GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix code review issues

Browse source 
- Remove unnecessary mysqli_real_escape_string calls on prepared statement params
- Add validation for strtotime to handle invalid dates gracefully

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-10-29 02:21:33 +00:00
parent 4397e67ccb
commit a16dfcd15f
2 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/billing/create_servers.php
View file

@ -303,7 +303,11 @@ function exec_ogp_module()
}
else{
//this is a renewel, start from end of previous order
$end_date = strtotime('+'.$order['qty'].' day',strtotime($order['end_date']));
$current_end = strtotime($order['end_date']);
if ($current_end === false) {
$current_end = time(); // fallback to now if date is invalid
}
$end_date = strtotime('+'.$order['qty'].' day', $current_end);
}
}
@ -316,7 +320,11 @@ function exec_ogp_module()
}
else{
//this is a renewel, start from end of previous order
$end_date = strtotime('+'.$order['qty'].' month',strtotime($order['end_date']));
$current_end = strtotime($order['end_date']);
if ($current_end === false) {
$current_end = time(); // fallback to now if date is invalid
}
$end_date = strtotime('+'.$order['qty'].' month', $current_end);
}
}
elseif ($order['invoice_duration'] == "year")
@ -327,7 +335,11 @@ function exec_ogp_module()
}
else{
//this is a renewel, start from end of previous order
$end_date = strtotime('+'.$order['qty'].' year',strtotime($order['end_date']));
$current_end = strtotime($order['end_date']);
if ($current_end === false) {
$current_end = time(); // fallback to now if date is invalid
}
$end_date = strtotime('+'.$order['qty'].' year', $current_end);
}

6
modules/billing/renew_server.php
View file

@ -128,11 +128,11 @@ if ($service_stmt) {
// Create invoice for renewal
$qty = 1;
$price_formatted = number_format($price_val, 2, '.', '');
$home_name = mysqli_real_escape_string($db, $order['home_name'] ?? 'Server Renewal');
$home_name = $order['home_name'] ?? 'Server Renewal';
$ip = intval($order['ip'] ?? 0);
$max_players = intval($order['max_players'] ?? 0);
$rcon_pw = mysqli_real_escape_string($db, $order['remote_control_password'] ?? '');
$ftp_pw = mysqli_real_escape_string($db, $order['ftp_password'] ?? '');
$rcon_pw = $order['remote_control_password'] ?? '';
$ftp_pw = $order['ftp_password'] ?? '';
$description = "Renewal: " . $service_name . " - " . $home_name . " (" . $duration . ")";
$now = date('Y-m-d H:i:s');
$due_date = date('Y-m-d H:i:s', strtotime('+7 days')); // Due in 7 days