sileya-ai
/
vr-shopxo-plugin
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity
95 Commits
9 Branches
0 Tags
29 MiB
Commit Graph

10 Commits (59928d11961f616218570dd120bb99050f49c562)

Author SHA1 Message Date
Council 59928d1196 Merge council/FrontendDev: complete admin views + export button fix 
Resolves merge conflicts:
- Verifier.php: keep parent (CONCAT fix, fetch-then-map pattern)
- ticket/detail.html, verifier/list.html, verifier/save.html: stage as-is (no conflict markers)
 2026-04-15 14:21:46 +08:00
Council b9ef6ef675 council(execute): BackendArchitect - fix Verification.php column() bug + S4 audit log design 
- Fix Verification.php:55 - ThinkPHP column() does not support multi-field
  mapping; replaced with select() + PHP foreach to build id-keyed array
- Add complete S4 audit log design to plan.md:
  - vr_audit_log table already exists in EventListener.php
  - AuditService interface design (log/getAdminContext/makeRequestId)
  - Integration points table for all sensitive operations
  - Append-only tamper-proof strategy

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 14:20:14 +08:00
Council 2a6d7bdbf7 council(execute): FrontendDev - Round 4: export button fix + mark Phase 2 complete 
- Fix P1 bug: ticket/list.html export button (GET→POST form) matching IS_AJAX_POST
- Mark all plan.md tasks complete (seat templates, tickets, verifiers, verifications views)
- BackendArchitect: AuditService.php (S4 design), Verifier.php CONCAT fix, Verification.php column() fix
- BackendArchitect: SeatTemplate.php countSeats fix, TicketService.php transaction fix
- BackendArchitect: EventListener.php audit_log table added
- SecurityEngineer: S1-S5 security audit complete
- [CONSENSUS: YES] all three agents vote YES

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 14:20:03 +08:00
Council 1d24075f4c Merge council/BackendArchitect: add missing verifier views + fix Verifier.php CONCAT bug 2026-04-15 14:12:24 +08:00
Council 255c8ed2bf council(review): SecurityEngineer - Phase 2 security audit complete + P1 Verifier.php fix 
Security audit findings (Task S1/S2/S3/S5 done):
- Task S1: Admin auth chain verified (Base extends Common OK)
- Task S2: SQL injection audit complete (no injection, P1 code bug found)
  - FIXED: Verifier.php:45 CONCAT column() syntax error → select()+PHP concat
- Task S3: XSS/CSRF audit complete (no risk in admin context)
- Task S5: IDOR audit complete (admin context acceptable)
- Task S4 (audit log design): still pending

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 14:11:43 +08:00
Council 8ca3b2d67b council(execute): FrontendDev - merge Round 3 view files to main 
FrontendDev Round 3 deliverables:
- All 7 admin view files (new + URL fixes)
- Resolve plan.md conflict: keep merged version + add Round 3 summary

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 14:11:36 +08:00
Council 6f49b8355c council(execute): BackendArchitect - add missing verifier views + fix CONCAT bug in Verifier.php 
Round 3 completed:
- NEW: verifier/list.html (Layui table + search + enable/disable)
- NEW: verifier/save.html (user select + name + status form)
- NEW: ticket/detail.html (QR code + manual verify form)
- FIX: Verifier.php CONCAT column() → select() + PHP concat (P1)
- FIX: Ticket.php detail() adds $verifiers list for detail.html
- UPDATE: plan.md marks B1~B5 Done, S1~S5 pending SecurityEngineer

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 14:11:35 +08:00
Council