Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): fix SQL injection in updatePaymetToPaid, OTP random_int, static IV encryption, storage mismatch

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:31:13 +03:00
parent 8c6dea5d96
commit 0ceb67ee56
7 changed files with 100 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/auth/token_passenger/verify_otp.php
View File

@@ -30,7 +30,7 @@ try {
$cachedOtp = $redis->get("otp:passenger:$phoneNumber");
if ($cachedOtp && $cachedOtp == $otp) {
if ($cachedOtp && $cachedOtp === $otp) {
// ننجح في التحقق ونحذف المفتاح من Redis لمنع استخدامه مرة أخرى (One-time use)
$redis->del("otp:passenger:$phoneNumber");