vr-shopxo-plugin

Commit Graph

Author	SHA1	Message	Date
Council	098bcfe780	fix(P0): P0-1 idempotent ticket issuance, P0-3 XSS, P0-4 QR secret exception P0-1: issueTicket() now checks for existing tickets by (order_id, spec_base_id) before inserting. Prevents duplicate tickets on HTTP retry/multi-instance. P0-3: Removed \|raw from simple_desc and content in ticket_detail.html. Prevents stored XSS via malicious admin content injection. P0-4: getQrSecret() now throws exception if VR_TICKET_QR_SECRET is unset, instead of falling back to insecure default key.	2026-04-15 16:59:22 +08:00
Council	1afd547444	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded) - ShopXO core + plugins/vr_ticket - Goods.php item_type=ticket routing (Phase 1) - vr_ticket plugin skeleton (Phase 0/1) - Admin auth Base controller (Phase 2) - All Phase 0/1/2 code included Closes: tracks all ShopXO core modifications in monorepo	2026-04-15 13:09:44 +08:00

Author

SHA1

Message

Date

Council

098bcfe780

fix(P0): P0-1 idempotent ticket issuance, P0-3 XSS, P0-4 QR secret exception

P0-1: issueTicket() now checks for existing tickets by (order_id, spec_base_id)
      before inserting. Prevents duplicate tickets on HTTP retry/multi-instance.
P0-3: Removed |raw from simple_desc and content in ticket_detail.html.
      Prevents stored XSS via malicious admin content injection.
P0-4: getQrSecret() now throws exception if VR_TICKET_QR_SECRET is unset,
      instead of falling back to insecure default key.

2026-04-15 16:59:22 +08:00

Council

1afd547444

feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)

- ShopXO core + plugins/vr_ticket
- Goods.php item_type=ticket routing (Phase 1)
- vr_ticket plugin skeleton (Phase 0/1)
- Admin auth Base controller (Phase 2)
- All Phase 0/1/2 code included

Closes: tracks all ShopXO core modifications in monorepo

2026-04-15 13:09:44 +08:00

2 Commits (bdfcb80d8c2f89399d0218e7ac7e5bcc05938ab9)