TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37 Commits 12 Branches 0 Tags
1d7a50709ebbeb6cfd598c9be91da310ff9f9786
Commit Graph

5 Commits

Author SHA1 Message Date
twotalesanimation
110c853945 Refactor: Update all remaining pages to use unified header template 
- Updated 39 pages from old header01.php and header02.php includes
- All pages now use single configurable header.php with $headerStyle variable
- Light style (default): Most pages (login, register, trips, courses, etc.)
- Dark style: Coming from header01 original usage

Pages updated:
  - Admin pages: admin_*.php (10 files)
  - Booking pages: bookings.php, campsite_booking.php, etc.
  - Content pages: blog.php, blog_details.php, contact.php, events.php, etc.
  - User pages: account_settings.php, membership*.php, register.php, etc.
  - Utility pages: 404.php, payment_confirmation.php, reset_password.php, etc.

All pages now maintain single header template source - easier to update navigation, styles, and functionality across the entire site.
 2025-12-03 16:55:32 +02:00
twotalesanimation
b120415d53 Task 10: Harden file upload validation 
Enhanced validateFileUpload() function in functions.php with comprehensive security:
- Hardcoded MIME type whitelist per file type (profile_picture, proof_of_payment, document)
- Strict file size limits per type (5MB images, 10MB documents)
- Extension validation against whitelist
- Double extension prevention (e.g., shell.php.jpg)
- MIME type verification using finfo
- Image validation with getimagesize()
- is_uploaded_file() verification
- Random filename generation to prevent path traversal

Updated file upload handlers:
- upload_profile_picture.php - Profile picture uploads (JPEG, PNG, GIF, WEBP, 5MB max)
- submit_pop.php - Proof of payment uploads (PDF only, 10MB max) + CSRF validation + audit logging
- add_campsite.php - Campsite thumbnail uploads + input validation + CSRF validation + audit logging

Security improvements:
- All uploads use random filenames to prevent directory traversal
- All uploads use secure file permissions (0644)
- File validation occurs before move_uploaded_file()
- Comprehensive error logging for failed uploads
- Audit logging for successful file operations
 2025-12-03 13:30:45 +02:00
twotalesanimation
062dc46ffd small updates 2025-12-02 18:17:20 +02:00
Chris Pinto
d1dc0b4ad0 Pop submit ready 2025-06-13 10:22:14 +02:00
Chris Pinto
488e3c156d New POP Uploads 2025-05-23 14:19:25 +02:00