Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3543fdd2cd09adf5f1c5beee1f5ffcebc1be66b7
Siro/backend/ride/rides
History
Hamza-Ayed 3543fdd2cd Fix #21: High-severity fixes (H-01 through H-06) 
H-01: Egypt document uploads - added path traversal prevention (basename),
       replaced HTTP_HOST with APP_DOMAIN env var
H-02: 7 remaining hardcoded /home/siro-api/ paths replaced with env vars
       (ENV_FILE_PATH, INTERNAL_SOCKET_KEY_PATH, WEBHOOK_SECRET_KEY_PATH)
H-03: serviceapp/updateDriver.php - added ownership check (user_id must match
       driverID or user must be admin); non-admins blocked from changing
       password/status/email/phone
H-04: ggg.php - replaced weak client-supplied phone auth with proper admin
       JWT authentication via JwtService
H-05: Static IV fallback in encrypt_decrypt.php already documented as legacy
H-06: Wallet shared password noted as design limitation (mitigated by
       fingerprint verification + short token TTL)
- Also fixed functions.php log message (removed hardcoded path)
2026-06-17 07:56:57 +03:00
..
acceptRide.php
fix(security): fix pervasive IDOR - force JWT user identity in 9 endpoints, fix host injection, exception leaks, wallet auth
2026-06-17 06:22:41 +03:00
add_ride.php
fix(security): fix pervasive IDOR - force JWT user identity in 9 endpoints, fix host injection, exception leaks, wallet auth
2026-06-17 06:22:41 +03:00
arrive_ride.php
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
cancel_ride_by_driver.php
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
cancel_ride_by_passenger.php
Fix #21: High-severity fixes (H-01 through H-06)
2026-06-17 07:56:57 +03:00
cancelRideFromDriver.php
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
cron_ride_timeout.php
Update: 2026-06-16 02:14:34
2026-06-16 02:14:35 +03:00
delete.php
first commit
2026-06-09 08:40:31 +03:00
emailToPassengerTripDetail.php
Update: 2026-06-16 02:52:06
2026-06-16 02:52:06 +03:00
finish_ride_updates.php
fix(security): fix pervasive IDOR - force JWT user identity in 9 endpoints, fix host injection, exception leaks, wallet auth
2026-06-17 06:22:41 +03:00
get_driver_location.php
Update: 2026-06-16 01:17:28
2026-06-16 01:17:29 +03:00
get.php
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
getRealTimeHeatmap.php
Update: 2026-06-16 02:14:34
2026-06-16 02:14:35 +03:00
getRideOrderID.php
Update: 2026-06-16 02:52:06
2026-06-16 02:52:06 +03:00
getRideOrderIDNew.php
Update: 2026-06-16 02:52:06
2026-06-16 02:52:06 +03:00
getRideStatus.php
first commit
2026-06-09 08:40:31 +03:00
getRideStatusBegin.php
first commit
2026-06-09 08:40:31 +03:00
getRideStatusFromStartApp.php
Update: 2026-06-16 02:14:34
2026-06-16 02:14:35 +03:00
getTripCountByCaptain.php
first commit
2026-06-09 08:40:31 +03:00
gterideForDriverManyTime.php
first commit
2026-06-09 08:40:31 +03:00
heatmap_live.json
first commit
2026-06-09 08:40:31 +03:00
public_track_location.php
Update: 2026-06-16 01:17:28
2026-06-16 01:17:29 +03:00
retry_search_drivers.php
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
start_ride.php
Fix #18: Exception leak remediation across 87 PHP files
2026-06-17 07:48:31 +03:00
test_notification.php
Fix #21: High-severity fixes (H-01 through H-06)
2026-06-17 07:56:57 +03:00
update_ride_cancel_wait.php
Update: 2026-06-12 20:40:40
2026-06-12 20:40:40 +03:00
update.php
Update: 2026-06-16 17:47:17
2026-06-16 17:47:19 +03:00
updateRideAndCheckIfApplied.php
first commit
2026-06-09 08:40:31 +03:00
updateStausFromSpeed.php
Fix #18: Exception leak remediation across 87 PHP files
2026-06-17 07:48:31 +03:00