๐—•๐—ผ๐—ฟ๐—ถ๐—ป๐—ด ๐—™๐—ฒ๐—ฎ๐˜๐˜‚๐—ฟ๐—ฒ๐˜€ ๐—›๐—ถ๐—ฑ๐—ฒ ๐—•๐—ถ๐—ด ๐—•๐˜‚๐—ด๐˜€

I added a language switcher to my SaaS core. It felt boring. Most apps have one. But this tool hid two real bugs.

Both bugs lived where two systems meet.

Bug one: A security hole. I used a helper to send users back to their page. This helper trusted the browser. An attacker uses this to send users to a fake site. This is an open redirect. I fixed it by checking the URL host.

Bug two: A visual error. I used the wrong symbol for a placeholder. Laravel uses one style. Vue uses another. The app did not crash. It showed the raw code. The user saw Join :company instead of the company name.

The lesson is simple. Do not trust helpers blindly. Check your syntax when you switch tools. Boring code often holds the most risk.

This update adds:

I do not use AI translation here. AI is for user content. The core stays lean.

Source: https://dev.to/d_isaenko_dev/i-added-a-language-switcher-to-my-saas-core-and-the-boring-feature-had-two-real-bugs-1dib Optional learning community: https://github.com/dmitryisaenko/larafoundry