davide/ecommerce-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2a6c3a12222426dc82f12e49724ef5693eda05df
ecommerce-platform/app
T
History
davide 2a6c3a1222 fix(security): validate file uploads with magic bytes, remove SVG from favicon whitelist 
- Add validateImageMagicBytes() to storage.ts reading first 12 bytes
  to verify JPEG/PNG/WebP/ICO signatures regardless of declared MIME type
- Remove image/svg+xml from favicon upload whitelist (SVG can embed scripts)
- Apply magic bytes check in product image and favicon upload endpoints
2026-05-19 10:09:53 +02:00
..
prisma
Commit iniziale
2026-05-18 15:25:38 +02:00
public
feat: replace Docker named volumes with local bind mounts and add backup script
2026-05-19 08:49:28 +02:00
scripts
Commit iniziale
2026-05-18 15:25:38 +02:00
src
fix(security): validate file uploads with magic bytes, remove SVG from favicon whitelist
2026-05-19 10:09:53 +02:00
Dockerfile
infra: add persistent uploads volume and configure Caddy to serve static images
2026-05-18 17:54:00 +02:00
entrypoint.sh
infra: add persistent uploads volume and configure Caddy to serve static images
2026-05-18 17:54:00 +02:00
next-env.d.ts
Commit iniziale
2026-05-18 15:25:38 +02:00
next.config.js
Commit iniziale
2026-05-18 15:25:38 +02:00
package-lock.json
Commit iniziale
2026-05-18 15:25:38 +02:00
package.json
Commit iniziale
2026-05-18 15:25:38 +02:00
postcss.config.js
Commit iniziale
2026-05-18 15:25:38 +02:00
tailwind.config.js
Commit iniziale
2026-05-18 15:25:38 +02:00
tsconfig.json
fix: update tsconfig target from deprecated ES5 to ES2017
2026-05-19 09:01:51 +02:00
tsconfig.tsbuildinfo
Commit iniziale
2026-05-18 15:25:38 +02:00