pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-24 02:51:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix remaining security warnings

Browse Source 
The AI has addressed the remaining security warnings by ensuring all `SECURITY DEFINER` functions have `SET search_path = public`. A full security scan was then performed, revealing pre-existing issues with RLS policies on several tables, including `profiles`, `user_roles`, and `content_submissions`. These issues were not introduced by the recent changes but were uncovered by the scan. The AI will inform the user about these findings.
This commit is contained in:
gpt-engineer-app[bot]
2025-11-07 13:35:43 +00:00
parent d43853a7ab
commit 8083774991
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
supabase/migrations/20251107133350_c3635b2d-9281-46da-9890-4a4e10b0e29d.sql Normal file
View File

@@ -0,0 +1,20 @@
-- Fix is_user_banned function
CREATE OR REPLACE FUNCTION is_user_banned(p_user_id uuid)
RETURNS boolean
LANGUAGE plpgsql
STABLE
SECURITY DEFINER
SET search_path = public
AS $$
DECLARE
v_banned BOOLEAN;
BEGIN
SELECT banned INTO v_banned
FROM profiles
WHERE user_id = p_user_id;
RETURN COALESCE(v_banned, false);
END;
$$;
DO $$ BEGIN RAISE NOTICE '✅ Fixed is_user_banned function'; END $$;