mirror of
https://github.com/go-vikunja/vikunja.git
synced 2026-05-08 12:57:52 -05:00
379d8a5c19
End-to-end regression test for GHSA-96q5-xm3p-7m84 / CVE-2026-35594: mints a JWT for a link share via the real helper, then deletes the share row and invokes the real ReadAllWeb handler to prove the full request path (not just the unit-tested GetLinkShareFromClaims) surfaces the revocation. Also fixes a pre-existing stale literal in the TestLinkSharing test fixture struct: linkshareRead declared Hash="test1" while the actual fixture row id=1 uses Hash="test". The old code never looked at the DB so the mismatch went unnoticed; after the fix it would cause every link-share webtest that used linkshareRead to fail hash validation.