LotusGuild/tinker_tickets
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix error message disclosure in API endpoints

Browse Source 
Replace exception getMessage() exposure with generic error messages
to prevent internal information disclosure. Errors are now logged
with full details while clients receive sanitized responses.

Affected endpoints:
- add_comment, update_comment, delete_comment
- update_ticket, export_tickets
- generate_api_key, revoke_api_key
- manage_templates, manage_workflows, manage_recurring
- custom_fields, get_users

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-01-30 18:56:29 -05:00
parent 5b2a2c271e
commit ed9c2a39d1
12 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/manage_templates.php
View File

@@ -89,7 +89,8 @@ try {
if ($stmt->execute()) {
echo json_encode(['success' => true, 'template_id' => $conn->insert_id]);
} else {
echo json_encode(['success' => false, 'error' => $stmt->error]);
error_log("Template creation failed: " . $stmt->error);
echo json_encode(['success' => false, 'error' => 'Failed to create template']);
}
$stmt->close();
break;
@@ -139,6 +140,7 @@ try {
}
} catch (Exception $e) {
error_log("Template API error: " . $e->getMessage());
http_response_code(500);
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
echo json_encode(['success' => false, 'error' => 'An internal error occurred']);
}