zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-14 06:45:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Small security fixes, not urgent

Browse source
This commit is contained in:
Pinga 2025-02-24 15:54:37 +02:00
parent d54c6f8f52
commit 0a0d30d5a0
5 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cp/app/Lib/Logger.php
View file

@ -74,6 +74,8 @@ class Logger extends \Monolog\Logger
try { try {
$mail = new PHPMailer(true); $mail = new PHPMailer(true);
$mail->isSMTP(); $mail->isSMTP();
$mailToAddress = $_ENV['MAIL_TO_ADDRESS'] ?? null;
$mail->Host = $_ENV['MAIL_HOST']; $mail->Host = $_ENV['MAIL_HOST'];
$mail->SMTPAuth = true; $mail->SMTPAuth = true;
$mail->Username = $_ENV['MAIL_USERNAME']; $mail->Username = $_ENV['MAIL_USERNAME'];
@ -81,7 +83,11 @@ class Logger extends \Monolog\Logger
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $_ENV['MAIL_PORT']; $mail->Port = $_ENV['MAIL_PORT'];
$mail->setFrom($_ENV['MAIL_FROM_ADDRESS'], $_ENV['MAIL_FROM_NAME']); $mail->setFrom($_ENV['MAIL_FROM_ADDRESS'], $_ENV['MAIL_FROM_NAME']);
$mail->addAddress($_ENV['MAIL_TO_ADDRESS']); // Send to admin email if (!$mailToAddress) {
error_log("MAIL_TO_ADDRESS is missing, skipping recipient.");
} else {
$mail->addAddress($mailToAddress);
}
// Attach PHPMailer to Monolog // Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail); $mailerHandler = new PHPMailerHandler($mail);

1
cp/env-sample
View file

@ -24,6 +24,7 @@ MAIL_USERNAME=username
MAIL_PASSWORD=password MAIL_PASSWORD=password
MAIL_ENCRYPTION=tls MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS='example@domain.com' MAIL_FROM_ADDRESS='example@domain.com'
MAIL_TO_ADDRESS='example@domain.com'
MAIL_FROM_NAME='Example' MAIL_FROM_NAME='Example'
MAIL_API_KEY='test-api-key' MAIL_API_KEY='test-api-key'
MAIL_API_PROVIDER='sendgrid' MAIL_API_PROVIDER='sendgrid'

4
das/helpers.php
View file

@ -77,8 +77,8 @@ function setupLogger($logFilePath, $channelName = 'app') {
} }
function isIpWhitelisted($ip, $pdo) { function isIpWhitelisted($ip, $pdo) {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = ?"); $stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = :ip");
$stmt->execute([$ip]); $stmt->execute(['ip' => $ip]);
$count = $stmt->fetchColumn(); $count = $stmt->fetchColumn();
return $count > 0; return $count > 0;
} }

4
rdap/helpers.php
View file

@ -137,8 +137,8 @@ function mapContactToVCard($contactDetails, $role, $c) {
} }
function isIpWhitelisted($ip, $pdo) { function isIpWhitelisted($ip, $pdo) {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = ?"); $stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = :ip");
$stmt->execute([$ip]); $stmt->execute(['ip' => $ip]);
$count = $stmt->fetchColumn(); $count = $stmt->fetchColumn();
return $count > 0; return $count > 0;
} }

4
whois/port43/helpers.php
View file

@ -89,8 +89,8 @@ function parseQuery($data) {
} }
function isIpWhitelisted($ip, $pdo) { function isIpWhitelisted($ip, $pdo) {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = ?"); $stmt = $pdo->prepare("SELECT COUNT(*) FROM registrar_whitelist WHERE addr = :ip");
$stmt->execute([$ip]); $stmt->execute(['ip' => $ip]);
$count = $stmt->fetchColumn(); $count = $stmt->fetchColumn();
return $count > 0; return $count > 0;
} }