a9cdf846fe
CRITICAL fix: Users upgrading from pre-migration-tracking databases (now get 'invalid username/password' because schema_migrations table doesn't exist. Added handleLegacyDatabase() and reconcileLegacyMigrations() to detect and reconcile legacy DBs. Security fixes: - Path traversal: replaced sanitizePath() with ALLOWED_FILES allowlist - Public /about bypass: added admin route guard in App.jsx - Sensitive info exposure: expanded redactSensitiveContent() patterns - Error message path leaks: generic error messages only - Race condition: wrapped in db.transaction() in server.js - Password validation: INIT_REGULAR_PASS min 8 chars with process.exit(1) All verified by Bishop (build + runtime) and Private_Hudson (security). |
||
|---|---|---|
| .. | ||
| components | ||
| contexts | ||
| hooks | ||
| lib | ||
| pages | ||
| public/img | ||
| App.jsx | ||
| api.js | ||
| index.css | ||
| main.jsx | ||