Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: faza 1 - usuniecie debug logu tpay, naprawa SQL i usun rb.php

Browse Source 
- ShopOrderController: usunieto file_put_contents do tpay.txt (ujawnial dane platnicze)
- ShopOrderController: hardcoded sekret HotPay przeniesiony do stałej HOTPAY_HASH_SEED
- IntegrationsRepository: zastapiono raw SQL query('SELECT * FROM $table') metodą Medoo select()
- index.php + admin/index.php: usunieto RedBeanPHP (rb.php) - biblioteka byla ladowana ale nieuzywana
- libraries/rb.php: usunieto plik (536 KB, zero uzyc w kodzie aplikacji)
- Testy IntegrationsRepository zaktualizowane do nowego API (select zamiast query)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacek
2026-03-12 09:18:37 +01:00
parent f268e3b5d4
commit 167b11679d
6 changed files with 23 additions and 17546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
autoload/Domain/Integrations/IntegrationsRepository.php
View File

@@ -28,10 +28,9 @@ class IntegrationsRepository
public function getSettings( string $provider ): array
{
$table = $this->settingsTable( $provider );
$stmt = $this->db->query( "SELECT * FROM $table" );
$results = $stmt ? $stmt->fetchAll( \PDO::FETCH_ASSOC ) : [];
$rows = $this->db->select( $table, [ 'name', 'value' ] );
$settings = [];
foreach ( $results as $row )
foreach ( $rows ?: [] as $row )
$settings[$row['name']] = $row['value'];
return $settings;

6
autoload/front/Controllers/ShopOrderController.php
View File

@@ -6,6 +6,8 @@ use Domain\Order\OrderAdminService;
class ShopOrderController
{
private const HOTPAY_HASH_SEED = 'ProjectPro1916;';
private $repository;
private $adminService;
@@ -29,8 +31,6 @@ class ShopOrderController
public function paymentStatusTpay()
{
file_put_contents( 'tpay.txt', print_r( $_POST, true ) . print_r( $_GET, true ), FILE_APPEND );
if ( \Shared\Helpers\Helpers::get( 'tr_status' ) == 'TRUE' && \Shared\Helpers\Helpers::get( 'tr_crc' ) )
{
$order = $this->repository->findRawByHash( \Shared\Helpers\Helpers::get( 'tr_crc' ) );
@@ -102,7 +102,7 @@ class ShopOrderController
$summary_tmp += $order['transport_cost'];
endif;
if ( hash( "sha256", "ProjectPro1916;" . round( $summary_tmp, 2 ) . ";" . $_POST["ID_PLATNOSCI"] . ";" . $_POST["ID_ZAMOWIENIA"] . ";" . $_POST["STATUS"] . ";" . $_POST["SEKRET"] ) == $_POST["HASH"] )
if ( hash( "sha256", self::HOTPAY_HASH_SEED . round( $summary_tmp, 2 ) . ";" . $_POST["ID_PLATNOSCI"] . ";" . $_POST["ID_ZAMOWIENIA"] . ";" . $_POST["STATUS"] . ";" . $_POST["SEKRET"] ) == $_POST["HASH"] )
{
if ( $_POST["STATUS"] == "SUCCESS" )
{