mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-04-21 03:03:25 -05:00
Code Issues Packages Projects Releases 164 Wiki Activity
5,012 Commits 434 Branches 206 Tags
72d34f36786d8643f8530cebcdfb86784aa95fce
Commit Graph

623 Commits

Author SHA1 Message Date
Dhruwang 72d34f3678 refactor: remove organizationId from various actions and components 
- Removed organizationId from ZResetSurveyAction, ZUpdateSegmentAction, ZDeleteQuotaAction, ZUpdateInviteAction, and ZDeleteInviteAction schemas.
- Updated corresponding action calls in SurveyAnalysisCTA, SegmentSettings, TargetingCard, and MemberActions components to eliminate organizationId parameter, enhancing security by preventing IDOR vulnerabilities.
 2026-03-16 18:15:15 +05:30
Santosh 8c6496cdd4 merge: resolve conflicts with main branch 
Merge origin/main into fix/idor-server-actions-and-sentry-v2-logging,
resolving conflicts in 5 server action files by combining:
- .inputSchema() API from main (renamed from .schema())
- IDOR fix: derive organizationId from target resource, not client input
 2026-03-11 13:11:41 +01:00
Johannes 3e3c696972 feat: add trigger after time passed (#7452) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-11 10:12:31 +00:00
Anshuman Pandey cb41e2d344 fix: sets apps/web TS strict check to true (#7451) 2026-03-11 10:14:37 +01:00
Santosh fc762ebffc fix: derive organizationId from target resource in updateSegment and quota actions 
- updateSegmentAction: use getOrganizationIdFromSegmentId instead of
  getOrganizationIdFromEnvironmentId to prevent IDOR via caller-supplied
  environmentId
- deleteQuotaAction/updateQuotaAction: use getOrganizationIdFromQuotaId
  and getProjectIdFromQuotaId instead of deriving from caller-supplied
  surveyId/quota.surveyId

Addresses review feedback from @BhagyaAmarasinghe on remaining IDOR
vectors in #7326.
 2026-03-11 09:18:44 +01:00
Matti Nannt 1e19cca7d9 feat: implement cloud stripe billing sync and pricing revamp (#7309) 
Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 16:04:23 +00:00
Johannes fa882dd4cc fix: improve survey validation error handling in SurveyMenuBar component (#7447) 2026-03-10 10:23:05 +00:00
Matti Nannt 0b82c6de77 feat: move multi-language surveys and workspace languages to AGPL (#7426) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-10 09:28:01 +00:00
Balázs Úr a944d7626e chore: use Unicode punctuation, remove contractions, make wording consistent (#7355) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 07:06:30 +00:00
Balázs Úr d1b12dc228 fix: mark strings as translatable in survey editor (#7369) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 06:14:29 +00:00
Matti Nannt afa192e5b9 chore: upgrade deps and Zod v4 migration (#7425) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-06 14:41:28 +01:00
Chowdhury Tafsir Ahmed Siddiki af02ce9ea6 fix: display native language names in profile language selector (#7349) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 10:18:52 +00:00
Bhagya Amarasinghe fc1c91896a fix: add server-side SSRF validation for webhook URLs (#7414) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-06 07:36:49 +00:00
Balázs Úr f5c7dbdc71 fix: mark duplicated survey name as translatable (#7379) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 06:37:05 +00:00
Balázs Úr b88ea5cc66 fix: use proper plural forms (#7322) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-06 06:30:27 +00:00
Dhruwang Jariwala 299ae81b21 chore: mls tweaks (#7416) 2026-03-05 14:55:45 +00:00
Bhagya Amarasinghe f73f13f16c perf: fix Prisma connection pool saturation from unbounded Promise.all fan-outs (#7404) 2026-03-05 14:35:40 +00:00
Dhruwang Jariwala f0a93ae092 fix: add Tailwind v3 config for Prettier in apps/web and packages/email (#7421) 2026-03-05 10:05:05 +00:00
Bhagya Amarasinghe 33010fb6f5 fix: auto-save creates duplicate follow ups (#7413) 
Co-authored-by: gulshank0 <gulshanbahadur002@gmail.com>
 2026-03-05 00:44:29 +00:00
Santosh 77f7e099b9 fix: derive organizationId from resources in server actions to prevent cross-org IDOR (#7326, #6677) 
resetSurveyAction, deleteInviteAction, and updateInviteAction accepted
organizationId from client input for authorization while operating on
resources identified by separate IDs. An authenticated user belonging
to multiple organizations could authorize against their own org while
mutating resources in another org.

