pgplex · tianzhou · Jun 26, 2026 · Jun 26, 2026 · Jun 26, 2026 · Jun 26, 2026
diff --git a/server/services/query-service.ts b/server/services/query-service.ts
@@ -1223,7 +1223,7 @@ export const queryServiceHandlers: ServiceImpl<typeof QueryService> = {
     requirePermission(user, req.connectionId, 'admin', 'view audit log');
     getConnectionDetails(req.connectionId);
 
-    const limit = req.limit > 0 ? Math.min(req.limit, 500) : 100;
+    const limit = req.limit > 0 ? Math.min(req.limit, 1000) : 100;
     const entries = listAuditEvents(req.connectionId, limit).map(toAuditLogEntry);
 
     return { entries };
@@ -1241,7 +1241,7 @@ export const queryServiceHandlers: ServiceImpl<typeof QueryService> = {
       throw new ConnectError("Permission denied: viewing the system audit log requires instance owner", Code.PermissionDenied);
     }
 
-    const limit = req.limit > 0 ? Math.min(req.limit, 500) : 100;
+    const limit = req.limit > 0 ? Math.min(req.limit, 1000) : 100;
     const entries = listSystemAuditEvents(limit).map(toAuditLogEntry);
 
     return { entries };

diff --git a/src/hooks/useQuery.ts b/src/hooks/useQuery.ts
@@ -328,11 +328,13 @@ export function useTerminateProcess() {
   });
 }
 
+const AUDIT_LOG_LIMIT = 1000;
+
 export function useAuditLogEntries(connectionId: string, enabled = true) {
   return useQuery({
     queryKey: queryKeys.auditLog(connectionId),
     queryFn: async () => {
-      const response = await queryClient.getAuditLogEntries({ connectionId, limit: 100 });
+      const response = await queryClient.getAuditLogEntries({ connectionId, limit: AUDIT_LOG_LIMIT });
       return response.entries;
     },
     enabled: enabled && !!connectionId,
@@ -346,7 +348,7 @@ export function useSystemAuditLogEntries(enabled = true) {
   return useQuery({
     queryKey: queryKeys.systemAuditLog(),
     queryFn: async () => {
-      const response = await queryClient.getSystemAuditLogEntries({ limit: 100 });
+      const response = await queryClient.getSystemAuditLogEntries({ limit: AUDIT_LOG_LIMIT });
       return response.entries;
     },
     enabled,

diff --git a/src/lib/export-csv.ts b/src/lib/export-csv.ts
@@ -1,15 +1,23 @@
 import Papa from 'papaparse'
 import type { ColumnMetadata } from '@/components/sql-editor/hooks/useEditorTabs'
 
+function sanitizeCsvString(value: string): string {
+  return /^[\s]*[=+\-@\t\r]/.test(value) ? `'${value}` : value
+}
+
+function sanitizeCsvCell(value: unknown): unknown {
+  return typeof value === 'string' ? sanitizeCsvString(value) : value
+}
+
 export function exportToCsv(
-  columns: ColumnMetadata[],
+  columns: Array<Pick<ColumnMetadata, 'name'>>,
   rows: Record<string, unknown>[],
   filename: string
 ) {
   const columnNames = columns.map((col) => col.name)
   const csv = Papa.unparse({
-    fields: columnNames,
-    data: rows.map((row) => columnNames.map((name) => row[name])),
+    fields: columnNames.map((name) => sanitizeCsvString(name)),
+    data: rows.map((row) => columnNames.map((name) => sanitizeCsvCell(row[name]))),
   })
 
   const blob = new Blob([csv], { type: 'text/csv;charset=utf-8;' })