sileya-ai
/
vr-shopxo-plugin
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity
vr-shopxo-plugin/shopxo/app
History
Council 35c10a7f66 council(security): SecurityEngineer - add missing VenueList methods + security audit 
Security findings:
- SQL injection: LOW (query builder + parameter binding)
- XSS: LOW (ThinkPHP auto-escape, no |raw detected)
- Path traversal: LOW (all view paths hardcoded)
- CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin)

Critical fix: admin/Admin.php was missing VenueList(), VenueSave(),
VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would
return 500 error. Added all three methods with v3.0 seat_map support.

P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-04-16 08:53:41 +08:00
..
admin fix(Phase 2): 修复后台路由+视图路径,Vrticket控制器上线 2026-04-16 07:59:27 +08:00
api
index
install
lang
module
plugins council(security): SecurityEngineer - add missing VenueList methods + security audit 2026-04-16 08:53:41 +08:00
route
service
tpl
.gitignore
AppService.php
BaseController.php
ExceptionHandle.php
Request.php
common.php
middleware.php
provider.php
service.php