EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99 Commits 3 Branches 0 Tags
414f7db7d1f1b97a5b8ff8200845242fffe1a123
Commit Graph

99 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
copilot-swe-agent[bot]
414f7db7d1 Initial plan 2026-02-19 14:51:43 +00:00
Naiel
192002880a Refactor input sanitization functions and improve file path handling across multiple files 
- Introduced `safe_id_segment`, `safe_centro_id`, and `safe_aulario_config_path` functions to sanitize input and construct file paths securely.
- Updated `index.php`, `paneldiario.php`, `proyectos.php`, `aularios.php`, `centros.php`, `club_mkthumb.php`, `reset_password.php`, and `users.php` to utilize new sanitization functions.
- Enhanced error handling for file existence checks and directory traversal prevention.
- Ensured consistent use of safe path handling in user input across the application.
 2026-02-19 14:45:51 +00:00
Naiel
905610717b Add Codacy security scan workflow 
This workflow integrates Codacy security scans with GitHub Actions, checking code on push and pull requests to the main branch and scheduling regular scans.
 2026-02-19 10:37:11 +01:00
Naiel
2f6721e657 Merge pull request #10 from Axia4/copilot/restrict-safe-filename-characters 
Harden path validation and file handling against directory traversal attacks
 2026-02-19 10:35:31 +01:00
Naiel
516c9a645d Delete .github/workflows/main.yml 2026-02-19 10:33:56 +01:00
copilot-swe-agent[bot]
ffb74751a3 Sync safe_filename implementation across files for consistency 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-19 09:33:47 +00:00
copilot-swe-agent[bot]
1c5533c13d Address code review findings - add username validation and fix edge cases 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-19 09:32:46 +00:00
copilot-swe-agent[bot]
c9b5a1058f Apply security fixes for path validation and file handling 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-19 09:31:25 +00:00
Naiel
c8c9c10293 Add GitHub Actions workflow for PHP security checks 2026-02-19 10:30:46 +01:00
copilot-swe-agent[bot]
99898e8736 Initial plan 2026-02-19 09:28:40 +00:00
naielv
98f430188c Enhance security and input sanitization across multiple files 
- Added a new tools.security.php file containing functions for sanitizing filenames, paths, and user inputs to prevent directory traversal and XSS attacks.
- Updated various files to utilize the new sanitization functions (Sf, Si) for user inputs and file operations, ensuring safer handling of data.
- Improved HTML output safety by applying htmlspecialchars to user-generated content in pre-body.php, cal.php, and other relevant files.
- Refactored user authentication and data retrieval processes in tools.auth.php and _login.php to enhance security and maintainability.
- Ensured consistent use of sanitization functions in API endpoints and admin functionalities to mitigate potential security vulnerabilities.
 2026-02-18 23:22:58 +01:00
Naiel
a6ebede883 update 2026-02-18 14:01:42 +00:00
Naiel
ce318a7322 Agregar API del Comedor para gestionar menús y tipos de menú 2026-02-18 13:45:37 +00:00
Naiel
1e6f6be18f Add diario.php for student diary management and update images 
- Created a new file `diario.php` to manage and display student diaries.
- Implemented user permission checks to restrict access to docentes.
- Added functionality to list students and their diary entries based on selected aulario.
- Included validation for directory paths and error handling for missing data.
- Updated images `alumnos.png` and `yo.png` in the static assets.
