mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-01-09 04:59:42 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2.3.1
TimeTracker/templates
History
Dries Peeters 9b7aa3a938 security: Add CSRF token protection to all POST forms" -m " Complete CSRF protection implementation across the entire application. Fixed 31 HTML forms and 4 JavaScript dynamic form generators that were missing CSRF tokens. 
Affected modules: Projects, Clients, Tasks, Invoices, Comments, Admin, Search

- All HTML forms now include csrf_token hidden input
- JavaScript forms retrieve token from meta tag in base.html
- API endpoints properly exempted for JSON operations
- 58 POST forms + 4 dynamic JS forms now protected

Security impact: HIGH - Closes critical CSRF vulnerability
Files modified: 20 templates
2025-10-11 09:01:58 +02:00
..
admin
security: Add CSRF token protection to all POST forms" -m " Complete CSRF protection implementation across the entire application. Fixed 31 HTML forms and 4 JavaScript dynamic form generators that were missing CSRF tokens.
2025-10-11 09:01:58 +02:00
clients
security: Add CSRF token protection to all POST forms" -m " Complete CSRF protection implementation across the entire application. Fixed 31 HTML forms and 4 JavaScript dynamic form generators that were missing CSRF tokens.
2025-10-11 09:01:58 +02:00
errors
feat(ui): refresh templates and dashboards; improve admin and error pages
2025-09-12 10:03:40 +02:00
invoices
security: Add CSRF token protection to all POST forms" -m " Complete CSRF protection implementation across the entire application. Fixed 31 HTML forms and 4 JavaScript dynamic form generators that were missing CSRF tokens.
2025-10-11 09:01:58 +02:00
main
feat: Add project costs tracking and remove license server integration
2025-10-09 11:50:26 +02:00
projects
security: Add CSRF token protection to all POST forms" -m " Complete CSRF protection implementation across the entire application. Fixed 31 HTML forms and 4 JavaScript dynamic form generators that were missing CSRF tokens.
2025-10-11 09:01:58 +02:00
reports
feat: Add project costs tracking and remove license server integration
2025-10-09 11:50:26 +02:00
timer
feat: Add command palette, enhance calendar, and improve i18n
2025-10-07 19:00:07 +02:00