Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): fix pervasive IDOR - force JWT user identity in 9 endpoints, fix host injection, exception leaks, wallet auth

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:22:41 +03:00
parent 4a9e6b22c5
commit d6f29802e0
9 changed files with 67 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/ride/cancelRide/add.php
View File

@@ -1,12 +1,19 @@
<?php
require_once __DIR__ . '/../../connect.php';
// استقبال المتغيرات
$driverID = filterRequest("driverID");
$passengerID = filterRequest("passengerID");
// استقبال المتغيرات — force user IDs from JWT based on role
$rideID = filterRequest("rideID");
$note = filterRequest("note");
// Force driverID/passengerID from JWT based on user role
if ($role === 'driver') {
$driverID = $user_id;
$passengerID = filterRequest("passengerID");
} else {
$passengerID = $user_id;
$driverID = filterRequest("driverID");
}
// تنفيذ الإدخال بطريقة آمنة
$sql = "INSERT INTO `canecl` (`driverID`, `passengerID`, `rideID`, `note`)
VALUES (:driverID, :passengerID, :rideID, :note)";