Events
Community events done right: a month calendar and list, rich event pages with attendee lists, going / maybe / can’t-go RSVPs with optional capacity, add-to-calendar (iCal + Google)...
Community events done right: a month calendar and list, rich event pages with attendee lists, going / maybe / can’t-go RSVPs with optional capacity, add-to-calendar (iCal + Google), and automatic reminders a day and an hour before. Header link + an upcoming-events sidebar widget.
AI security review
✓
Reviewed safe · 96/100
A well-structured first-party-style events extension using standard Laravel query builder, validation, and proper output escaping. No RCE, SQLi, SSRF, hardcoded credentials, or external exfiltration found; authorization checks are present on management actions.
- low · User-provided URL rendered in href — In detailPage(), event 'url' is htmlspecialchars-escaped and rendered with rel=noopener nofollow. It is validated as a URL on save ('url' rule), so javascript: schemes are largely blocked; minor residual trust on the link but low risk.
- low · RSVP/iCal/detail expose event data without per-event visibility checks — Routes like /events/{id}, /events/{id}.ics and upcoming API expose all events publicly. This appears intended (community calendar) and contains no sensitive data, so risk is informational.
Automated review of v2.4.1 by claude-opus-4-8 1 week ago. This is an automated signal to aid your judgment — not a guarantee.