Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): fix openssl_sign key resource in MTN initiate, add google-services.json to gitignore

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:55:36 +03:00
parent 1d3ea597f4
commit 75aeb73f27
3 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -88,6 +88,7 @@ __pycache__/
venv/ venv/
# --- Firebase --- # --- Firebase ---
google-services.json
.google-services.json .google-services.json
GoogleService-Info.plist GoogleService-Info.plist

9
walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
View File

@@ -22,7 +22,14 @@ $body = json_encode([
], JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); ], JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
$hash = hash('sha256', $body, true); $hash = hash('sha256', $body, true);
openssl_sign($hash, $sig, $privateKeyPem, OPENSSL_ALGO_SHA256); $pkey = openssl_get_privatekey($privateKeyPem);
if (!$pkey) {
error_log("[MTN Initiate] Failed to load private key");
printFailure("Payment configuration error");
exit;
}
openssl_sign($hash, $sig, $pkey, OPENSSL_ALGO_SHA256);
openssl_free_key($pkey);
$xSignature = base64_encode($sig); $xSignature = base64_encode($sig);
$ch = curl_init("{$baseUrl}/pos_web/payment_phone/initiate"); $ch = curl_init("{$baseUrl}/pos_web/payment_phone/initiate");

9
walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
View File

@@ -22,7 +22,14 @@ $body = json_encode([
], JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); ], JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
$hash = hash('sha256', $body, true); $hash = hash('sha256', $body, true);
openssl_sign($hash, $sig, $privateKeyPem, OPENSSL_ALGO_SHA256); $pkey = openssl_get_privatekey($privateKeyPem);
if (!$pkey) {
error_log("[MTN Initiate] Failed to load private key");
printFailure("Payment configuration error");
exit;
}
openssl_sign($hash, $sig, $pkey, OPENSSL_ALGO_SHA256);
openssl_free_key($pkey);
$xSignature = base64_encode($sig); $xSignature = base64_encode($sig);
$ch = curl_init("{$baseUrl}/pos_web/payment_phone/initiate"); $ch = curl_init("{$baseUrl}/pos_web/payment_phone/initiate");