booru-viewer

History

pax b28cc0d104 db: escape LIKE wildcards in search_library_meta

Same fix as audit #5 applied to get_bookmarks (lines 490-499) but
missed here. Without ESCAPE, searching 'cat_ear' also matches
'catxear' because _ is a SQL LIKE wildcard that matches any single
character.

2026-04-11 19:28:59 -05:00

api

security: fix #14 — cap category_fetcher HTML body before regex walk

2026-04-11 16:26:00 -05:00

__init__.py

core/__init__.py: drop stale core.images reference from docstring

2026-04-11 17:28:57 -05:00

cache.py

security: fix #10 — validate media magic in first 16 bytes of stream

2026-04-11 16:24:59 -05:00

concurrency.py

Route async work through one persistent loop, lock shared httpx + DB writes

2026-04-07 17:24:23 -05:00

config.py

security: fix #7 — reject Windows reserved device names in template

2026-04-11 16:20:27 -05:00

db.py

db: escape LIKE wildcards in search_library_meta

2026-04-11 19:28:59 -05:00

library_save.py

library_save: ensure categories before template render

2026-04-09 19:18:13 -05:00