arcanis/ffxivbis
1
0
Fork 0
mirror of https://github.com/arcan1s/ffxivbis.git synced 2025-07-17 07:39:59 +00:00
Code Issues Projects Releases Wiki Activity

use strict validator on input strings via api (#15)

Browse Source 
It has been reported that that views are vulnerable for XSS because of
missing escaping (or validation). Instead of playing with conversion
from/to escaped/unescaped strings lets just forbid characters via api

This commit includes migration for postgres, sqlite migration is still
missing which will make it impossible to load pages for those parties.

This commit also includes several fixes:
* The issue when empty party could not be loaded
* The issue when link biis is not appllied after editing
* The issue when incorrect bis link has been saved
* The issue when empty password could be applied via api
* The issue when error message is not displayed at the index page

This commit also updates dependencies
This commit is contained in:
Evgenii Alekseev
2022-06-23 03:51:39 +03:00
parent 118d8faf6b
commit 0e8b95d0dd
30 changed files with 248 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
libraries.sbt
View File

@ -1,26 +1,26 @@
val AkkaVersion = "2.6.18"
val AkkaHttpVersion = "10.2.7"
val ScalaTestVersion = "3.2.10"
val AkkaVersion = "2.6.19"
val AkkaHttpVersion = "10.2.9"
val ScalaTestVersion = "3.2.12"
val SlickVersion = "3.3.3"
libraryDependencies += "ch.qos.logback" % "logback-classic" % "1.2.10"
libraryDependencies += "com.typesafe.scala-logging" %% "scala-logging" % "3.9.4"
libraryDependencies += "ch.qos.logback" % "logback-classic" % "1.2.11"
libraryDependencies += "com.typesafe.scala-logging" %% "scala-logging" % "3.9.5"
libraryDependencies += "com.typesafe.akka" %% "akka-http" % AkkaHttpVersion
libraryDependencies += "com.typesafe.akka" %% "akka-http-spray-json" % AkkaHttpVersion
libraryDependencies += "com.typesafe.akka" %% "akka-actor-typed" % AkkaVersion
libraryDependencies += "com.typesafe.akka" %% "akka-stream" % AkkaVersion
libraryDependencies += "com.github.swagger-akka-http" %% "swagger-akka-http" % "2.6.0"
libraryDependencies += "com.github.swagger-akka-http" %% "swagger-akka-http" % "2.7.0"
libraryDependencies += "jakarta.platform" % "jakarta.jakartaee-web-api" % "9.1.0"
libraryDependencies += "ch.megard" %% "akka-http-cors" % "1.1.2"
libraryDependencies += "ch.megard" %% "akka-http-cors" % "1.1.3"
libraryDependencies += "io.spray" %% "spray-json" % "1.3.6"
libraryDependencies += "org.playframework.anorm" %% "anorm" % "2.6.10"
libraryDependencies += "com.zaxxer" % "HikariCP" % "5.0.1" exclude("org.slf4j", "slf4j-api")
libraryDependencies += "org.flywaydb" % "flyway-core" % "8.4.1"
libraryDependencies += "org.flywaydb" % "flyway-core" % "8.5.12"
libraryDependencies += "org.xerial" % "sqlite-jdbc" % "3.36.0.3"
libraryDependencies += "org.postgresql" % "postgresql" % "42.3.1"
libraryDependencies += "org.postgresql" % "postgresql" % "42.3.6"
libraryDependencies += "org.mindrot" % "jbcrypt" % "0.4"
libraryDependencies += "com.google.guava" % "guava" % "31.0.1-jre"