Skip to content

Release: PHPMailer 7.1.1, security guards, API improvements#156

Merged
marpisco merged 8 commits into
mainfrom
dev
May 22, 2026
Merged

Release: PHPMailer 7.1.1, security guards, API improvements#156
marpisco merged 8 commits into
mainfrom
dev

Conversation

@marpisco
Copy link
Copy Markdown
Owner

@marpisco marpisco commented May 22, 2026
edited
Loading

Changes

PHPMailer 7.0.2 → 7.1.1

  • Security fixes: strip line breaks from properties, strict encoding validation, MessageDate validation
  • No breaking changes for ClassLink — all Encoding/CharSet values use lowercase/constants
  • Confirmed working via mass email test

Security: Pending-auth guards (#153)

  • Invalidate authenticated session vars on TOTP entry so valid sessions can't bypass TOTP
  • Add pending_totp_user/pending_user_setup + session validity checks to all page auth guards and admin API endpoints (16 files)

API: LIMIT 10 default + search filters (#155)

  • Default LIMIT 50→10 on api_registos, 20→10 on salas_search/tempos_search/users_search
  • q search filter on api_registos (loginfo, nome, email, ip_address)
  • total count + hasMore fields for client-side pagination awareness
  • LIKE … ESCAPE for safe wildcard handling

Misc

  • emailnotification.php: remove unnecessary checkbox label text
  • copilot-instructions.md: updated to reflect current project state

Verification

  • php -l on all modified PHP files — pass
  • PHPMailer runtime: 7.1.1
  • Mass email test: delivered correctly

Closes #151 Closes #153 Closes #154 Closes #155

marpisco added 8 commits May 22, 2026 09:51
@marpisco
build(deps): upgrade phpmailer from 7.0.2 to 7.1.1
07dc076
@marpisco
docs: update copilot instructions to reflect current project state
7c15c66
@marpisco
fix(emailnotification): remover texto desnecessário na checkbox da id…
6a85954 
…entificação do remetente
@marpisco
fix(security): invalidate session on TOTP entry + add pending auth gu…
128952b 
…ards (#153)

- Clear authenticated session vars (id, nome, email, admin, validity) when
  entering TOTP flow so existing valid sessions can't bypass TOTP
- Add pending_totp_user/pending_user_setup checks to all page auth
  guards (redirect to login TOTP/setup steps)
- Add session validity + pending auth checks to admin API endpoints
  (previously only checked admin flag, missing validity check)
@marpisco
feat(api): add LIMIT 10 default and search filters to all endpoints (#…
bd62fb4 
…155)

- dashboard_stats: add LIMIT 10 to reservations-per-room query
- api_registos: change default limit 50→10, add q search filter
  (loginfo, nome, email, ip_address), add total count in response
- salas_search: change default limit 20→10, add LIKE ESCAPE for
  safe wildcard handling
- tempos_search: change default limit 20→10, add LIKE ESCAPE
- users_search: change hardcoded limit 20→10
- recipients_preview: limit displayed recipients to 10, add
  total/hasMore fields for client-side pagination
@marpisco
feat(admin): add skeleton loading states to registos (logs) page
813414c
@marpisco
docs: update copilot instructions with current session summary
7223b74
@marpisco
Revert "feat(admin): add skeleton loading states to registos (logs) p…
458d9e6 
…age"

This reverts commit 813414c.
Copilot AI review requested due to automatic review settings May 22, 2026 23:27
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

📝 Manual Update Required? It looks like you've modified core logic. Please check if the user manual needs a refresh! @marpisco

Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@marpisco marpisco merged commit b748299 into main May 22, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@marpisco