mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-04-20 02:30:18 -05:00
Code Issues Packages Projects Releases 164 Wiki Activity
5,012 Commits 431 Branches 206 Tags
72d34f36786d8643f8530cebcdfb86784aa95fce
Commit Graph

2770 Commits

Author SHA1 Message Date
Dhruwang
72d34f3678 refactor: remove organizationId from various actions and components 
- Removed organizationId from ZResetSurveyAction, ZUpdateSegmentAction, ZDeleteQuotaAction, ZUpdateInviteAction, and ZDeleteInviteAction schemas.
- Updated corresponding action calls in SurveyAnalysisCTA, SegmentSettings, TargetingCard, and MemberActions components to eliminate organizationId parameter, enhancing security by preventing IDOR vulnerabilities.
 2026-03-16 18:15:15 +05:30
Santosh
8c6496cdd4 merge: resolve conflicts with main branch 
Merge origin/main into fix/idor-server-actions-and-sentry-v2-logging,
resolving conflicts in 5 server action files by combining:
- .inputSchema() API from main (renamed from .schema())
- IDOR fix: derive organizationId from target resource, not client input
 2026-03-11 13:11:41 +01:00
Anshuman Pandey
9df423073f fix: zlib CVE (#7444) 2026-03-11 11:10:29 +00:00
Johannes
3e3c696972 feat: add trigger after time passed (#7452) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-11 10:12:31 +00:00
Anshuman Pandey
cb41e2d344 fix: sets apps/web TS strict check to true (#7451) 2026-03-11 10:14:37 +01:00
Santosh
fc762ebffc fix: derive organizationId from target resource in updateSegment and quota actions 
- updateSegmentAction: use getOrganizationIdFromSegmentId instead of
  getOrganizationIdFromEnvironmentId to prevent IDOR via caller-supplied
  environmentId
- deleteQuotaAction/updateQuotaAction: use getOrganizationIdFromQuotaId
  and getProjectIdFromQuotaId instead of deriving from caller-supplied
  surveyId/quota.surveyId

Addresses review feedback from @BhagyaAmarasinghe on remaining IDOR
vectors in #7326.
 2026-03-11 09:18:44 +01:00
Matti Nannt
1e19cca7d9 feat: implement cloud stripe billing sync and pricing revamp (#7309) 
Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 16:04:23 +00:00
Johannes
fa882dd4cc fix: improve survey validation error handling in SurveyMenuBar component (#7447) 2026-03-10 10:23:05 +00:00
Matti Nannt
0b82c6de77 feat: move multi-language surveys and workspace languages to AGPL (#7426) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-10 09:28:01 +00:00
Balázs Úr
a944d7626e chore: use Unicode punctuation, remove contractions, make wording consistent (#7355) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 07:06:30 +00:00
Balázs Úr
d1b12dc228 fix: mark strings as translatable in survey editor (#7369) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 06:14:29 +00:00
Balázs Úr
1da92addd2 fix: Hungarian translations (#7434) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-09 12:31:24 +00:00
Johannes
42541f86fd feat(navigation): add workflows section to main navigation and update… (#7392) 2026-03-08 18:13:38 +00:00
Matti Nannt
afa192e5b9 chore: upgrade deps and Zod v4 migration (#7425) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-06 14:41:28 +01:00
Chowdhury Tafsir Ahmed Siddiki
af02ce9ea6 fix: display native language names in profile language selector (#7349) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 10:18:52 +00:00
Bhagya Amarasinghe
fc1c91896a fix: add server-side SSRF validation for webhook URLs (#7414) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-06 07:36:49 +00:00
Balázs Úr
f5c7dbdc71 fix: mark duplicated survey name as translatable (#7379) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 06:37:05 +00:00
Balázs Úr
b88ea5cc66 fix: use proper plural forms (#7322) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 06:30:27 +00:00
bharath kumar
f31085a9e7 fix(i18n): resolve duplicate Hungarian translations causing Career Development Survey creation to fail (#7410) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 05:39:05 +00:00
Dhruwang Jariwala
299ae81b21 chore: mls tweaks (#7416) 2026-03-05 14:55:45 +00:00
Bhagya Amarasinghe
f73f13f16c perf: fix Prisma connection pool saturation from unbounded Promise.all fan-outs (#7404) 2026-03-05 14:35:40 +00:00
Matti Nannt
e9bcbf6e4c fix: patch @isaacs/brace-expansion to 5.0.1 (#7424) 2026-03-05 13:35:48 +00:00
Matti Nannt
f0a0cf531a chore: clean up unused npm dependencies (#7417) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-05 10:48:13 +00:00
Dhruwang Jariwala
f0a93ae092 fix: add Tailwind v3 config for Prettier in apps/web and packages/email (#7421) 2026-03-05 10:05:05 +00:00
Bhagya Amarasinghe
33010fb6f5 fix: auto-save creates duplicate follow ups (#7413) 
Co-authored-by: gulshank0 <gulshanbahadur002@gmail.com>
 2026-03-05 00:44:29 +00:00
Santosh
77f7e099b9 fix: derive organizationId from resources in server actions to prevent cross-org IDOR (#7326, #6677) 
resetSurveyAction, deleteInviteAction, and updateInviteAction accepted
organizationId from client input for authorization while operating on
resources identified by separate IDs. An authenticated user belonging
to multiple organizations could authorize against their own org while
mutating resources in another org.

