Adding new rules after audit

ArniPL · Oct 19, 2022 · 08521ad · 08521ad
1 parent 9ad1d11
commit 08521ad
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 4 deletions.
diff --git a/.htaccess b/.htaccess
@@ -0,0 +1,12 @@
+<FilesMatch "^\.env">
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order deny,allow
+        Deny from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all denied
+    </IfModule>
+</FilesMatch>
diff --git a/classes/.htaccess b/classes/.htaccess
@@ -0,0 +1,10 @@
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
diff --git a/config/.htaccess b/config/.htaccess
@@ -0,0 +1,10 @@
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
diff --git a/controllers/.htaccess b/controllers/.htaccess
@@ -0,0 +1,10 @@
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
diff --git a/src/.htaccess b/src/.htaccess
@@ -0,0 +1,10 @@
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
diff --git a/src/OrderStates.php b/src/OrderStates.php
@@ -157,8 +157,8 @@ private function stateLangAlreadyExists($orderStateId, $langId)
             'SELECT id_order_state
             FROM  `' . _DB_PREFIX_ . self::ORDER_STATE_LANG_TABLE . '`
             WHERE
-                id_order_state = ' . $orderStateId . '
-                AND id_lang = ' . $langId
+                id_order_state = ' . (int) $orderStateId . '
+                AND id_lang = ' . (int) $langId
         );
     }
 

diff --git a/src/Repository/OrderRepository.php b/src/Repository/OrderRepository.php
@@ -43,7 +43,7 @@ public function findByStates($shopId, array $idStates)
             INNER JOIN `' . _DB_PREFIX_ . 'customer` c ON (o.id_customer = c.id_customer)
             WHERE o.module = "ps_checkout"
             AND o.id_shop = ' . (int) $shopId . '
-            AND o.current_state IN (' . implode(',', array_keys($idStates)) . ')
+            AND o.current_state IN (' . implode(', ', array_map('intval', $idStates)) . ')
             ORDER BY o.date_add DESC
             LIMIT 1000
         ');

diff --git a/src/ValidateOrder.php b/src/ValidateOrder.php
@@ -199,7 +199,7 @@ public function validateOrder($payload)
                 $module->validateOrder(
                     $payload['cartId'],
                     (int) $this->getOrderState($psCheckoutCart->paypal_funding),
-                    $payload['amount'],
+                    0,
                     $fundingSourceTranslationProvider->getPaymentMethodName($psCheckoutCart->paypal_funding),
                     null,
                     [