Merged
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR implements a provisional user editing feature and introduces a utility function for formatting parent names with full‐width spaces.
- Adds new formatting functions in util/format.ts.
- Introduces a user edit page with a PUT API endpoint for updating user information.
- Updates user list and CSV export components along with minor code style improvements in other pages.
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| util/format.ts | Added phone number and parent name formatting utilities |
| util/db.ts | Improved error logging with template literals |
| pages/users/[id].tsx | Introduced a new user edit page with user update functionality |
| pages/users.tsx | Updated list page to use newly provided formatting utilities |
| pages/serverinfo.tsx | Added a lint-ignore comment and refined error handling |
| pages/list.tsx | Removed duplicate formatting functions and added an edit link |
| pages/index.tsx | Added a card linking to the user details page |
| pages/api/user.ts | Added PUT endpoint for updating user data with a raw SQL query |
| components/users/DownloadCSV.tsx | Updated type imports and improved consistency in comparisons |
Comments suppressed due to low confidence (2)
pages/users/[id].tsx:96
- The query directly interpolates the id value into the SQL without quotes or parameterization, which may allow SQL injection. Consider using parameterized queries or ensuring the id is safely escaped, e.g., by wrapping it in quotes if appropriate.
const rows = await queryDb(`SELECT * FROM users WHERE id = UUID_TO_BIN(${id})`);
pages/api/user.ts:35
- Interpolating user input directly into the SQL UPDATE query risks SQL injection, and string fields are not wrapped in quotes. Using a parameterized query or proper escaping for each field would improve security and reliability.
await queryDb(`UPDATE users SET first_name = ${firstName}, last_name = ${lastName}, phone_number = ${phoneNumber} WHERE id = ${id}`);
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
手元で検証できないため一旦デプロイ