GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: address code review issues - bind_param types, path ltrim, secrets sanitization

Browse source 
Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/5bfe8731-c37a-4f7b-a5c7-fbc0393ae134

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-05-06 16:46:32 +00:00 committed by GitHub
parent 0fcdda2ee3
commit 5766b86034
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/billing/api/capture_order.php
View file

@ -132,6 +132,11 @@ cap_log('CAPTURE_RESULT', ['success' => $capture['success'], 'txid' => $capture[
if (!$capture['success']) {
cap_log('CAPTURE_FAILED', $capture);
// Sanitize raw capture data before logging — never store secrets
$captureForLog = $capture;
foreach (['client_secret', 'access_token', 'refresh_token'] as $_sk) {
unset($captureForLog[$_sk]);
}
$repo->logPaypalError([
'context' => 'capture_order',
'error_code' => $capture['error'] ?? 'capture_failed',
@ -139,7 +144,7 @@ if (!$capture['success']) {
'paypal_debug_id' => $capture['debug_id'] ?? null,
'order_id' => $paypalOrderId,
'user_id' => $userId,
'raw_json' => $capture,
'raw_json' => $captureForLog,
]);
ob_clean();
echo json_encode([