Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #20: DDL removal from register.php, CORS policy, secret leak

Browse Source 
- Removed ALTER TABLE DDL statements from Admin/auth/register.php (belongs in migration scripts)
- Added validated CORS with configurable allowed origins via CORS_ALLOWED_ORIGINS env var
- Removed  assignment in load_env.php (secrets no longer exposed in superglobal)
This commit is contained in:
Hamza-Ayed
2026-06-17 07:51:01 +03:00
parent 2d607d9e90
commit 50a5308f43
3 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/load_env.php
View File

@@ -15,7 +15,6 @@ function loadEnvironment($env_file) {
$value = trim($value, "\"'");
putenv("$keyName=$value");
$_ENV[$keyName] = $value;
$_SERVER[$keyName] = $value;
}
}