Chris 9295115742 fix: use hash_equals for API key comparison and update config documentation ...

- Replace direct API key comparison with hash_equals() to prevent timing oracle attacks
- Update CLAUDE.md to document all config options (URL, API_KEY, BLOCK_PRIVATE_IPS)
- Add placeholder defines to src/config.inc.php for local dev (not committed due to .gitignore)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-21 12:17:34 +02:00

3.8 KiB

Executable File

Raw Blame History

View Raw