Derive organizationId from the target resource using existing helpers
(getOrganizationIdFromSurveyId, getOrganizationIdFromInviteId),
matching the pattern already used by adjacent safe actions in the same
files.

Also adds request method and path as Sentry tags and structured log
context in the API v2 error handler, bringing v2 error reporting to
parity with v1.
 2026-03-04 12:16:35 +01:00
Matti Nannt
d5fdacadd7 chore: update dependencies and fix build/lint/test regressions (#7403) 2026-03-03 17:03:03 +00:00
Dhruwang Jariwala
e4aa66b067 fix: removed legacy response note traces (#7396) 2026-03-02 12:58:37 +00:00
Dhruwang Jariwala
ffcc101ed9 chore: make productionBrowserSourceMaps conditional to decrease build time (#7400) 2026-03-02 09:49:00 +00:00
Balázs Úr
2740cd16b9 fix: delete confirmation dialog title translation (#7358) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-02 07:06:14 +00:00
Dhruwang Jariwala
7eb94f0bd5 fix: theme styling preview, option border color, and enable custom styling behavior (#7387) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-03-02 06:17:52 +00:00
Johannes
6dd2e707fe feat: display Formbricks version alongside organization ID in settings (#7363) 2026-03-02 05:54:23 +00:00
Harsh Bhat
2601169877 docs: add advanced CSS variable updates (#7389) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-02-27 17:19:22 +00:00
Bhagya Amarasinghe
68c1422733 fix: copy database package.json to Docker runner stage (#7371) 2026-02-26 10:25:28 +00:00
Dhruwang Jariwala
6942502baf fix: slack missing redirect uri (#7372) 2026-02-26 10:01:25 +00:00
Theodór Tómas
a4bd217761 chore: update to zod 3.25.76 (#7366) 2026-02-26 05:17:20 +00:00
Bhagya Amarasinghe
fee770358c perf(contacts): build segment WHERE clauses sequentially to prevent pool saturation (#7354) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-02-25 15:25:32 +00:00
Dhruwang Jariwala
44f8f80cac docs: clarify startAt is block-based, not question-based (#1404) (#7352) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-25 13:19:30 +00:00
Chowdhury Tafsir Ahmed Siddiki
858a7f7aa9 fix: replace toSorted in breadcrumb switchers for compatibility (#7325) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-25 06:29:31 +00:00
Gulshan
ac40b90e81 fix: made "Filter" string translatable (#7301) 
Signed-off-by: gulshank0 <gulshanbahadur002@gmail.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-25 06:28:51 +00:00
Balázs Úr
aa21b4e442 fix: made Contact's page titles and table headers translatable (#7313) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-24 14:07:05 +00:00
Johannes
3776b31794 feat: add impressions tab and display data retrieval for surveys (#7266) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-24 11:00:58 +00:00
Balázs Úr
33f60ce2be fix: button label on create attribute dialog (#7331) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-24 08:30:20 +00:00
Bhagya Amarasinghe
c0386cea5a perf(contacts): batch segment evaluation queries into single transaction (#7333) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-24 08:26:46 +00:00
Anshuman Pandey
7cea53130c chore: adds webhook signing to test event (#7320) 2026-02-23 12:36:50 +00:00
Dhruwang Jariwala
0636989d67 fix: update test configuration to exclude .next directory from testing (#7334) 2026-02-23 11:33:17 +01:00
Anshuman Pandey
219883266c fix: add bool support (#7323) 2026-02-20 15:30:40 +00:00
neila
6e4ef9a099 fix: make pretty URL paths accessible from public domain (#7264) 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-20 09:55:40 +00:00
Chowdhury Tafsir Ahmed Siddiki
ebf7d1e3a1 fix: prevent crash in NotificationSwitch via optional chaining (#7268) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-20 09:55:06 +00:00
Dhruwang Jariwala
998162bc48 fix: Google Sheets integration — token expiry & permission error handling (#7282) (#7285) 2026-02-20 08:56:24 +00:00