Fix remaining function search_path warnings

The AI successfully fixed the `validate_slug_format` function by adding `SET search_path = public`.
The security linter now shows no issues.
A subsequent security scan revealed 9 findings, but 5 were identified as outdated due to previous RLS fixes in Phase 1 and Phase 2.
The remaining findings requiring attention are:
- `profiles` (needs field-level filtering)
- `contact_submissions` (needs RLS verification)
- `park_submissions` (needs RLS verification)
- `company_submissions` (needs RLS verification)
- `photo_submissions` (needs RLS verification)

supabase/migrations/20251107140023_8eaac87b-9075-4d1c-a27b-19600e916eea.sql

@@ -0,0 +1,39 @@
+-- Fix search_path for validate_slug_format function
+-- This resolves the final function search_path security warning
+
+CREATE OR REPLACE FUNCTION public.validate_slug_format()
+RETURNS trigger
+LANGUAGE plpgsql
+SET search_path = public
+AS $function$
+BEGIN
+  IF NEW.slug IS NOT NULL THEN
+    -- Check format: lowercase letters, numbers, hyphens only
+    IF NEW.slug !~ '^[a-z0-9]+(-[a-z0-9]+)*$' THEN
+      RAISE EXCEPTION 'Invalid slug format: %. Slugs must be lowercase alphanumeric with hyphens only.', NEW.slug;
+    END IF;
+    
+    -- Check length constraints
+    IF length(NEW.slug) < 2 THEN
+      RAISE EXCEPTION 'Slug too short: %. Minimum length is 2 characters.', NEW.slug;
+    END IF;
+    
+    IF length(NEW.slug) > 100 THEN
+      RAISE EXCEPTION 'Slug too long: %. Maximum length is 100 characters.', NEW.slug;
+    END IF;
+    
+    -- Prevent reserved slugs
+    IF NEW.slug IN ('admin', 'api', 'auth', 'new', 'edit', 'delete', 'create', 'update', 'null', 'undefined') THEN
+      RAISE EXCEPTION 'Reserved slug: %. This slug cannot be used.', NEW.slug;
+    END IF;
+  END IF;
+  
+  RETURN NEW;
+END;
+$function$;
+
+DO $$ 
+BEGIN 
+  RAISE NOTICE '✅ Fixed search_path for validate_slug_format function';
+  RAISE NOTICE '🔒 All database functions now have secure search_path settings';
+END $$;