New feature

[hugbubby]

No description provided.

[zeropath-ai-staging]

🟡 Security issue(s) detected below the blocking threshold. Reviewed everything up to a605adb.

• View Issue 1

Security Overview

• 🔎 Scanned files: 13 changed file(s)
• 🔗 Scan Link: https://staging.branch.zeropath.com/app/repositories/c5d8a022-9631-45a3-937f-404f77ff821a?scanId=e9a64333-8705-4547-810d-1daaf2a71f81&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Enhancement	► admin/include/add_core_tabs.inc.php     Add Security Center tab ► admin/include/functions.php     Add security_center to active menu cases ► admin/security_center.php     Add Security Center page ► admin/themes/default/template/security_center.tpl     Add Security Center template ► include/constants.php     Define LOGIN_ATTEMPTS_TABLE ► include/functions_user.inc.php     Implement login attempt recording ► language/en_UK/admin.lang.php     Add Security Center translations ► install/db/182-database.php     Create login_attempts table ► install/piwigo_structure-mysql.sql     Add login_attempts table structure
Configuration changes	► admin/include/functions_upgrade.php     Define LOGIN_ATTEMPTS_TABLE
Enhancement	► install.php     Log user after install ► register.php     Log user after registration ► ws.php     Log user after web service authentication

[zeropath-ai-dev]

❌ Possible security or compliance issues detected. Reviewed everything up to a605adb.

The following issues were found:

• SQL Injection (SQLI)

  • Location: admin/security_center.php:210-216
  • Score: MEDIUM (74.0)
  • Description: SQL Injection via unvalidated extra_where parameter
  • Link to UI: https://dev.branch.zeropath.com/app/issues/f98e1844-a39a-48a1-ac72-1539393cc09e

Security Overview

• 🔎 Scanned files: 13 changed file(s)
• 🔗 Scan Link: https://dev.branch.zeropath.com/app/repositories/d9cf8881-7d91-495e-919b-1821f32afbca?scanId=c95483fb-0fca-4b20-aaab-64dff134783f&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Enhancement	► admin/include/add_core_tabs.inc.php     Add Security Center tab ► admin/include/functions.php     Add Security Center to active menu ► admin/security_center.php     Implement Security Center page ► admin/themes/default/template/security_center.tpl     Add Security Center template ► include/constants.php     Define LOGIN_ATTEMPTS_TABLE ► include/functions_user.inc.php     Implement login attempt recording ► language/en_UK/admin.lang.php     Add Security Center translations ► register.php     Record login attempt on registration ► ws.php     No description available
Configuration changes	► admin/include/functions_upgrade.php     Define LOGIN_ATTEMPTS_TABLE ► install/db/182-database.php     Create login_attempts table ► install/piwigo_structure-mysql.sql     Add login_attempts table structure
Other	► include/functions_user.inc.php     Add function to get login username ► include/functions_user.inc.php     Modify log_user to record login attempts ► include/functions_user.inc.php     Modify auto_login to record origin ► include/functions_user.inc.php     Modify pwg_login to record login attempts ► include/functions_user.inc.php     Modify auth_key_login to record login attempts ► install.php     Modify install to record origin

[zeropath-ai-dev]

SQL Injection Vulnerability in admin/security_center.php (Severity: MEDIUM)

A SQL injection vulnerability exists in admin/security_center.php, lines 210-216, potentially allowing unauthorized data access or modification. The vulnerability stems from the lack of validation of the extra_where parameter, which is directly incorporated into the SQL query. This can allow an attacker to inject malicious SQL code, leading to unintended database operations.
_{View details in ZeroPath}