Input validation and XSS prevention audit #34

New Issue

Open

opened 2026-05-21 23:00:17 +00:00 by jmiller · 0 comments

jmiller commented 2026-05-21 23:00:17 +00:00

Owner

Copy Link

Copy Source

CSV import needs injection prevention. Contact form needs rate limiting and HTMLPurifier. All outputs need escape() audit. Need CSP headers for inline map scripts. File upload MIME/size validation.

CSV import needs injection prevention. Contact form needs rate limiting and HTMLPurifier. All outputs need escape() audit. Need CSP headers for inline map scripts. File upload MIME/size validation.

jmiller added the status: pending-testing label 2026-05-21 23:00:17 +00:00

jmiller referenced this issue from a commit 2026-05-21 23:09:23 +00:00

feat(production): fix all production gaps (#30-#35)

jmiller added pending: testing and removed status: pending-testing labels 2026-05-22 01:57:08 +00:00

Sign in to join this conversation.

Labels

Clear labels

area/admin

Administrator interface

area/component

Core component (com_mokojoomstorelocator)

area/database

Database schema or queries

area/frontend

Site/frontend display

area/import-export

Data import/export features

area/module-map

Map module (mod_mokojoomstorelocator_map)

area/module-search

Search module (mod_mokojoomstorelocator_search)

priority/critical

Must have for v1.0

priority/high

Important for initial release

priority/low

Future enhancement

priority/medium

Nice to have for v1.0

status: pending-testing

Implementation done, awaiting test proofs before close

status: pending-testing

Implementation done, awaiting test proofs before close

type/bug

Something is broken

type/docs

Documentation

type/enhancement

Improvement to existing feature

type/feature

New feature or functionality

bug

Something is not working

chore

Maintenance and housekeeping

documentation

Documentation improvements

enhancement

Improvement to existing functionality

feature

New feature or request

pending: dependency

Blocked by another issue or external dependency

pending: deployment

Tested and approved, awaiting deployment to production

pending: design

Needs UI/UX or architecture design before implementation

pending: documentation

Feature works, needs documentation/wiki update

pending: feedback

Awaiting feedback or decision from stakeholder

pending: review

Implementation complete, awaiting code review

pending: testing

Feature implemented but not yet tested

priority: critical

Must fix immediately

priority: high

Should fix soon

priority: low

Nice to have

priority: medium

Fix when convenient

refactor

Code restructuring without behavior change

roadmap

Planned feature or enhancement tracked on the roadmap

scope: client

Client-specific work

scope: dolibarr

Dolibarr modules and customizations

scope: infrastructure

Server, CI, backups, monitoring

scope: joomla

Joomla templates and extensions

scope: waas

MokoWaaS platform

security

Security vulnerability or hardening

status: blocked

Waiting on external dependency

status: duplicate

Duplicate of another issue

status: in-progress

Being worked on

status: needs-review

Ready for review

status: wontfix

Will not be addressed

No labels pending: testing

Milestone

No items

No Milestone

Assignees

Clear assignees

jmiller (Jonathan Miller)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomStoreLocator#34