• Joined on 2026-05-03
null closed issue null/BillTracker#13 2026-06-03 20:28:08 -05:00
Payment method tracking and summary
null closed issue null/BillTracker#66 2026-06-03 20:27:33 -05:00
Month navigation arrows should bracket the month name (< MAY >)
null commented on issue null/BillTracker#79 2026-06-03 20:00:05 -05:00
MEDIUM: Admin routes use req.params.id without integer validation

Added at the top of admin.js:

function parseUserId(params) { const n = parseInt(params.id, 10); return Number.isInteger(n) && n > 0 ? n : null; } Applied to all 5 user routes:

Route…

null closed issue null/BillTracker#79 2026-06-03 20:00:05 -05:00
MEDIUM: Admin routes use req.params.id without integer validation
null commented on issue null/BillTracker#84 2026-06-03 19:57:48 -05:00
LOW: OIDC client secret stored in plaintext in user_settings table

Added getOidcClientSecret() helper — reads from DB, decrypts with fallback to plaintext for any legacy value saved before this fix Replaced 3 read sites (getOidcConfig, getOidcConfigStatus,…

null closed issue null/BillTracker#84 2026-06-03 19:57:48 -05:00
LOW: OIDC client secret stored in plaintext in user_settings table
null commented on issue null/BillTracker#48 2026-06-03 19:57:25 -05:00
Phase 6: Background Sync & Polish

Added getOidcClientSecret() helper — reads from DB, decrypts with fallback to plaintext for any legacy value saved before this fix Replaced 3 read sites (getOidcConfig, getOidcConfigStatus,…

null closed issue null/BillTracker#48 2026-06-03 19:57:25 -05:00
Phase 6: Background Sync & Polish
null commented on issue null/BillTracker#62 2026-06-03 19:50:09 -05:00
Analytics — Expense vs Spend color key partially covered by bar graph on desktop

Not reproducible in current code

null closed issue null/BillTracker#62 2026-06-03 19:50:09 -05:00
Analytics — Expense vs Spend color key partially covered by bar graph on desktop
null closed issue null/BillTracker#64 2026-06-03 19:49:17 -05:00
Calendar shows Due dot on days with no bills due (e.g. Saturday 16th)
null pushed to dev at null/BillTracker 2026-05-31 19:37:11 -05:00
e4f1f58730 feat: Roadmap pulls from Forgejo issues (v0.35.1)
null pushed to dev at null/BillTracker 2026-05-31 16:09:43 -05:00
557378dab9 chore: bump to v0.35.0
null pushed to dev at null/BillTracker 2026-05-31 16:08:28 -05:00
9f27775da9 oidc error correction
null pushed to dev at null/BillTracker 2026-05-31 15:57:06 -05:00
ab93c53c82 chore: bump to v0.36.0
null closed issue null/BillTracker#80 2026-05-31 15:55:29 -05:00
MEDIUM: CSRF cookie defaults to httpOnly=false - XSS bypasses CSRF protection
null pushed to dev at null/BillTracker 2026-05-31 15:52:53 -05:00
67ce59db50 v0.35.0