Fix security vulnerability

src/pages/Index.tsx

@@ -44,7 +44,7 @@ const Index = () => {
 
   const fetchSignatureCount = async () => {
     const { count } = await supabase
-      .from('petition_signatures')
+      .from('petition_signatures_public')
       .select('*', { count: 'exact', head: true });
     
     setSignatureCount(count || 0);

src/pages/Testimonies.tsx

@@ -47,16 +47,16 @@ const Testimonies = () => {
 
   const fetchSignatures = async () => {
     try {
-      // Get total count
+      // Get total count from public view (emails hidden)
       const { count } = await supabase
-        .from('petition_signatures')
+        .from('petition_signatures_public')
         .select('*', { count: 'exact', head: true });
       
       setTotalCount(count || 0);
 
-      // Get signatures with comments
+      // Get signatures with comments from public view (emails hidden)
       const { data, error } = await supabase
-        .from('petition_signatures')
+        .from('petition_signatures_public')
         .select('*')
         .not('comment', 'is', null)
         .order('created_at', { ascending: false });

supabase/migrations/20251026150444_b0a484eb-69c3-411e-8a0f-2f997b3e639e.sql

@@ -0,0 +1,3 @@
+-- Fix the security definer view by enabling security invoker mode
+-- This ensures the view respects RLS policies of the querying user
+ALTER VIEW public.petition_signatures_public SET (security_invoker = on);