fix: missing authentication check (#133)

docs: add security policy
ellite · Feb 20, 2024 · b887d3a · b887d3a
1 parent 087f757
commit b887d3a
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 1 deletion.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover any security vulnerabilities in this project, please report them to the developer by emailing [wallos@henrique.pt](mailto:wallos@henrique.pt). I appreciate your help in keeping the project secure.
+
+## Supported Versions
+
+This project is currently supported with security updates for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+| main    | :white_check_mark: |
+| 1.x.x   | :x:                |
+
+## Security Measures
+
+I take security seriously and am working on ways to implement security measures to protect the project.
+
+## Reporting a Security Concern
+
+If you have any security concerns or questions regarding the security of this project, please contact the developer at [wallos@henrique.pt](mailto:wallos@henrique.pt).
+
+## Responsible Disclosure
+
+I kindly request that you follow responsible disclosure practices and give me reasonable time to address any reported vulnerabilities before making them public.
+
diff --git a/endpoints/payments/payment.php b/endpoints/payments/payment.php
@@ -17,7 +17,12 @@
 
 $paymentId = $_GET['paymentId'];
 
-$inUse = $db->querySingle('SELECT COUNT(*) as count FROM subscriptions WHERE payment_method_id=' . $paymentId) === 1;
+$stmt = $db->prepare('SELECT COUNT(*) as count FROM subscriptions WHERE payment_method_id=:paymentId');
+$stmt->bindValue(':paymentId', $paymentId, SQLITE3_INTEGER);
+$result = $stmt->execute();
+$row = $result->fetchArray();
+$inUse = $row['count'] === 1;
+
 if ($inUse) {
     die(json_encode([
         "success" => false,

diff --git a/endpoints/subscriptions/export.php b/endpoints/subscriptions/export.php
@@ -4,6 +4,13 @@
 
 session_start();
 
+if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+    die(json_encode([
+        "success" => false,
+        "message" => translate('session_expired', $i18n)
+    ]));
+}
+
 require_once '../../includes/getdbkeys.php';
 
 $query = "SELECT * FROM subscriptions";