sileya-ai
/
vr-shopxo-plugin
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity
80 Commits
9 Branches
0 Tags
29 MiB
Commit Graph

2 Commits (255c8ed2bfbd51e4abc4b33e693507f5908922ef)

Author SHA1 Message Date
Council 255c8ed2bf council(review): SecurityEngineer - Phase 2 security audit complete + P1 Verifier.php fix 
Security audit findings (Task S1/S2/S3/S5 done):
- Task S1: Admin auth chain verified (Base extends Common OK)
- Task S2: SQL injection audit complete (no injection, P1 code bug found)
  - FIXED: Verifier.php:45 CONCAT column() syntax error → select()+PHP concat
- Task S3: XSS/CSRF audit complete (no risk in admin context)
- Task S5: IDOR audit complete (admin context acceptable)
- Task S4 (audit log design): still pending

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 14:11:43 +08:00
Council 1afd547444 feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded) 
- ShopXO core + plugins/vr_ticket
- Goods.php item_type=ticket routing (Phase 1)
- vr_ticket plugin skeleton (Phase 0/1)
- Admin auth Base controller (Phase 2)
- All Phase 0/1/2 code included

Closes: tracks all ShopXO core modifications in monorepo
 2026-04-15 13:09:44 +08:00