Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): fix host header injection in upload_audio, email header injection, add SSL verify to MTN curl

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:57:56 +03:00
parent 75aeb73f27
commit 70c06edd71
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/upload_audio.php
View File

@@ -58,10 +58,9 @@ try {
exit; exit;
} }
// Construct the link dynamically // Construct the link (domain from env, not from Host header)
$host = $_SERVER['HTTP_HOST'] ?? 'api.siromove.com'; $appDomain = getenv('APP_DOMAIN') ?: 'api.siromove.com';
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http"; $linkAudio = "https://$appDomain/siro/upload_audio/" . $new_filename;
$linkAudio = "$protocol://$host/siro/upload_audio/" . $new_filename;
uploadLog("Audio uploaded successfully: $linkAudio", 'INFO'); uploadLog("Audio uploaded successfully: $linkAudio", 'INFO');
echo json_encode(array('status' => 'Audio file uploaded successfully.', 'link' => $linkAudio)); echo json_encode(array('status' => 'Audio file uploaded successfully.', 'link' => $linkAudio));

2
walletintaleq.intaleq.xyz/v2/main/functions.php
View File

@@ -278,6 +278,8 @@ function result($count)
function sendEmail($from,$to, $title, $body) function sendEmail($from,$to, $title, $body)
{ {
// Sanitize $from to prevent email header injection
$from = str_replace(["\r", "\n", "\r\n"], '', $from);
$header = "From: $from" . "\n" . "CC: $from"; $header = "From: $from" . "\n" . "CC: $from";
mail($to, $title, $body, $header); mail($to, $title, $body, $header);
} }

2
walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
View File

@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
CURLOPT_POST => true, CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $body, CURLOPT_POSTFIELDS => $body,
CURLOPT_RETURNTRANSFER => true, CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_HTTPHEADER => [ CURLOPT_HTTPHEADER => [
"Content-Type: application/json", "Content-Type: application/json",
"Request-Name: pos_web/payment_phone/initiate", "Request-Name: pos_web/payment_phone/initiate",

2
walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
View File

@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
CURLOPT_POST => true, CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $body, CURLOPT_POSTFIELDS => $body,
CURLOPT_RETURNTRANSFER => true, CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_HTTPHEADER => [ CURLOPT_HTTPHEADER => [
"Content-Type: application/json", "Content-Type: application/json",
"Request-Name: pos_web/payment_phone/initiate", "Request-Name: pos_web/payment_phone/initiate",