Current production state 2026-01-08 12:26:22 +01:00
base.html.bak.20260101_161750 Sync: Current production state 2026-01-08 12:26:22 +01:00
chat_members_only.html security: Restrict member-only features to MEMBER role 2026-02-01 21:33:27 +01:00
chat.html fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 2026-02-06 05:25:18 +01:00
company_detail_enhanced.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
company_detail_safe.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
company_detail.html refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
company_detail.html.bak.20251229_142208 Sync: Current production state 2026-01-08 12:26:22 +01:00
connections_map.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
connections_modal.html feat: Person profile page and improved tooltip 2026-01-11 14:16:05 +01:00
dashboard.html refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
events.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
gbp_audit.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
index.html feat: Show application status banner instead of join CTA for pending applications 2026-02-03 13:20:03 +01:00
it_audit_form.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
it_audit.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
landing.html feat: Landing page - nowy gradient i animacje (Sprint 5) 2026-01-30 14:49:26 +01:00
new_members.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
person_detail.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
release_notes.html refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
search_results.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
seo_audit.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00
social_audit.html refactor: Rebranding i aktualizacja modelu AI 2026-01-29 14:08:39 +01:00