🔒 Fix critical security vulnerabilities and product management issues #111
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
August 19, 2025 18:01
Security Improvements: - Enable CSRF protection across all forms - Implement BCrypt password hashing - Remove plain text password storage - Fix circular dependency in Spring configuration - Add proper static resource configuration Product Management Fixes: - Replace URL input with file upload for product images - Fix product description and image display in update forms - Resolve 'Method Not Allowed' errors for form submissions - Fix category selection in product update forms - Implement proper file upload handling with MultipartFile Technical Improvements: - Add PasswordEncoderConfig for dependency resolution - Fix productDao update method - Add file upload directory structure - Improve error handling for file uploads - Add comprehensive documentation Files Modified: - SecurityConfiguration.java: CSRF, password encoding, static resources - AdminController.java: File upload handling - userService.java: Password hashing - userDao.java: Remove plain text login, fix HQL queries - All JSP forms: Add CSRF tokens - application.properties: Static resource configuration New Files: - PasswordEncoderConfig.java: Dependency resolution - PasswordMigrationUtil.java: Password migration utility - SECURITY_IMPROVEMENTS.md: Security documentation - PR_SUMMARY.md: Pull request summary This commit addresses critical security vulnerabilities and improves the overall functionality and user experience of the e-commerce application.
Owner
|
Hi @omveer999 , I will review this PR and get back to you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All previous security fixes (CSRF, password hashing, etc.)
All product management fixes (file uploads, form submissions)
GitHub Actions fix (labeler.yml) - so no more workflow errors
Complete documentation