forked from YOURLS/YOURLS
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcommit_message.txt
More file actions
18 lines (14 loc) · 1.63 KB
/
Copy pathcommit_message.txt
File metadata and controls
18 lines (14 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
🧹 [Code Health] Modernize functions and mitigate vulnerabilities
🎯 **What:**
- Resolved `max()` errors in `yourls_scale_data` and `yourls_array_granularity` by explicitly checking for empty arrays before calculation.
- Addressed variable overriding risk by removing `extract()` from `yourls_html_head_output` and implementing explicit null coalescing assignment.
- Improved XSS protection in JSONP response generation within `admin/index.php` by correctly setting `Content-Type: application/javascript` before echoing payload.
- Enhanced `yourls_maybe_unserialize` to allow plugins to extend `allowed_classes` via the `yourls_maybe_unserialize_allowed_classes` filter, preventing object injection vulnerabilities while maintaining compatibility.
- Centralized stray utility scripts to `scripts/` following the Prune-First Protocol.
- Generated `docs/0xCARTO_blueprint.md` utilizing the 5-Tier Markdown Documentation Schema.
💡 **Why:**
These changes address multiple PHP 8 compatibility issues, structural security vulnerabilities, and code hygiene requirements according to SCOS constraints and Agentic specifications. Explicit type checks, early headers, and centralized tools create a more deterministic, reliable, and secure environment without compromising backward compatibility or Golden Scars.
✅ **Verification:**
Executed the PHPUnit test suite with PHP 8.3, confirming all tests pass without failures or errors. Checked all modified files manually for accurate code replacement.
✨ **Result:**
A more robust and secure core that handles edge cases safely, fully compatible with PHP 8, and compliant with required security and structural paradigms.