issues Search Results · language:Dune language:JavaScript language:JavaScript language:JavaScript language:PHP
Filter by
24.5M results
Summary
In st-extension/src/index.js, both the WS and HTTP polling paths do:
STATE.pendingActions.set(character, []); // ← before lock acquired
STATE.pendingSideActions.set(character, []);
await ...
bug
joshmrtn
Summary
writeState() in st-plugin/link-state.js:33-38 uses fs.promises.writeFile, which truncates the file before writing new
content. If the process crashes between truncation and write completion, character-links.json ...
bug
reliability
Summary
In st-extension/src/index.js (~line 900-902), when the first generateQuietPrompt({ quietPrompt, forceChId: chid, ... })
call throws, the catch block retries without forceChId:
result = await ...
bug
Summary
In st-plugin/index.js:542-606, the entire trust label block — reading link state, building the label, injecting
[OWNER]/[GUEST] — is inside a try/catch. If anything in that block throws (disk ...
bug
security
Code analysis: potential PHP 8+ and lifecycle regressions
A static analysis audit of the plugin codebase to identify potential type-safety regressions (similar to the $CFG_GLPI /
setup.php issue) and ...
enhancement
DonutsNL
Summary
_charDirFor(baseDir, characterName) in st-plugin/chat-history.js calls path.join(baseDir, characterName) directly. A
characterName containing ../ sequences (e.g. ../../etc) escapes the chats directory. ...
bug
security
Summary
In oc-plugin/src/index.ts:513-514, the file_write action writes directly to action.path with no validation:
case file_write : {
await writeFile(String(action.path), String(action.content ...
bug
security
Found while landing #15 / #20.
compose.yaml has:
- SECRET_KEY: afdawango — hardcoded default. A downstream consumer who doesn t override before deploying ships a
published Django SECRET_KEY.
...
dheerajchand
Summary
The requireBearerToken middleware in st-plugin/index.js:87-94 checks for the presence of any x-csrf-token header before
validating the Bearer token. If the header is present with any value (including ...
bug
security
就想知道这些空壳号是怎么回事。没头像没仓库没 follower。 违规事实清晰,举报递 GitHub,违规人气清零,项目随后封禁。
denitzade
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.