address dereuromarks reviews

josbeir · josbeir · commit 2bef676e2d2a · 2026-01-29T09:53:29.000+01:00
diff --git a/docs/en/development/dependency-injection.md b/docs/en/development/dependency-injection.md
@@ -156,6 +156,7 @@ class UsersController extends AppController
                 // Service handles all email complexity
                 $emails->sendWelcome($user);
                 $this->Flash->success('Registration successful!');
+
                 return $this->redirect(['action' => 'login']);
             }
         }
@@ -171,6 +172,9 @@ class UsersController extends AppController
             if ($user) {
                 $token = $this->Users->generateResetToken($user);
                 $emails->sendPasswordReset($user, $token);
+            } else {
+                // Generate dummy token to prevent timing attacks
+                hash('sha256', $email . Security::randomBytes(32));
             }
 
             // Always show success to prevent email enumeration
@@ -253,7 +257,7 @@ class OrdersController extends AppController
 {
     public function checkout(PaymentService $payments)
     {
-        $order = $this->Orders->get($this->request->getQuery('order_id'));
+        $order = $this->Orders->getOrFail($this->request->getQuery('order_id'));
 
         $result = $payments->processOrder($order);
 
@@ -353,7 +357,7 @@ class DocumentsController extends AppController
                     'url' => $storage->url($path),
                 ]);
 
-                $this->Documents->save($document);
+                $this->Documents->saveOrFail($document);
                 $this->Flash->success('Document uploaded successfully');
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -156,6 +156,7 @@ class UsersController extends AppController`
`156`	`156`	`// Service handles all email complexity`
`157`	`157`	`$emails->sendWelcome($user);`
`158`	`158`	`$this->Flash->success('Registration successful!');`
	`159`	`+`
`159`	`160`	`return $this->redirect(['action' => 'login']);`
`160`	`161`	`}`
`161`	`162`	`}`
`@@ -171,6 +172,9 @@ class UsersController extends AppController`
`171`	`172`	`if ($user) {`
`172`	`173`	`$token = $this->Users->generateResetToken($user);`
`173`	`174`	`$emails->sendPasswordReset($user, $token);`
	`175`	`+ } else {`
	`176`	`+ // Generate dummy token to prevent timing attacks`
	`177`	`+ hash('sha256', $email . Security::randomBytes(32));`
`174`	`178`	`}`
`175`	`179`
`176`	`180`	`// Always show success to prevent email enumeration`
`@@ -253,7 +257,7 @@ class OrdersController extends AppController`
`253`	`257`	`{`
`254`	`258`	`public function checkout(PaymentService $payments)`
`255`	`259`	`{`
`256`		`- $order = $this->Orders->get($this->request->getQuery('order_id'));`
	`260`	`+ $order = $this->Orders->getOrFail($this->request->getQuery('order_id'));`
`257`	`261`
`258`	`262`	`$result = $payments->processOrder($order);`
`259`	`263`
`@@ -353,7 +357,7 @@ class DocumentsController extends AppController`
`353`	`357`	`'url' => $storage->url($path),`
`354`	`358`	`]);`
`355`	`359`
`356`		`- $this->Documents->save($document);`
	`360`	`+ $this->Documents->saveOrFail($document);`
`357`	`361`	`$this->Flash->success('Document uploaded successfully');`
`358`	`362`	`}`
`359`	`363`	`}`