admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
650 Commits 3 Branches 0 Tags
4cfda0fbf11f8ac13eed953444fe810638d5234c
Commit Graph

8 Commits

Author SHA1 Message Date
yinjianm abd64ed20c Merge remote-tracking branch 'upstream/master' 
# Conflicts:
#	app/Services/UserOnlineService.php
#	public/assets/admin
 2026-04-16 16:59:21 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
 2026-04-10 02:44:20 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
yinjianm 17a7c63aec 修改邮件部分 2026-02-22 03:22:14 +08:00
xboard 6d85736eea eat: add reCAPTCHA v3 and Cloudflare Turnstile verification support 
- Implement reCAPTCHA v3 with score-based validation
- Add Cloudflare Turnstile as captcha alternative
- Create reusable CaptchaService for unified validation
- Support switching between recaptcha, recaptcha-v3, and turnstile
- Maintain backward compatibility with existing configurations
 2025-06-28 18:01:59 +08:00
xboard 97e7ffccae fix: resolve PHPStan static analysis warnings 2025-05-07 19:48:19 +08:00
xboard db235c10e8 Revert "fix: resolve PHPStan static analysis warnings" 
This reverts commit 2d3e4b4a95.
 2025-04-14 21:23:08 +08:00
xboard 2d3e4b4a95 fix: resolve PHPStan static analysis warnings 2025-04-14 02:12:42 +08:00