Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): add role checks to 7 admin endpoints, fix undefined vars in admin_update_passenger, add input validation to send_whatsapp

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:19:47 +03:00
parent 9bbda24d4a
commit 4a9e6b22c5
7 changed files with 81 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/Admin/AdminCaptain/get.php
View File

@@ -1,6 +1,12 @@
<?php
require_once __DIR__ . '/../../connect.php';
if ($role !== 'admin' && $role !== 'super_admin') {
http_response_code(403);
echo json_encode(['error' => 'Unauthorized: Admin access required']);
exit;
}
$sql = "SELECT
`driver`.`id`,
`driver`.`phone`,