Fix various small issues #46

Merged

BlakeRain merged 2 commits from security/audit-fixes into main 2026-05-25 19:03:03 +00:00

Conversation 0 Commits 2 Files changed 21 +326 -25

BlakeRain commented 2026-05-25 16:17:03 +00:00

Owner

Copy link

• Pin poem-route-macro to v0.1.1 from blakerain registry
• Sanitize preview command stderr, log server-side only, store generic message in DB
• Add startup cleanup of stale temp files in cache/temp/ (24h threshold)
• Add audit logging for admin masquerade/unmasquerade
• Cookie key warn on restart, team tag CSRF 401 to 403, transfer CSRF order, admin EditTeamForm validate_slug
• Add slug character validation in team settings handler
• Add Cypress test for team settings slug validation
• Add validation to UserSettingsForm, upload custom_slug, tag names; add preview command timeout
• Add Cypress tests for user settings validation, upload slug validation, and tag name validation
• Convert signout to two-step confirmation page

- Pin poem-route-macro to v0.1.1 from blakerain registry - Sanitize preview command stderr, log server-side only, store generic message in DB - Add startup cleanup of stale temp files in `cache/temp/` (24h threshold) - Add audit logging for admin masquerade/unmasquerade - Cookie key warn on restart, team tag CSRF 401 to 403, transfer CSRF order, admin `EditTeamForm` `validate_slug` - Add slug character validation in team settings handler - Add Cypress test for team settings slug validation - Add validation to `UserSettingsForm`, upload `custom_slug`, tag names; add preview command timeout - Add Cypress tests for user settings validation, upload slug validation, and tag name validation - Convert signout to two-step confirmation page

BlakeRain added the

Kind

Security

Priority

High

labels 2026-05-25 16:17:03 +00:00

BlakeRain self-assigned this 2026-05-25 16:17:03 +00:00

BlakeRain added 1 commit 2026-05-25 16:17:03 +00:00

security: fix various small issues ... 8c179778d4

- pin poem-route-macro to v0.1.1 from blakerain registry
- sanitize preview command stderr, log server-side only, store generic message in DB
- add startup cleanup of stale temp files in `cache/temp/` (24h threshold)
- add audit logging for admin masquerade/unmasquerade
- cookie key warn on restart, team tag CSRF 401 to 403, transfer CSRF order, admin `EditTeamForm` `validate_slug`
- add slug character validation in team settings handler
- add Cypress test for team settings slug validation
- add validation to `UserSettingsForm`, upload `custom_slug`, tag names; add preview command timeout
- add Cypress tests for user settings validation, upload slug validation, and tag name validation
- convert signout to two-step confirmation page

BlakeRain added 1 commit 2026-05-25 16:40:51 +00:00

fix(clippy): lint issues b40544c36d

BlakeRain merged commit dedb416280 into main 2026-05-25 19:03:03 +00:00

BlakeRain referenced this pull request from a commit 2026-05-25 19:03:04 +00:00

Merge pull request 'Fix various small issues' (#46) from security/audit-fixes into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Area/API

Relates to the API

  

Area/CLI

Relates to the CLI

  

Area/Data Model

Relates to the data model

  

Area/Dependencies

Pull requests or issues that relate to dependencies

  

Area/Deployment

Relates to deployment of Parcel

  

Area/Documentation

Improvements or additions to documentation

  

Area/Downloading

Relates to downloading files

  

Area/Mobile

Relates to use of Parcel on mobile

  

Area/Teams

Relates to teams and team management

  

Area/UI

Relates to the UI

  

Area/Uploading

Relates to uploading files

  

Area/Webhooks

Relates to the webhooks

  

Kind

Bug

Something isn't working

  

Kind

Discussion

Currently just a discussion around some part of the project.

  

Kind

Feature

New feature or request

  

Kind

Security

This is security issue

  

Kind

Task

A general task that should be performed

  

Kind

Testing

Issue or pull request related to testing

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority/Low

The priority is low

  

Priority/Medium

The priority is medium

  

Reviewed

Confirmed

Issue has been confirmed

  

Reviewed

Duplicate

This issue or pull request already exists

  

Reviewed

Invalid

Invalid issue

  

Reviewed

Won't Fix

This issue won't be fixed

  

Status

Abandoned

Somebody has started to work on this but abandoned work

  

Status

Blocked

Something is blocking this issue or pull request

  

Status

Need More Info

Feedback is required to reproduce issue or to continue work

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

Area/API

Area/CLI

Area/Data Model

Area/Dependencies

Area/Deployment

Area/Documentation

Area/Downloading

Area/Mobile

Area/Teams

Area/UI

Area/Uploading

Area/Webhooks

Kind

Bug

Kind

Discussion

Kind

Feature

Kind

Security

Kind

Task

Kind

Testing

Priority

Critical

Priority

High

Priority/Low

Priority/Medium

Reviewed

Confirmed

Reviewed

Duplicate

Reviewed

Invalid

Reviewed

Won't Fix

Status

Abandoned

Status

Blocked

Status

Need More Info

good first issue

help wanted

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

BlakeRain

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

BlakeRain/parcel!46

No description provided.