• Mahmoud Aglan's avatar
    security: add auth checks to all game.php mutation handlers · 6f0df09e
    Mahmoud Aglan authored
    - handleGameMove: verify caller is a player in the match before allowing moves
    - handleResign: verify participant before allowing resignation
    - handleDraw: verify participant + use merge_game_state RPC (preserves heartbeat data)
    - handleComplete: verify participant + validate winners are actual match players (prevents coin exploit)
    - handleFindActiveMatch: restrict to own user only (prevents info disclosure)
    - Validate result enum values in handleComplete
    
    Fixes WTF #1-4, #46
    Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
    6f0df09e
Name
Last commit
Last update
..
achievements.php Loading commit data...
activity.php Loading commit data...
ads.php Loading commit data...
analysis.php Loading commit data...
auth.php Loading commit data...
avatar.php Loading commit data...
backgammon-match.php Loading commit data...
battlepass.php Loading commit data...
bots.php Loading commit data...
branding.php Loading commit data...
challenges.php Loading commit data...
chat.php Loading commit data...
config.php Loading commit data...
daily-reward.php Loading commit data...
domino-match.php Loading commit data...
domino.php Loading commit data...
friends.php Loading commit data...
game.php Loading commit data...
groups.php Loading commit data...
leaderboard.php Loading commit data...
ludo-match.php Loading commit data...
ludo.php Loading commit data...
match-cleanup.php Loading commit data...
match-history.php Loading commit data...
matchmaking.php Loading commit data...
multiplayer.php Loading commit data...
notifications.php Loading commit data...
org-apply.php Loading commit data...
orgs.php Loading commit data...
profile.php Loading commit data...
puzzles.php Loading commit data...
ratings.php Loading commit data...
shop.php Loading commit data...
swiss.php Loading commit data...
theme.php Loading commit data...
tournament-match.php Loading commit data...
tournaments.php Loading commit data...