Hamza-Ayed
72eeb24cd7
Fix #18 : Exception leak remediation across 87 PHP files
...
- Replaced all client-facing $e->getMessage() with generic error messages
- Added error_log() with filename prefix to all catch blocks
- Covered jsonError(), echo, and json_encode() response patterns
- Also fixed 2 remaining display_errors=1 and add_invoice.php leak
- Script-assisted fix for 75 files, manual fix for 12 remaining edge cases
2026-06-17 07:48:31 +03:00
Hamza-Ayed
1a9619f9f8
fix(security): fix login AND logic to OR, add signup input validation, separate OTP rate limit keys
2026-06-17 07:05:58 +03:00
Hamza-Ayed
1d3ea597f4
fix(security): wallet balance check with FOR UPDATE, remove user-supplied ID in signup, hardcoded IP to env
2026-06-17 06:53:00 +03:00
Hamza-Ayed
3dad979eb5
fix(security): remove JWT role extraction without signature, add OTP replay protection, fix user enumeration
2026-06-17 06:45:53 +03:00
Hamza-Ayed
0ceb67ee56
fix(security): fix SQL injection in updatePaymetToPaid, OTP random_int, static IV encryption, storage mismatch
2026-06-17 06:31:13 +03:00
Hamza-Ayed
b516fbc4ed
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
Hamza-Ayed
fc58529b09
Update: 2026-06-16 01:17:28
2026-06-16 01:17:29 +03:00
Hamza-Ayed
2321b78244
Update: 2026-06-15 01:37:40
2026-06-15 01:37:41 +03:00
Hamza-Ayed
0ae368dbc8
Update: 2026-06-12 22:40:40
2026-06-12 22:40:40 +03:00
Hamza-Ayed
f907212c57
Update: 2026-06-12 20:40:40
2026-06-12 20:40:40 +03:00
Hamza-Ayed
ef6b52d2e3
Update: 2026-06-12 01:23:54
2026-06-12 01:23:54 +03:00
Hamza-Ayed
c5170a88d2
Update: 2026-06-11 13:47:39
2026-06-11 13:47:40 +03:00
Hamza-Ayed
d8901e1a87
first commit
2026-06-09 08:40:31 +03:00
