ogt
f59b23f969
security: P0 修復 S1-S5 — 移除所有硬編碼密碼與 SQL Injection 漏洞
S1: config.py — LOGIN_PASSWORD 移除硬編碼預設值 0936223270,改 fail-fast
S2: config.py — SECRET_KEY 移除弱預設值,無值或預設值時 sys.exit(1)
S3: services/user_service.py — create_initial_admin 改讀 INITIAL_ADMIN_PASSWORD env
S4: app.py — 匯入流程 table_name 正規表達式白名單驗證,date_list 格式驗證
S5: database/manager.py — ALLOWED_SALES_TABLES frozenset 白名單,日期改參數化查詢
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 20:34:15 +08:00
..
2026-04-19 01:21:13 +08:00
2026-04-19 13:26:51 +08:00
2026-04-19 01:21:13 +08:00
2026-04-25 10:12:20 +08:00
2026-04-25 03:30:14 +08:00
2026-04-25 03:30:14 +08:00
2026-04-22 01:12:23 +08:00
2026-04-19 01:21:13 +08:00
2026-04-21 15:17:48 +08:00
2026-04-25 03:30:14 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-22 01:12:23 +08:00
2026-04-19 01:21:13 +08:00
2026-04-21 13:03:49 +08:00
2026-04-20 04:28:26 +08:00
2026-04-25 10:31:00 +08:00
2026-04-25 03:30:14 +08:00
2026-04-20 04:28:26 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-27 19:46:04 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-21 12:50:35 +08:00
2026-04-25 01:42:40 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-27 19:46:04 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 02:03:45 +08:00
2026-04-22 01:12:23 +08:00
2026-04-25 11:03:11 +08:00
2026-04-19 01:21:13 +08:00
2026-04-20 06:09:33 +08:00
2026-04-19 01:21:13 +08:00
2026-04-22 01:12:23 +08:00
2026-04-20 20:26:47 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-25 09:41:55 +08:00
2026-04-27 19:47:49 +08:00
2026-04-25 01:42:58 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 01:21:13 +08:00
2026-04-27 20:34:15 +08:00
2026-04-19 01:21:13 +08:00
2026-04-19 20:43:53 +08:00