Fix security vulnerabilities, remove dead code, and improve code quality
- Fix path traversal with realpath() validation in getPage() and executePhpFile() - Remove insecure JWT secret fallback, require JWT_SECRET env var - Fix IP spoofing by only trusting proxy headers from configured proxies - Add Secure/HttpOnly/SameSite flags to all cookies - Use env var for debug mode instead of hardcoded true - Fix operator precedence bug in MQTTTracker track_user_flows check - Remove dead code: duplicate is_dir() block, unused scanForPageNames() - Remove htmlspecialchars() from filesystem path operations - Remove duplicate require_once calls and redundant autoloader includes - Fix unclosed </div> in getDirectoryListing() - Escape breadcrumb titles and add lang param to search result URLs - Make language prefixes dynamic from config instead of hardcoded nl|en - Make HTML lang attribute dynamic, add go_to translation key - Add aria-label/aria-expanded to sidebar toggle for accessibility - Fix event listener leak in app.js using event delegation - Remove console.log from production code - Update guides (NL/EN) with sidebar toggle documentation - Add TODO.md documenting all identified improvements
This commit is contained in:
@@ -35,5 +35,6 @@ return [
|
||||
'plugin_development' => 'Plugin Development',
|
||||
'template_system' => 'Template System',
|
||||
'mqtt_tracking' => 'MQTT Tracking',
|
||||
'real_time_analytics' => 'Real-time Analytics'
|
||||
'real_time_analytics' => 'Real-time Analytics',
|
||||
'go_to' => 'Go to'
|
||||
];
|
||||
Reference in New Issue
Block a user