ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/assets
History
ben b19f1c8e79 security: Address code review findings for Zoho CRM integration 
1. OAuth CSRF Protection:
   - Added state parameter to OAuth authorization URL
   - Generate and store state in transient (10 min expiry)
   - Validate state on callback with timing-safe comparison

2. Debug Log Sanitization:
   - Added sanitize_log_message() to mask credentials in logs
   - Patterns mask client_id, client_secret, access_token, refresh_token
   - Error handlers only expose file paths in WP_DEBUG mode

3. Move Inline JS to External File:
   - Moved ~100 lines of inline JS to assets/js/zoho-admin.js
   - Added redirectUri and oauthUrl to wp_localize_script
   - Better CSP compliance and caching

4. Updated .gitignore to track includes/admin/ and includes/zoho/

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-16 14:59:11 -04:00
..
css refactor: technical debt cleanup for v2.1.6 2025-11-03 20:41:20 -04:00
images feat: Add comprehensive CSS, JavaScript and theme asset infrastructure 2025-08-11 16:20:31 -03:00
js security: Address code review findings for Zoho CRM integration 2025-12-16 14:59:11 -04:00