Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47 Commits 2 Branches 0 Tags
e51d266a0f054622ae6702b00edc83ecb6035ea1
Commit Graph

28 Commits

Author SHA1 Message Date
Hamza-Ayed
e51d266a0f Fix #17: SQL injection + mass data exposure (backend) 
- Fixed SQL injection in ride/license/get.php (interpolated variable → parameterized query)
- Added admin role checks to all 3 mass data endpoints (driver tokens, passenger tokens, phones+tokens)
- Added pagination (50/page) to all 4 mass data endpoints
- Fixed LIMIT to use placeholders with type binding
 2026-06-17 07:45:35 +03:00
Hamza-Ayed
1a9619f9f8 fix(security): fix login AND logic to OR, add signup input validation, separate OTP rate limit keys 2026-06-17 07:05:58 +03:00
Hamza-Ayed
70c06edd71 fix(security): fix host header injection in upload_audio, email header injection, add SSL verify to MTN curl 2026-06-17 06:57:56 +03:00
Hamza-Ayed
1d3ea597f4 fix(security): wallet balance check with FOR UPDATE, remove user-supplied ID in signup, hardcoded IP to env 2026-06-17 06:53:00 +03:00
Hamza-Ayed
3dad979eb5 fix(security): remove JWT role extraction without signature, add OTP replay protection, fix user enumeration 2026-06-17 06:45:53 +03:00
Hamza-Ayed
0ceb67ee56 fix(security): fix SQL injection in updatePaymetToPaid, OTP random_int, static IV encryption, storage mismatch 2026-06-17 06:31:13 +03:00
Hamza-Ayed
8c6dea5d96 fix(security): add auth to FCM relay, HMAC to shamcash webhook, fix jwtconnect webhook bypass 2026-06-17 06:27:07 +03:00
Hamza-Ayed
d6f29802e0 fix(security): fix pervasive IDOR - force JWT user identity in 9 endpoints, fix host injection, exception leaks, wallet auth 2026-06-17 06:22:41 +03:00
Hamza-Ayed
4a9e6b22c5 fix(security): add role checks to 7 admin endpoints, fix undefined vars in admin_update_passenger, add input validation to send_whatsapp 2026-06-17 06:19:47 +03:00
Hamza-Ayed
9bbda24d4a fix(security): add .gitignore, remove PEM keys and debug endpoints from tracking 2026-06-17 06:17:03 +03:00
Hamza-Ayed
b516fbc4ed Update: 2026-06-16 17:47:17 2026-06-16 17:47:19 +03:00
Hamza-Ayed
c0fe990ebe Update: 2026-06-16 02:52:06 2026-06-16 02:52:06 +03:00
Hamza-Ayed
2c657fa0b4 Update: 2026-06-16 02:14:34 2026-06-16 02:14:35 +03:00
Hamza-Ayed
fc58529b09 Update: 2026-06-16 01:17:28 2026-06-16 01:17:29 +03:00
Hamza-Ayed
04943e3d52 Update: 2026-06-15 19:39:21 2026-06-15 19:39:21 +03:00
Hamza-Ayed
2321b78244 Update: 2026-06-15 01:37:40 2026-06-15 01:37:41 +03:00
Hamza-Ayed
f021ba5a35 Update: 2026-06-14 22:10:07 2026-06-14 22:10:08 +03:00
Hamza-Ayed
55970712cc Update: 2026-06-13 15:43:50 2026-06-13 15:43:50 +03:00
Hamza-Ayed
0ae368dbc8 Update: 2026-06-12 22:40:40 2026-06-12 22:40:40 +03:00
Hamza-Ayed
f907212c57 Update: 2026-06-12 20:40:40 2026-06-12 20:40:40 +03:00
Hamza-Ayed
ef6b52d2e3 Update: 2026-06-12 01:23:54 2026-06-12 01:23:54 +03:00
Hamza-Ayed
7049c7468c Update: 2026-06-11 21:53:27 2026-06-11 21:53:27 +03:00
Hamza-Ayed
b87477bec4 Update: 2026-06-11 19:26:42 2026-06-11 19:26:42 +03:00
Hamza-Ayed
727068b668 Update: 2026-06-11 18:22:57 2026-06-11 18:22:59 +03:00
Hamza-Ayed
c5170a88d2 Update: 2026-06-11 13:47:39 2026-06-11 13:47:40 +03:00
Hamza-Ayed
977adfe99d Update: 2026-06-10 18:11:50 2026-06-10 18:11:50 +03:00
Hamza-Ayed
a0473a8b0f Update: 2026-06-10 02:44:54 2026-06-10 02:44:55 +03:00
Hamza-Ayed
d8901e1a87 first commit 2026-06-09 08:40:31 +03:00