fix(security): fix host header injection in upload_audio, email header injection, add SSL verify to MTN curl

2026-06-17 06:57:56 +03:00
parent 75aeb73f27
commit 70c06edd71
4 changed files with 9 additions and 4 deletions
--- a/walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => $body,
    CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_SSL_VERIFYPEER => true,
+    CURLOPT_SSL_VERIFYHOST => 2,
    CURLOPT_HTTPHEADER     => [
        "Content-Type: application/json",
        "Request-Name: pos_web/payment_phone/initiate",
--- a/walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => $body,
    CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_SSL_VERIFYPEER => true,
+    CURLOPT_SSL_VERIFYHOST => 2,
    CURLOPT_HTTPHEADER     => [
        "Content-Type: application/json",
        "Request-Name: pos_web/payment_phone/initiate",