Skip to content

Commit

Permalink
Merge pull request #17 from cristianlivella/develop
Browse files Browse the repository at this point in the history 
Fix cron job and vulnerabilities
  • Loading branch information
@cristianlivella
cristianlivella authored Dec 3, 2021
2 parents 6c54939 + 81192d1 commit f8f252e
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 15 deletions.
2 changes: 1 addition & 1 deletion src/app/Controllers/MainController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class MainController
public static function run() {
$reportWrapper = new ReportWrapper(file_get_contents(TRANSACTIONS_FILE));

$year = $_GET['year'] ?? DateUtils::getCurrentYear();
$year = isset($_GET['year']) ? intval($_GET['year']) : DateUtils::getCurrentYear();
$action = $_GET['action'] ?? null;
$compensateCapitalLosses = filter_var($_GET['compensate_losses'] ?? true, FILTER_VALIDATE_BOOLEAN);

Expand Down
26 changes: 13 additions & 13 deletions src/app/Controllers/WebAppController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public static function run() {
}

public static function printReport() {
$year = $_GET['year'] ?? DateUtils::getCurrentYear();
$year = self::getSelectedYear();

$settings = self::getSelectedReportSettings();
$exchangeSettings = $settings['exchanges'] ?? [];
Expand All @@ -57,7 +57,7 @@ public static function printReport() {
}

public static function printModelloRedditi() {
$year = $_GET['year'] ?? DateUtils::getCurrentYear();
$year = self::getSelectedYear();

$settings = self::getSelectedReportSettings();
$compensateCapitalLosses = $settings['compensate_losses'] ?? true;
Expand All @@ -69,7 +69,7 @@ public static function printModelloRedditi() {
}

public static function printModelloF24() {
$year = $_GET['year'] ?? DateUtils::getCurrentYear();
$year = self::getSelectedYear();

$settings = self::getSelectedReportSettings();
$compensateCapitalLosses = $settings['compensate_losses'] ?? true;
Expand Down Expand Up @@ -100,7 +100,7 @@ public static function upload() {

$reportWrapper = new ReportWrapper(AesUtils::decrypt(file_get_contents($filePath), $key));

setcookie('KEY-' . $reportId, $key, self::getCookieOptions());
self::setCookie('KEY-' . $reportId, $key);

header('Content-type: application/json');
echo json_encode(['report_id' => $reportId] + $reportWrapper->getSummary(true));
Expand All @@ -122,12 +122,16 @@ public static function setSettings() {
$settings['compensate_losses'] = filter_var($_POST['compensate_losses'] ?? true, FILTER_VALIDATE_BOOLEAN);
}

setcookie('SETTINGS-' . $reportId, base64_encode(json_encode($settings)), self::getCookieOptions());
self::setCookie('SETTINGS-' . $reportId, base64_encode(json_encode($settings)));
}

private static function getSelectedYear() {
return isset($_GET['year']) ? intval($_GET['year']) : DateUtils::getCurrentYear();
}

private static function getSelectedReportContent() {
$reportId = self::getSelectedReportId();
$filePath = dirname(__FILE__) . '/../../tmp/' . $reportId;
$filePath = dirname(__FILE__) . '/../../tmp/' . basename($reportId);

if (strlen($reportId) !== 32 || !file_exists($filePath)) {
throw new NotFoundException('report');
Expand All @@ -140,7 +144,7 @@ private static function getSelectedReportContent() {
private static function getSelectedReportSettings() {
$reportId = self::getSelectedReportId();

$filePath = dirname(__FILE__) . '/../../tmp/' . $reportId;
$filePath = dirname(__FILE__) . '/../../tmp/' . basename($reportId);

if (strlen($reportId) !== 32 || !file_exists($filePath)) {
throw new NotFoundException('report');
Expand All @@ -153,11 +157,7 @@ private static function getSelectedReportId() {
return $_GET['id'] ?? $_POST['id'] ?? null;
}

private static function getCookieOptions() {
return [
'expires' => time() + 60 * 60 * 12,
'secure' => true,
'httponly' => true
];
private static function setCookie($name, $value) {
setcookie($name, $value, time() + 60 * 60 * 12, '', '', true, true);
}
}
2 changes: 1 addition & 1 deletion src/app/Utils/AesUtils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ class AesUtils

public static function encrypt($plain, $key) {
$key = hex2bin($key);
$iv = hex2bin(md5(microtime() . random_int(PHP_INT_MIN, PHP_INT_MAX)));
$iv = random_bytes(16);
$data = openssl_encrypt($plain, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($iv . $data);
}
Expand Down
8 changes: 8 additions & 0 deletions src/cron.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
require_once __DIR__ . '/vendor/autoload.php';

use CrypTax\Utils\CryptoInfoUtils;
use CrypTax\Utils\DateUtils;
use CrypTax\Utils\DbUtils;

if (PHP_SAPI !== 'cli' || isset($_SERVER['HTTP_USER_AGENT'])) {
Expand Down Expand Up @@ -34,3 +35,10 @@
while ($resultArray = $result->fetch_assoc()) {
CryptoInfoUtils::getCryptoPrice($resultArray['ticker'], $resultArray['date']);
}

// get most recent prices
$result = DbUtils::getConnection()->query('SELECT DISTINCT(ticker) FROM cache WHERE 1');

while ($resultArray = $result->fetch_assoc()) {
CryptoInfoUtils::getCryptoPrice($resultArray['ticker'], DateUtils::getToday());
}

0 comments on commit f8f252e

Please sign in to comment.