Enhance VirtFusion WHMCS module with security fixes, new features, and improved UX
Security improvements: - Enable SSL/TLS certificate verification by default (was disabled, MITM risk) - Remove error_reporting(0) that silenced all errors - Add input sanitization on all user parameters (int casting, regex filtering) - Return proper HTTP status codes (401, 403, 400, 500) instead of always 200 - Add XSS protection with htmlspecialchars and encodeURIComponent - Add null checks on API response data before property access New features: - Power management: boot, shutdown, restart, and force power off controls - Server rebuild: reinstall with any available OS template from client area - Server rename: change server display name via PATCH API - OS template fetching: client-side endpoint for rebuild OS selection - TestConnection: validate API credentials from WHMCS server settings - ServiceSingleSignOn: native WHMCS SSO integration for VirtFusion panel - Server status badge: visual indicator of server state in overview - Traffic usage display: show bandwidth used vs allocated - Checkout validation: ShoppingCartValidateCheckout hook ensures OS selection Ordering process improvements: - Add default "Select Operating System" placeholder option - Add "No SSH Key (Optional)" default for SSH dropdown - Hide SSH key field/container when no keys available - Wrap hook in try/catch to prevent checkout page breakage - Sanitize template names with htmlspecialchars - Use JSON_HEX_* flags for safe script injection Theme compatibility: - Properly formatted Smarty templates with readable indentation - Dual panel/card CSS classes for Bootstrap 3/4/5 compatibility - Responsive power button layout with mobile breakpoint - Framework-agnostic HTML that works with Six, Twenty-One, Lagom, and custom themes - Suspended service state messaging Code quality: - Readable, unminified JavaScript with JSDoc header - Structured CSS with logical section organization - Improved error messages throughout all provisioning functions - Added PATCH method support to Curl wrapper - Added curl error capture on connection failures - Added connection and request timeouts (10s/30s) - Fixed memory conversion to check key name instead of display name Documentation: - Complete README rewrite with installation, configuration, and troubleshooting guides - API endpoint reference table - Configurable options mapping documentation - Theme override instructions - Security considerations section https://claude.ai/code/session_01TCsJ4WZCGuEX3zqh1tQ2zx
This commit is contained in:
Claude
@@ -8,12 +8,14 @@ class Curl
|
||||
private $data;
|
||||
private $customOptions = [];
|
||||
private $defaultOptions = [
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_SSL_VERIFYHOST => false,
|
||||
CURLOPT_SSL_VERIFYPEER => true,
|
||||
CURLOPT_SSL_VERIFYHOST => 2,
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_USERAGENT => 'CURL',
|
||||
CURLOPT_USERAGENT => 'VirtFusion-WHMCS/2.0',
|
||||
CURLOPT_HEADER => false,
|
||||
CURLOPT_NOBODY => false,
|
||||
CURLOPT_TIMEOUT => 30,
|
||||
CURLOPT_CONNECTTIMEOUT => 10,
|
||||
];
|
||||
|
||||
|
||||
@@ -24,7 +26,7 @@ class Curl
|
||||
|
||||
public function useCookies()
|
||||
{
|
||||
$cookiesFile = tempnam('/tmp', 'virtfusion_cookies');
|
||||
$cookiesFile = tempnam(sys_get_temp_dir(), 'virtfusion_cookies');
|
||||
$this->defaultOptions[CURLOPT_COOKIEFILE] = $cookiesFile;
|
||||
$this->defaultOptions[CURLOPT_COOKIEJAR] = $cookiesFile;
|
||||
}
|
||||
@@ -57,6 +59,15 @@ class Curl
|
||||
return $this->send('PUT', $url);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param null $url
|
||||
* @return bool|string|void
|
||||
*/
|
||||
public function patch($url = null)
|
||||
{
|
||||
return $this->send('PATCH', $url);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $method
|
||||
* @param $url
|
||||
@@ -84,6 +95,12 @@ class Curl
|
||||
$response = curl_exec($this->ch);
|
||||
|
||||
$this->data['info'] = curl_getinfo($this->ch);
|
||||
|
||||
if ($response === false) {
|
||||
$this->data['info']['curl_error'] = curl_error($this->ch);
|
||||
$this->data['info']['curl_errno'] = curl_errno($this->ch);
|
||||
}
|
||||
|
||||
if (isset($this->customOptions[CURLOPT_HEADER]) && $this->customOptions[CURLOPT_HEADER]) {
|
||||
$this->data['info']['request_header'] = trim($this->data['info']['request_header']);
|
||||
$this->processHeaders($response);
|
||||
@@ -197,4 +214,4 @@ class Curl
|
||||
|
||||
return $this->data['data'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user