mirror of
https://github.com/screentinker/screentinker.git
synced 2026-05-15 07:32:23 -06:00
470197d203
Security fixes: - Critical: Add ownership checks to assignments PUT/:id and DELETE/:id (IDOR) - Critical: Add ownership checks to assignments copy-to endpoint for both devices - High: Validate device ownership when adding to device groups - High: UUID-validate content ID before LIKE query + scope to owner's playlists - Low: Handle FK violations gracefully in playlist discard (deleted content/widgets) - Low: Escape mime_type with esc() in playlist item display (XSS) Bug fix: - Device-detail mutation handlers now reload full page to show draft banner Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| activity.js | ||
| assignments.js | ||
| auth.js | ||
| content.js | ||
| device-groups.js | ||
| devices.js | ||
| kiosk.js | ||
| layouts.js | ||
| playlists.js | ||
| provisioning.js | ||
| reports.js | ||
| schedules.js | ||
| status.js | ||
| stripe.js | ||
| subscription.js | ||
| teams.js | ||
| video-walls.js | ||
| white-label.js | ||
| widgets.js | ||