fix: security hardening, UI fixes, and validation improvements

- Fix header nav overflow by switching to lg: breakpoint with tighter gaps - Fix file upload path traversal by whitelisting allowed folders and extensions - Fix BookingModal using hardcoded content instead of DB-backed data - Add input length validation on public master-class registration API - Add ID validation on team member and reorder API routes - Fix BookingModal useCallback missing groupInfo/contact dependencies - Improve admin news date field to use native date picker - Add missing Мастер-классы and Новости cards to admin dashboard Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 17:37:29 +03:00
parent 26cb9a9772
commit 3ac6a4d840
8 changed files with 73 additions and 31 deletions
--- a/src/app/admin/news/page.tsx
+++ b/src/app/admin/news/page.tsx
@@ -122,12 +122,15 @@ export default function NewsEditorPage() {
                    value={item.title}
                    onChange={(v) => updateItem({ ...item, title: v })}
                  />
-                  <InputField
-                    label="Дата"
-                    value={item.date}
-                    onChange={(v) => updateItem({ ...item, date: v })}
-                    placeholder="2026-03-15"
-                  />
+                  <div>
+                    <label className="block text-sm text-neutral-400 mb-1.5">Дата</label>
+                    <input
+                      type="date"
+                      value={item.date}
+                      onChange={(e) => updateItem({ ...item, date: e.target.value })}
+                      className="w-full rounded-lg border border-white/10 bg-neutral-800 px-4 py-2.5 text-white outline-none focus:border-gold transition-colors [color-scheme:dark]"
+                    />
+                  </div>
                </div>
                <TextareaField
                  label="Текст"