Add screenshot attachment support to Feedback/Bug system
User request: Allow screenshots to be attached to bug reports
and feature requests for better documentation and reproduction.
Database:
- New model: FeedbackAttachment (file_data BYTEA, filename, mime_type, file_size)
- Links to feedback_item_id (required) and feedback_reply_id (optional)
- Migration: auto-creates table with indexes on startup
- Cascading deletes when item or reply is deleted
Backend (routes_feedback.py):
- Helper function: _validate_image_file() for security
- Validates file type using imghdr (not just extension)
- Enforces size limit (5MB per file)
- Secure filename handling with werkzeug
- Allowed: PNG, JPG, GIF, WEBP
- Updated feedback_new: accepts multiple file uploads
- Updated feedback_reply: accepts multiple file uploads
- Updated feedback_detail: fetches attachments for item + replies
- New route: /feedback/attachment/<id> to serve images
Frontend:
- feedback_new.html: file input with multiple selection
- feedback_detail.html:
- Shows item screenshots as clickable thumbnails (max 300x200)
- Shows reply screenshots as clickable thumbnails (max 200x150)
- File upload in reply form
- All images open full-size in new tab
Security:
- Access control: only authenticated users with feedback roles
- Image type verification using imghdr (header inspection)
- File size limit enforced (5MB)
- Secure filename sanitization
- Deleted items hide their attachments (404)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Ivo Oskamp
451ce1ab22