lkddi/Xboard
1
0
Fork 0
mirror of https://github.com/lkddi/Xboard.git synced 2026-04-22 18:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
637 Commits 1 Branch 0 Tags
master
Commit Graph

7 Commits

Author SHA1 Message Date
xboard 9ba946621e feat: email template management with DB override, modern mail redesign 2026-04-18 15:41:23 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
 2026-04-10 02:44:20 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
xboard 6d85736eea eat: add reCAPTCHA v3 and Cloudflare Turnstile verification support 
- Implement reCAPTCHA v3 with score-based validation
- Add Cloudflare Turnstile as captcha alternative
- Create reusable CaptchaService for unified validation
- Support switching between recaptcha, recaptcha-v3, and turnstile
- Maintain backward compatibility with existing configurations
 2025-06-28 18:01:59 +08:00
xboard 97e7ffccae fix: resolve PHPStan static analysis warnings 2025-05-07 19:48:19 +08:00
xboard db235c10e8 Revert "fix: resolve PHPStan static analysis warnings" 
This reverts commit 2d3e4b4a95.
 2025-04-14 21:23:08 +08:00
xboard 2d3e4b4a95 fix: resolve PHPStan static analysis warnings 2025-04-14 02:12:42 +08:00