From 47ac10da2f5de3620274924d8283f384e49e0de8 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Sun, 26 Oct 2025 15:05:22 +0000
Subject: [PATCH] Fix security vulnerability

---
 src/pages/Index.tsx                                       | 2 +-
 src/pages/Testimonies.tsx                                 | 8 ++++----
 ...0251026150444_b0a484eb-69c3-411e-8a0f-2f997b3e639e.sql | 3 +++
 3 files changed, 8 insertions(+), 5 deletions(-)
 create mode 100644 supabase/migrations/20251026150444_b0a484eb-69c3-411e-8a0f-2f997b3e639e.sql

diff --git a/src/pages/Index.tsx b/src/pages/Index.tsx
index 5bff943..ac96824 100644
--- a/src/pages/Index.tsx
+++ b/src/pages/Index.tsx
@@ -44,7 +44,7 @@ const Index = () => {
 
   const fetchSignatureCount = async () => {
     const { count } = await supabase
-      .from('petition_signatures')
+      .from('petition_signatures_public')
       .select('*', { count: 'exact', head: true });
     
     setSignatureCount(count || 0);
diff --git a/src/pages/Testimonies.tsx b/src/pages/Testimonies.tsx
index 2c71e87..567f9ac 100644
--- a/src/pages/Testimonies.tsx
+++ b/src/pages/Testimonies.tsx
@@ -47,16 +47,16 @@ const Testimonies = () => {
 
   const fetchSignatures = async () => {
     try {
-      // Get total count
+      // Get total count from public view (emails hidden)
       const { count } = await supabase
-        .from('petition_signatures')
+        .from('petition_signatures_public')
         .select('*', { count: 'exact', head: true });
       
       setTotalCount(count || 0);
 
-      // Get signatures with comments
+      // Get signatures with comments from public view (emails hidden)
       const { data, error } = await supabase
-        .from('petition_signatures')
+        .from('petition_signatures_public')
         .select('*')
         .not('comment', 'is', null)
         .order('created_at', { ascending: false });
diff --git a/supabase/migrations/20251026150444_b0a484eb-69c3-411e-8a0f-2f997b3e639e.sql b/supabase/migrations/20251026150444_b0a484eb-69c3-411e-8a0f-2f997b3e639e.sql
new file mode 100644
index 0000000..629a4cf
--- /dev/null
+++ b/supabase/migrations/20251026150444_b0a484eb-69c3-411e-8a0f-2f997b3e639e.sql
@@ -0,0 +1,3 @@
+-- Fix the security definer view by enabling security invoker mode
+-- This ensures the view respects RLS policies of the querying user
+ALTER VIEW public.petition_signatures_public SET (security_invoker = on);
\ No newline at end of file