From c777728c917fca12167d35df5c49ea2726cb6b33 Mon Sep 17 00:00:00 2001 From: Ivo Oskamp Date: Tue, 10 Feb 2026 13:51:54 +0100 Subject: [PATCH] Update changelog with comprehensive screenshot feature documentation Added detailed documentation for screenshot attachment support in Feedback system, including: - File validation using imghdr (header inspection, not just extensions) - Admin access control for deleted item attachments - Automatic CASCADE delete behavior - Enhanced admin deleted items view with permanent delete - UI improvements for deleted item display (opacity + background) - Security considerations for non-admin users Co-Authored-By: Claude Sonnet 4.5 --- docs/changelog-claude.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/changelog-claude.md b/docs/changelog-claude.md index 166002f..5ab2027 100644 --- a/docs/changelog-claude.md +++ b/docs/changelog-claude.md @@ -11,17 +11,19 @@ This file documents all changes made to this project via Claude Code. - Upload support on reply forms (attach screenshots when replying) - Inline image display on feedback detail page (thumbnails with click-to-view-full-size) - Screenshot display for both main feedback items and replies - - File validation: image type verification, size limits, secure filename handling - - New route: `/feedback/attachment/` to serve images (access-controlled) + - File validation: image type verification using imghdr (not just extension), size limits, secure filename handling + - New route: `/feedback/attachment/` to serve images (access-controlled, admins can view deleted item attachments) - Database migration: auto-creates `feedback_attachments` table with indexes on startup + - Automatic CASCADE delete: removing feedback item or reply automatically removes associated attachments - Added admin-only deleted items view and permanent delete functionality to Feedback system - "Show deleted items" checkbox on feedback list page (admin only) - - Deleted items shown with gray background and "Deleted" badge - - Permanent delete action removes item + all attachments from database (hard delete) + - Deleted items shown with reduced opacity + background color and "Deleted" badge + - Permanent delete action removes item + all attachments from database (hard delete with CASCADE) - Attachment count shown in deletion confirmation message - - Admins can view detail pages of deleted items + - Admins can view detail pages of deleted items including their screenshots - Two-stage delete: soft delete (audit trail) → permanent delete (database cleanup) - Prevents accidental permanent deletion (requires item to be soft-deleted first) + - Security: non-admin users cannot view deleted items or their attachments (404 response) ### Fixed - Fixed Autotask ticket not being automatically linked to new runs when internal ticket is resolved by implementing independent Autotask propagation strategy (now checks for most recent non-deleted and non-resolved Autotask ticket on job regardless of internal ticket status, ensuring PSA ticket reference persists across runs until explicitly resolved or deleted)