You've already forked Atomcms-edit
root
7f59024bef
- Remove User::$guarded = [] to prevent mass assignment attacks - Enable SQL strict mode and disable emulated prepares (SQL injection prevention) - Switch password hashing from bcrypt to argon2id (stronger algorithm) - Enable session encryption to protect session data at rest - Restrict TrustProxies to localhost only (prevent IP spoofing) - Restrict CORS allowed_methods via env variable instead of wildcard - Add PayPal amount mismatch detection to prevent payment manipulation - Add double-capture prevention (idempotency check) - Add expected_amount column to transactions table for verification