php-telegram-bot
diff --git a/‎CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎composer.json‎
Lines changed: 1 addition & 1 deletion b/‎composer.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎composer.lock‎
Lines changed: 84 additions & 43 deletions b/‎composer.lock‎
Lines changed: 84 additions & 43 deletions
diff --git a/‎phpunit.xml.dist‎
Lines changed: 2 additions & 2 deletions b/‎phpunit.xml.dist‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/BotManager.php‎
Lines changed: 1 addition & 1 deletion b/‎src/BotManager.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Params.php‎
Lines changed: 7 additions & 2 deletions b/‎src/Params.php‎
Lines changed: 7 additions & 2 deletions
@@ -7,11 +7,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 - Execute commands via cron, using `cron` action and `g` parameter.
 ### Changed
 - Remodelled the config array to a more flexible structure.
+- `bot_username` and `secret` are no longer vital parameters.
 ### Deprecated
 ### Removed
 ### Fixed
 - Initialise loggers before anything else, to allow logging of all errors.
 ### Security
+- Enforce non-empty secret when using webhook.
 
 ## [0.43.0] - 2017-04-17
 ### Added
 
@@ -25,7 +25,7 @@
     ],
     "require": {
         "php": "^7.0",
-        "longman/telegram-bot": "^0.43",
+        "longman/telegram-bot": "^0.44",
         "allty/utils-ip": "dev-master"
     },
     "require-dev": {
 
@@ -17,8 +17,8 @@
         <ini name="error_reporting" value="-1" />
         <const name="PHPUNIT_TEST" value="true" />
         <const name="PHPUNIT_DB_HOST" value="127.0.0.1"/>
-        <const name="PHPUNIT_DB_NAME" value="telegrambot"/>
         <const name="PHPUNIT_DB_USER" value="root"/>
-        <const name="PHPUNIT_DB_PASS" value=""/>
+        <const name="PHPUNIT_DB_PASSWORD" value=""/>
+        <const name="PHPUNIT_DB_DATABASE" value="telegrambot"/>
     </php>
 </phpunit>
@@ -173,7 +173,7 @@ public function validateSecret(bool $force = false): self
         if ($force || 'cli' !== PHP_SAPI) {
             $secret     = $this->params->getBotParam('secret');
             $secret_get = $this->params->getScriptParam('s');
-            if ($secret_get !== $secret) {
+            if (!isset($secret, $secret_get) || $secret !== $secret_get) {
                 throw new InvalidAccessException('Invalid access');
             }
         }
 
@@ -30,14 +30,14 @@ class Params
      */
     private static $valid_vital_bot_params = [
         'api_key',
-        'bot_username',
-        'secret',
     ];
 
     /**
      * @var array List of valid extra parameters that can be passed.
      */
     private static $valid_extra_bot_params = [
+        'bot_username',
+        'secret',
         'validate_request',
         'valid_ips',
         'webhook',
@@ -126,6 +126,11 @@ private function validateAndSetBotParams($params): self
             $this->bot_params[$vital_key] = $params[$vital_key];
         }
 
+        // Special case, where secret MUST be defined if we have a webhook.
+        if (($params['webhook'] ?? null) && !($params['secret'] ?? null)) {
+            throw new InvalidParamsException('Some vital info is missing: secret');
+        }
+
         // Set all extra params.
         foreach (self::$valid_extra_bot_params as $extra_key) {
             if (!array_key_exists($extra_key, $params)) {
Original file line number	Diff line number	Diff line change
`@@ -173,7 +173,7 @@ public function validateSecret(bool $force = false): self`
`173`	`173`	`if ($force \|\| 'cli' !== PHP_SAPI) {`
`174`	`174`	`$secret = $this->params->getBotParam('secret');`
`175`	`175`	`$secret_get = $this->params->getScriptParam('s');`
`176`		`- if ($secret_get !== $secret) {`
	`176`	`+ if (!isset($secret, $secret_get) \|\| $secret !== $secret_get) {`
`177`	`177`	`throw new InvalidAccessException('Invalid access');`
`178`	`178`	`}`
`179`	`179`	`}`