Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 07:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Change list width by dragging between lists.

Browse source 
Thanks to xet7 !
This commit is contained in:
Lauri Ojansivu 2025-10-14 09:36:11 +03:00
parent 0d9536e2f9
commit abad8cc4d5
7 changed files with 413 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

10
models/cards.js
View file

@ -1764,11 +1764,11 @@ Cards.helpers({
},
setTitle(title) {
// Sanitize title on client side as well
// Basic client-side validation - server will handle full sanitization
let sanitizedTitle = title;
if (typeof title === 'string') {
const { sanitizeTitle } = require('../server/lib/inputSanitizer');
sanitizedTitle = sanitizeTitle(title);
// Basic length check to prevent abuse
sanitizedTitle = title.length > 1000 ? title.substring(0, 1000) : title;
if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
console.warn('Client-side sanitized card title:', title, '->', sanitizedTitle);
}
@ -3583,8 +3583,8 @@ JsonRoutes.add('GET', '/api/boards/:boardId/cards_count', function(
Authentication.checkBoardAccess(req.userId, paramBoardId);
if (req.body.title) {
const { sanitizeTitle } = require('../server/lib/inputSanitizer');
const newTitle = sanitizeTitle(req.body.title);
// Basic client-side validation - server will handle full sanitization
const newTitle = req.body.title.length > 1000 ? req.body.title.substring(0, 1000) : req.body.title;
if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {
console.warn('Sanitized card title input:', req.body.title, '->', newTitle);

13
models/lists.js
View file

@ -314,13 +314,10 @@ Lists.helpers({
Lists.mutations({
rename(title) {
// Sanitize title on client side as well
// Basic client-side validation - server will handle full sanitization
if (typeof title === 'string') {
const { sanitizeTitle } = require('../server/lib/inputSanitizer');
const sanitizedTitle = sanitizeTitle(title);
if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
console.warn('Client-side sanitized list title:', title, '->', sanitizedTitle);
}
// Basic length check to prevent abuse
const sanitizedTitle = title.length > 1000 ? title.substring(0, 1000) : title;
return { $set: { title: sanitizedTitle } };
}
return { $set: { title } };
@ -654,8 +651,8 @@ if (Meteor.isServer) {
// Update title if provided
if (req.body.title) {
const { sanitizeTitle } = require('../server/lib/inputSanitizer');
const newTitle = sanitizeTitle(req.body.title);
// Basic client-side validation - server will handle full sanitization
const newTitle = req.body.title.length > 1000 ? req.body.title.substring(0, 1000) : req.body.title;
if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {
console.warn('Sanitized list title input:', req.body.title, '->', newTitle);