fix(security): fix host header injection in upload_audio, email header injection, add SSL verify to MTN curl

walletintaleq.intaleq.xyz/v2/main/functions.php

@@ -278,6 +278,8 @@ function result($count)
 
 function sendEmail($from,$to, $title, $body)
 {
+    // Sanitize $from to prevent email header injection
+    $from = str_replace(["\r", "\n", "\r\n"], '', $from);
     $header = "From: $from" . "\n" . "CC: $from";
     mail($to, $title, $body, $header);
 }

walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php

@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
     CURLOPT_POST           => true,
     CURLOPT_POSTFIELDS     => $body,
     CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_SSL_VERIFYPEER => true,
+    CURLOPT_SSL_VERIFYHOST => 2,
     CURLOPT_HTTPHEADER     => [
         "Content-Type: application/json",
         "Request-Name: pos_web/payment_phone/initiate",

walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php

@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
     CURLOPT_POST           => true,
     CURLOPT_POSTFIELDS     => $body,
     CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_SSL_VERIFYPEER => true,
+    CURLOPT_SSL_VERIFYHOST => 2,
     CURLOPT_HTTPHEADER     => [
         "Content-Type: application/json",
         "Request-Name: pos_web/payment_phone/initiate",