Derive organizationId from the target resource using existing helpers
(getOrganizationIdFromSurveyId, getOrganizationIdFromInviteId),
matching the pattern already used by adjacent safe actions in the same
files.

Also adds request method and path as Sentry tags and structured log
context in the API v2 error handler, bringing v2 error reporting to
parity with v1.
 2026-03-04 12:16:35 +01:00
Matti Nannt d5fdacadd7 chore: update dependencies and fix build/lint/test regressions (#7403) 2026-03-03 17:03:03 +00:00
Balázs Úr 2740cd16b9 fix: delete confirmation dialog title translation (#7358) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-02 07:06:14 +00:00
Dhruwang Jariwala 7eb94f0bd5 fix: theme styling preview, option border color, and enable custom styling behavior (#7387) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-03-02 06:17:52 +00:00
Johannes 6dd2e707fe feat: display Formbricks version alongside organization ID in settings (#7363) 2026-03-02 05:54:23 +00:00
Harsh Bhat 2601169877 docs: add advanced CSS variable updates (#7389) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-02-27 17:19:22 +00:00
Bhagya Amarasinghe fee770358c perf(contacts): build segment WHERE clauses sequentially to prevent pool saturation (#7354) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-02-25 15:25:32 +00:00
Balázs Úr aa21b4e442 fix: made Contact's page titles and table headers translatable (#7313) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-24 14:07:05 +00:00
Johannes 3776b31794 feat: add impressions tab and display data retrieval for surveys (#7266) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-24 11:00:58 +00:00
Balázs Úr 33f60ce2be fix: button label on create attribute dialog (#7331) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-24 08:30:20 +00:00
Bhagya Amarasinghe c0386cea5a perf(contacts): batch segment evaluation queries into single transaction (#7333) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-24 08:26:46 +00:00
Anshuman Pandey 7cea53130c chore: adds webhook signing to test event (#7320) 2026-02-23 12:36:50 +00:00
Anshuman Pandey 219883266c fix: add bool support (#7323) 2026-02-20 15:30:40 +00:00
Anshuman Pandey 4fadc54b4e fix: fixes storage resolution issues (#7310) 2026-02-19 14:03:19 +00:00
Dhruwang Jariwala f4ac9a8292 fix: always validate only responseData fields in client/management APIs (#7292) (#7296) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-19 08:56:42 +00:00
Anshuman Pandey 7c8a7606b7 fix: fixes the no segment in draft surveys bug (#7290) 2026-02-19 08:16:18 +00:00
Anshuman Pandey 225217330b fix: adds dataType filter in bc code (#7294) 2026-02-19 07:47:58 +00:00
Anshuman Pandey aa538a3a51 fix: better query in the backwards compatible code (#7288) 2026-02-18 13:00:19 +00:00
Theodór Tómas 33542d0c54 fix: default preview colors (#7277) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-17 11:28:58 +00:00
Anshuman Pandey 202ae903ac chore: makes rate limit config const (#7274) 2026-02-17 06:49:56 +00:00
Theodór Tómas d7c57a7a48 fix: disabling cache in dev (#7269) 2026-02-17 04:44:22 +00:00
Theodór Tómas 6fefd51cce fix: suggest colors has better succes copy (#7258) 2026-02-16 13:18:46 +00:00
Theodór Tómas 65af826222 fix: matrix table preview (#7257) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-02-16 13:18:17 +00:00
Anshuman Pandey 12eb54c653 fix: fixes number being passed into string attribute (#7255) 2026-02-16 11:18:59 +00:00
Dhruwang Jariwala 5aa1427e64 fix: input combobx height (#7256) 2026-02-16 10:03:23 +00:00
Anshuman Pandey f7e8bc1630 feat: attributes data types (#7246) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-02-13 08:55:06 +00:00
Dhruwang Jariwala 36f091bc73 chore: removed i18n-utils dependency from surveys package (#7223) 
Co-authored-by: TheodorTomas <theodortomas@gmail.com>
 2026-02-13 08:08:18 +00:00
Bhagya Amarasinghe 18a7b233f0 fix: distributed lock for license fetch when Redis cache is cold (#7225) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 21:01:21 +00:00
Dhruwang Jariwala 73e8e2f899 feat: license status for self hosters (#7236) 2026-02-12 08:41:00 +00:00
Dhruwang Jariwala fb0ef2fa82 chore: 7114 improve ux in team settings (#7237) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-02-12 06:18:05 +00:00
Theodór Tómas a5c92bbc7b fix: prevent expected auth errors from being reported to Sentry (#7215) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 08:43:08 +00:00