fix(update-banner): address review findings — lock, returncode checks, update_available logic, a11y, button state

- Add _update_check_lock (threading.Lock) around all reads/writes to _update_check_cache in check_for_update() and git_pull, preventing races on concurrent requests - Validate returncode for git fetch, rev-parse HEAD, and rev-parse origin/main; raise RuntimeError on failure so errors are caught and returned as error payloads instead of silently producing stale/empty SHAs - Set update_available = commits_behind > 0 (was unconditionally True when local_sha != remote_sha); prevents false positive when local is ahead of remote - Add type="button" and aria-label="Dismiss update" to the icon-only dismiss button - Restore btn.innerHTML and btn.disabled in both success and error paths of applyUpdate(); only hide the banner and clear sessionStorage when data.status === 'success' Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-30 20:43:00 +00:00 · 2026-04-29 19:15:52 -04:00
parent 3ad331efce
commit 96edce3a3c
2 changed files with 39 additions and 19 deletions
--- a/web_interface/templates/v3/base.html
+++ b/web_interface/templates/v3/base.html
@@ -948,9 +948,9 @@
                                   update-banner-action transition-colors duration-150">
                        <i class="fas fa-download mr-1"></i> Update Now
                    </button>
-                    <button onclick="dismissUpdateBanner()"
+                    <button type="button" onclick="dismissUpdateBanner()"
                            class="update-banner-dismiss rounded p-1 transition-colors duration-150"
-                            title="Dismiss">
+                            title="Dismiss" aria-label="Dismiss update">
                        <i class="fas fa-times text-sm"></i>
                    </button>
                </div>
@@ -4947,6 +4947,7 @@

    window.applyUpdate = function() {
        var btn = document.getElementById('update-banner-btn');
+        var originalHTML = '<i class="fas fa-download mr-1"></i> Update Now';
        btn.innerHTML = '<i class="fas fa-spinner fa-spin mr-1"></i> Updating...';
        btn.disabled = true;
        fetch('/api/v3/system/action', {
@@ -4956,14 +4957,18 @@
        })
        .then(function(r) { return r.json(); })
        .then(function(data) {
-            document.getElementById('update-banner').style.display = 'none';
+            btn.innerHTML = originalHTML;
+            btn.disabled = false;
+            if (data.status === 'success') {
+                document.getElementById('update-banner').style.display = 'none';
+                try { sessionStorage.removeItem('update-dismissed'); } catch(e) {}
+            }
            if (typeof showNotification === 'function') {
                showNotification(data.message || 'Update complete', data.status || 'success');
            }
-            try { sessionStorage.removeItem('update-dismissed'); } catch(e) {}
        })
        .catch(function() {
-            btn.innerHTML = '<i class="fas fa-download mr-1"></i> Update Now';
+            btn.innerHTML = originalHTML;
            btn.disabled = false;
            if (typeof showNotification === 'function') {
                showNotification('Update failed — check your connection', 'error');