vr-shopxo-plugin

History

Council 35c10a7f66 council(security): SecurityEngineer - add missing VenueList methods + security audit Security findings: - SQL injection: LOW (query builder + parameter binding) - XSS: LOW (ThinkPHP auto-escape, no \|raw detected) - Path traversal: LOW (all view paths hardcoded) - CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin) Critical fix: admin/Admin.php was missing VenueList(), VenueSave(), VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would return 500 error. Added all three methods with v3.0 seat_map support. P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:53:41 +08:00
..
BackendArchitect-on-FrontendDev-P1.md	council(review): BackendArchitect - Review FrontendDev P1 submit() refactor	2026-04-15 20:12:12 +08:00
SecurityEngineer-round5-review.md	council(security): SecurityEngineer - add missing VenueList methods + security audit	2026-04-16 08:53:41 +08:00

Council 35c10a7f66 council(security): SecurityEngineer - add missing VenueList methods + security audit

Security findings:
- SQL injection: LOW (query builder + parameter binding)
- XSS: LOW (ThinkPHP auto-escape, no |raw detected)
- Path traversal: LOW (all view paths hardcoded)
- CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin)

Critical fix: admin/Admin.php was missing VenueList(), VenueSave(),
VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would
return 500 error. Added all three methods with v3.0 seat_map support.

P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-16 08:53:41 +08:00

BackendArchitect-on-FrontendDev-P1.md

council(review): BackendArchitect - Review FrontendDev P1 submit() refactor

2026-04-15 20:12:12 +08:00

SecurityEngineer-round5-review.md

council(security): SecurityEngineer - add missing VenueList methods + security audit

2026-04-16 08:53:41 +08:00