New feature #74

Scan completed

Blocking issue(s) found.

❌ Possible security or compliance issues detected. Reviewed everything up to a605adb.

The following issues were found:

SQL Injection (SQLI)
- Location: admin/security_center.php:1-50
- Score: LOW (38.0)
- Description: Potential SQL injection via unsanitized extra_where parameter used to build dynamic WHERE clause.
- Link to UI: https://dev.branch.zeropath.com/app/issues/ae1a6e29-9a4d-4117-872b-d5a90418252d

Security Overview

Detected Code Changes

Change Type	Relevant files
Enhancement	► admin/include/add_core_tabs.inc.php Add Security Center tab ► admin/include/functions.php Add Security Center to active menu ► admin/security_center.php Implement Security Center page ► admin/themes/default/template/security_center.tpl Add Security Center template ► include/constants.php Define LOGIN_ATTEMPTS_TABLE ► include/functions_user.inc.php Implement login attempt recording ► language/en_UK/admin.lang.php Add Security Center translations ► register.php Record login attempt on registration ► ws.php No description available
Configuration changes	► admin/include/functions_upgrade.php Define LOGIN_ATTEMPTS_TABLE ► install/db/182-database.php Create login_attempts table ► install/piwigo_structure-mysql.sql Add login_attempts table structure
Other	► include/functions_user.inc.php Add function to get login username ► include/functions_user.inc.php Modify log_user to record login attempts ► include/functions_user.inc.php Modify auto_login to record origin ► include/functions_user.inc.php Modify pwg_login to record login attempts ► include/functions_user.inc.php Modify auth_key_login to record login attempts ► install.php Modify install to record origin