remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57 Commits 1 Branch 0 Tags
af2c79ac59c071bcbda874ddaba8e69f716e0811
Commit Graph

57 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
root 7f59024bef fix(security): patch critical security vulnerabilities 
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
 2026-05-19 19:37:15 +02:00
root 05fc7b04bc refactor: add return type hints to all controller methods 
Added proper return types (View, RedirectResponse, JsonResponse, Collection)
to 40+ controller methods across 16 controllers. Also added missing
imports for Illuminate response types and tightened parameter types
(e.g. InstallationController::showStep now uses int instead of mixed).
 2026-05-19 19:28:21 +02:00
root 81e99933e4 refactor: improve code quality across controllers and services 
- DRY FurniEditorController: extract duplicate try/catch blocks into handleApiError(),
  formatItemData(), buildUpdateData(), buildInsertData(), castValue() methods
- ProfileController: replace 45 lines of manual date formatting with Carbon's diffForHumans()
- Replace custom Password rule (180 lines) with Laravel's built-in Password::min() rule
- RadioController: extract RadioStreamService and RadioScheduleService, reducing from 608 to 323 lines
- Add RadioSettings enum to replace magic strings throughout radio feature
- Add CurrencyTypes::columnName() helper method
- Add consistent return types (JsonResponse, View, RedirectResponse) to all controller methods
 2026-05-19 19:16:59 +02:00
root 8567ce6951 chore: improve fix.sh and composer permission handling 2026-05-19 18:50:40 +02:00
root e5e8e050a0 chore: auto-fix permissions after composer install/update 2026-05-19 18:47:24 +02:00
root 8b6e028ae6 Add migration check command and cleanup orphaned migrations 2026-05-09 18:14:37 +02:00
root 9d73f82529 Initial commit 2026-05-09 17:32:17 +02:00