issues Search Results · language:Dune language:JavaScript language:JavaScript language:Java language:Java language:HTML
Filter by
39.8M results
Finding
ratelimit.js (rateLimit/clientIp) is imported by zero account/ or admin/ routes. team.js POST and messages.js POST send
an email per request (email-bomb / address enumeration). Admin offers.js ...
security
OJamals
Finding
quotes.js:170-177: when action: sweep_due + matching x-quote-crm-secret, it calls adminClient(env) + sweepDueQuotes (DB
writes: emails, quote updates) before requireStaff (:179). Secret check ...
admin
security
Finding
register.js returns raw error.message on 500 at :38, :58, :67 (json(500,{error:jErr.message}) etc.). It is the one
account route omitted from the CUSTOMER_FACING list in tests/api-error-masking.test.mjs:10-20, ...
bug
post-auth
security
Objetivo
Criar um publicador Windows com interface simples para o Valora Pulse, permitindo que o usuário clique em um
programa/atalho e execute todo o fluxo de publicação PRD/IIS: validar ambiente, exportar/importar ...
deploy
iis
prioridade-alta
produção
ux
windows
devmnsoft
Finding
requireStaff grants platform-staff if profiles.is_staff = true (DB fallback, supabase.js/authz.js). The RLS policy
profiles_self_update (schema.sql:170-172) is for update using (id = auth.uid()) ...
critical
security
Finding
net_paid exists in the order_status enum but nothing ever transitions an order to it — no endpoint sets net_paid. So
companyCreditState outstanding (sum of net_open) grows monotonically.
Impact ...
admin
enhancement
missing-feature
Finding
checkout.js:113-139: companyCreditState sums outstanding net_open totals (credit.js:25-37), exceedsCredit checks, then a
separate insert. Two concurrent NET checkouts both read the same outstanding ...
bug
critical
money-flow
Finding
Webhook idempotency is read-then-insert: select id ... eq( stripe_payment_intent , s.payment_intent) then insert if
absent (stripe-webhook.js:146-156). There is no unique constraint on orders.stripe_payment_intent ...
bug
critical
money-flow
Finding
stripe-webhook.js:154 destructures { data: order } from the order insert(...).select( id ).single() with no error check,
then the handler returns HTTP 200. If the DB insert fails (transient hiccup, ...
bug
critical
money-flow
背景
评论区有用户反馈项目地址断行后不容易打开,需要手动补全。对于 Windows 小工具来说,下载入口不清晰会明显影响试用转化,也会让用户下载到不可信来源。
后续如果提供国内下载链接,也需要保持安全可信,避免用户拿到被篡改的安装包。
目标
让用户能稳定找到官方项目和官方 Release,并能校验安装包完整性。
建议改动
- [ ] README 顶部明确放置 GitHub 项目地址和 ...
weidonglang
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.