lthn.io

History

Claude a5f28d5f6f security: fix critical + high code review findings CRITICAL: - DaemonRpc: only cache successful responses as stale fallback (not errors) - Records endpoint: replaced file_get_contents with Http::timeout(3) HIGH: - WalletRpc: removed exception message from API response (IP leak) - Ticket/session IDs: replaced MD5(predictable) with random_bytes (CSPRNG) - Race condition lock: Cache::add() atomic instead of has()+put() MEDIUM: - Block caching: getBlockByHeight cached 1hr (blocks are immutable) - Sunrise meta description: fixed Blade variable syntax Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 08:08:18 +01:00
..
ProxyController.php	security: fix critical + high code review findings	2026-04-04 08:08:18 +01:00

security: fix critical + high code review findings

CRITICAL:
- DaemonRpc: only cache successful responses as stale fallback (not errors)
- Records endpoint: replaced file_get_contents with Http::timeout(3)

HIGH:
- WalletRpc: removed exception message from API response (IP leak)
- Ticket/session IDs: replaced MD5(predictable) with random_bytes (CSPRNG)
- Race condition lock: Cache::add() atomic instead of has()+put()

MEDIUM:
- Block caching: getBlockByHeight cached 1hr (blocks are immutable)
- Sunrise meta description: fixed Blade variable syntax

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 08:08:18 +01:00

ProxyController.php

security: fix critical + high code review findings

2026-04-04 08:08:18 +01:00