Small security fixes, not urgent

This commit is contained in:
Pinga 2025-02-24 15:54:37 +02:00
parent d54c6f8f52
commit 0a0d30d5a0
5 changed files with 14 additions and 7 deletions

View file

@ -74,6 +74,8 @@ class Logger extends \Monolog\Logger
try {
$mail = new PHPMailer(true);
$mail->isSMTP();
$mailToAddress = $_ENV['MAIL_TO_ADDRESS'] ?? null;
$mail->Host = $_ENV['MAIL_HOST'];
$mail->SMTPAuth = true;
$mail->Username = $_ENV['MAIL_USERNAME'];
@ -81,7 +83,11 @@ class Logger extends \Monolog\Logger
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $_ENV['MAIL_PORT'];
$mail->setFrom($_ENV['MAIL_FROM_ADDRESS'], $_ENV['MAIL_FROM_NAME']);
$mail->addAddress($_ENV['MAIL_TO_ADDRESS']); // Send to admin email
if (!$mailToAddress) {
error_log("MAIL_TO_ADDRESS is missing, skipping recipient.");
} else {
$mail->addAddress($mailToAddress);
}
// Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail);

View file

@ -24,6 +24,7 @@ MAIL_USERNAME=username
MAIL_PASSWORD=password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS='example@domain.com'
MAIL_TO_ADDRESS='example@domain.com'
MAIL_FROM_NAME='Example'
MAIL_API_KEY='test-api-key'
MAIL_API_PROVIDER='sendgrid'

View file

@ -77,8 +77,8 @@ function setupLogger($logFilePath, $channelName = 'app') {
}
function isIpWhitelisted($ip, $pdo) {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = ?");
$stmt->execute([$ip]);
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = :ip");
$stmt->execute(['ip' => $ip]);
$count = $stmt->fetchColumn();
return $count > 0;
}

View file

@ -137,8 +137,8 @@ function mapContactToVCard($contactDetails, $role, $c) {
}
function isIpWhitelisted($ip, $pdo) {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = ?");
$stmt->execute([$ip]);
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = :ip");
$stmt->execute(['ip' => $ip]);
$count = $stmt->fetchColumn();
return $count > 0;
}

View file

@ -89,8 +89,8 @@ function parseQuery($data) {
}
function isIpWhitelisted($ip, $pdo) {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = ?");
$stmt->execute([$ip]);
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = :ip");
$stmt->execute(['ip' => $ip]);
$count = $stmt->fetchColumn();
return $count > 0;
}