 2026-02-18 11:38:48 +00:00
naielv
51fd926065 Actualizar la configuración de autenticación y mejorar la gestión de sesiones 2026-02-17 14:33:51 +01:00
naielv
8f45eac632 Actualizar la acción del formulario de búsqueda a un nuevo endpoint 2026-02-16 01:12:16 +01:00
Naiel
12add1cd3f Agregar variable PAGE_TITLE para personalizar títulos en las páginas del club 2026-02-15 20:14:31 +00:00
Naiel
5e3bbe45ba Fix JavaScript function call and update onclick handler 2026-02-14 15:08:04 +01:00
Naiel
618fc6679b Escape special characters in alumno name 2026-02-14 15:02:02 +01:00
Naiel
c8e6c617e2 Fix student selection announcement and data structure 2026-02-14 14:52:20 +01:00
Naiel
73687ef617 Change link from javascript:void(0) to # 2026-02-14 14:41:38 +01:00
Naiel
f0976a9f2f Merge pull request #9 from Axia4/copilot/add-quien-soy-flow 
Add student self-identification flow and CRUD management to Panel Diario
 2026-02-14 14:35:45 +01:00
copilot-swe-agent[bot]
b8b605cff0 Improve accessibility and file handling in CRUD 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:30:42 +00:00
copilot-swe-agent[bot]
f13c0725ec Fix security issues in alumnos.php CRUD page 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:28:57 +00:00
copilot-swe-agent[bot]
53b11caea1 Add CRUD page for student management (alumnos.php) 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:27:14 +00:00
copilot-swe-agent[bot]
9067df28ed Fix HTTP status code for parameter validation 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:21:57 +00:00
copilot-swe-agent[bot]
b5d71a473d Add realpath validation and accessibility improvements 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:21:09 +00:00
copilot-swe-agent[bot]
a3eeda2dc5 Fix security issues in ¿Quién soy? flow 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:19:56 +00:00
copilot-swe-agent[bot]
302992c10b Add ¿Quién soy? flow to Panel Diario 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-14 13:18:22 +00:00
copilot-swe-agent[bot]
ec309d4aac Initial plan 2026-02-14 13:14:50 +00:00
Naiel
22c4c09303 Refactor menu styles to include header context 2026-02-14 12:04:20 +01:00
Naiel
cdb54a0670 Generar y almacenar una contraseña aleatoria para el usuario al iniciar sesión con Google 2026-02-13 12:33:32 +00:00
Naiel
8339c1e2ea Actualizar configuración de Docker y mejorar autenticación de Google en el inicio de sesión 2026-02-13 12:30:29 +00:00
Naiel
00ba9f3f01 update 2026-02-13 09:36:25 +00:00
Naiel
28770f9650 add manifest 2026-02-13 09:31:45 +00:00
naielv
30fce4b5a9 v2.0,0 - Refactor code structure for improved readability and maintainability 2026-02-13 01:56:00 +01:00
Naiel
4efda27840 add notice 2026-02-11 19:35:33 +01:00
Naiel
356cf32f38 Remove unnecessary line break in actividades section for cleaner layout 2026-02-06 23:31:10 +00:00
Naiel
b3ff425609 Remove unnecessary environment variable from Docker Compose and tidy comments for clarity 2026-02-06 23:25:19 +00:00
Naiel
5834650273 Enhance Dockerfile with opcache configuration and update PHP extension installation; improve project description in proyectos.php; remove unused lazo.php file 2026-02-06 23:23:04 +00:00
Naiel
3de8329868 Update login form action and ensure pre-body is included correctly in comedor 2026-02-06 23:10:23 +00:00
Naiel
c2d4074ac7 Merge pull request #8 from Axia4/copilot/fix-menu-types-list 
Add delete and rename operations for menu types in EntreAulas Comedor
 2026-02-06 15:02:53 +01:00
copilot-swe-agent[bot]
8527c8f08e Address code review feedback - improve security and code clarity 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-06 13:50:06 +00:00
copilot-swe-agent[bot]
6027ceb227 Add delete and rename functionality for menu types 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-06 13:41:57 +00:00
copilot-swe-agent[bot]
e1e500aacc Initial plan 2026-02-06 13:40:21 +00:00
Naiel
4e7fb6e150 add delete btn 2026-02-03 13:44:49 +00:00
Naiel
33f97a77a3 fix 2026-02-02 10:20:31 +00:00
naielv
9799d8534d update 2026-02-01 23:02:39 +01:00
naielv
d306991d7c fix lwdc 2026-02-01 22:05:09 +01:00
naielv
6620980f02 Finished (for now) projects module, with secure PDF viewer. 2026-02-01 14:18:37 +01:00