fix: address code review issues - bind_param types, path ltrim, secrets sanitization
Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/5bfe8731-c37a-4f7b-a5c7-fbc0393ae134 Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
parent
0fcdda2ee3
commit
5766b86034
3 changed files with 8 additions and 4 deletions
|
|
@ -634,8 +634,7 @@ rsort($bakFiles); // newest first
|
||||||
$diag_lv_wh_set = ($cfgVals['paypal_live_webhook_id'] ?? '') !== '';
|
$diag_lv_wh_set = ($cfgVals['paypal_live_webhook_id'] ?? '') !== '';
|
||||||
$diag_wh_path = '/' . ltrim((string)($cfgVals['paypal_webhook_path'] ?? '/paypal/webhook.php'), '/');
|
$diag_wh_path = '/' . ltrim((string)($cfgVals['paypal_webhook_path'] ?? '/paypal/webhook.php'), '/');
|
||||||
$diag_wh_full_url = $computedWebhookUrl;
|
$diag_wh_full_url = $computedWebhookUrl;
|
||||||
// Correct disk path: billing module root + separator + webhook path (no leading slash)
|
$diag_wh_file = rtrim(__DIR__, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . ltrim($diag_wh_path, '/');
|
||||||
$diag_wh_file = rtrim(__DIR__, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . ltrim($diag_wh_path, '/\\');
|
|
||||||
$diag_wh_exists = file_exists($diag_wh_file);
|
$diag_wh_exists = file_exists($diag_wh_file);
|
||||||
|
|
||||||
// Active mode credential check
|
// Active mode credential check
|
||||||
|
|
|
||||||
|
|
@ -132,6 +132,11 @@ cap_log('CAPTURE_RESULT', ['success' => $capture['success'], 'txid' => $capture[
|
||||||
|
|
||||||
if (!$capture['success']) {
|
if (!$capture['success']) {
|
||||||
cap_log('CAPTURE_FAILED', $capture);
|
cap_log('CAPTURE_FAILED', $capture);
|
||||||
|
// Sanitize raw capture data before logging — never store secrets
|
||||||
|
$captureForLog = $capture;
|
||||||
|
foreach (['client_secret', 'access_token', 'refresh_token'] as $_sk) {
|
||||||
|
unset($captureForLog[$_sk]);
|
||||||
|
}
|
||||||
$repo->logPaypalError([
|
$repo->logPaypalError([
|
||||||
'context' => 'capture_order',
|
'context' => 'capture_order',
|
||||||
'error_code' => $capture['error'] ?? 'capture_failed',
|
'error_code' => $capture['error'] ?? 'capture_failed',
|
||||||
|
|
@ -139,7 +144,7 @@ if (!$capture['success']) {
|
||||||
'paypal_debug_id' => $capture['debug_id'] ?? null,
|
'paypal_debug_id' => $capture['debug_id'] ?? null,
|
||||||
'order_id' => $paypalOrderId,
|
'order_id' => $paypalOrderId,
|
||||||
'user_id' => $userId,
|
'user_id' => $userId,
|
||||||
'raw_json' => $capture,
|
'raw_json' => $captureForLog,
|
||||||
]);
|
]);
|
||||||
ob_clean();
|
ob_clean();
|
||||||
echo json_encode([
|
echo json_encode([
|
||||||
|
|
|
||||||
|
|
@ -340,7 +340,7 @@ class BillingRepository
|
||||||
$rawJson = substr($rawJson, 0, 65536) . '…[truncated]';
|
$rawJson = substr($rawJson, 0, 65536) . '…[truncated]';
|
||||||
}
|
}
|
||||||
$stmt->bind_param(
|
$stmt->bind_param(
|
||||||
'sssssssss',
|
'ssssssiis',
|
||||||
$context, $errorCode, $message, $debugId, $orderId, $captureId,
|
$context, $errorCode, $message, $debugId, $orderId, $captureId,
|
||||||
$billingOrderId, $userId, $rawJson
|
$billingOrderId, $userId, $rawJson
|
||||||
);
|
);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue