diana.dolgolyova/blackheart-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 4 bugs from regression testing

Browse Source 
- BUG-1: Strip HTML tags in sanitizeName (prevent stored XSS)
- BUG-2: Strip HTML tags in notes via sanitizeText across all 3 booking APIs
- BUG-3: Dashboard excludes archived/past MCs and expired Open Day events from counts
- BUG-4: Truncate long names in booking cards to prevent overflow
This commit is contained in:
Diana Dolgolyova
2026-03-24 16:43:19 +03:00
parent aa0cfe35c3
commit 2c64951cb3
6 changed files with 33 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/api/admin/mc-registrations/route.ts
+2 -1
View File
@@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { getMcRegistrations, getAllMcRegistrations, addMcRegistration, updateMcRegistration, toggleMcNotification, deleteMcRegistration, setMcRegistrationStatus, updateBookingNotes } from "@/lib/db";
import { sanitizeText } from "@/lib/validation";
export async function GET(request: NextRequest) {
const title = request.nextUrl.searchParams.get("title");
@@ -44,7 +45,7 @@ export async function PUT(request: NextRequest) {
if (body.action === "set-notes") {
const { id, notes } = body;
if (!id) return NextResponse.json({ error: "id is required" }, { status: 400 });
updateBookingNotes("mc_registrations", id, notes ?? "");
updateBookingNotes("mc_registrations", id, sanitizeText(notes, 1000) ?? "");
return NextResponse.json({ ok: true });
}