funman300/Ferrous-Solitaire
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 28 Wiki Activity
Files
38eefb22e80cb96294b32c89b79f58328e969d98
Ferrous-Solitaire/solitaire_server
T
History
funman300 38eefb22e8 fix(server): XSS, missing score submission, leaderboard never updated, no LIMIT 
- leaderboard.html, replays.html: escape user-supplied display_name and
  username before inserting into innerHTML to prevent stored XSS
- game.js: call POST /api/replays on win so browser-game completions are
  recorded; scores were never submitted before this fix
- replays.rs: after replay insert, upsert leaderboard best_score /
  best_time_secs for opted-in users when the new score beats their current
  best (classic mode only); scores were never updated before this fix
- leaderboard.rs: add LIMIT 100 to GET /api/leaderboard to prevent
  unbounded query growth

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 19:32:14 -07:00
..
migrations
feat(auth): refresh token rotation via jti tracking
2026-05-12 13:34:42 -07:00
src
fix(server): XSS, missing score submission, leaderboard never updated, no LIMIT
2026-05-13 19:32:14 -07:00
tests
feat(server): add --reset-password admin subcommand
2026-05-12 14:10:13 -07:00
web
fix(server): XSS, missing score submission, leaderboard never updated, no LIMIT
2026-05-13 19:32:14 -07:00
.env.example
feat(sync): re-auth prompt on expired session + server deployment artifacts
2026-05-12 12:45:08 -07:00
Cargo.toml
feat(server): web replay viewer (HTML/CSS + WASM bindings)
2026-05-05 18:54:01 +00:00
docker-compose.yml
feat(sync): re-auth prompt on expired session + server deployment artifacts
2026-05-12 12:45:08 -07:00
Dockerfile
fix(docker): add libsqlite3-0 to runtime image to fix SQLite CANTOPEN error
2026-05-13 15:32:09 -07:00