fix(security): fix host header injection in upload_audio, email header injection, add SSL verify to MTN curl

backend/upload_audio.php

@@ -58,10 +58,9 @@ try {
         exit;
     }
 
-    // Construct the link dynamically
-    $host = $_SERVER['HTTP_HOST'] ?? 'api.siromove.com';
-    $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
-    $linkAudio = "$protocol://$host/siro/upload_audio/" . $new_filename;
+    // Construct the link (domain from env, not from Host header)
+    $appDomain = getenv('APP_DOMAIN') ?: 'api.siromove.com';
+    $linkAudio = "https://$appDomain/siro/upload_audio/" . $new_filename;
 
     uploadLog("Audio uploaded successfully: $linkAudio", 'INFO');
     echo json_encode(array('status' => 'Audio file uploaded successfully.', 'link' => $linkAudio));

walletintaleq.intaleq.xyz/v2/main/functions.php

@@ -278,6 +278,8 @@ function result($count)
 
 function sendEmail($from,$to, $title, $body)
 {
+    // Sanitize $from to prevent email header injection
+    $from = str_replace(["\r", "\n", "\r\n"], '', $from);
     $header = "From: $from" . "\n" . "CC: $from";
     mail($to, $title, $body, $header);
 }

walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php

@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
     CURLOPT_POST           => true,
     CURLOPT_POSTFIELDS     => $body,
     CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_SSL_VERIFYPEER => true,
+    CURLOPT_SSL_VERIFYHOST => 2,
     CURLOPT_HTTPHEADER     => [
         "Content-Type: application/json",
         "Request-Name: pos_web/payment_phone/initiate",

walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php

@@ -37,6 +37,8 @@ curl_setopt_array($ch, [
     CURLOPT_POST           => true,
     CURLOPT_POSTFIELDS     => $body,
     CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_SSL_VERIFYPEER => true,
+    CURLOPT_SSL_VERIFYHOST => 2,
     CURLOPT_HTTPHEADER     => [
         "Content-Type: application/json",
         "Request-Name: pos_web/payment_phone/initiate",