Council
|
c03737308b
|
fix(Admin): 改用 random_int() CSPRNG,修正 UUID v4 版本/变体位
mt_rand() → random_int()(防种子预测)
版本号 nibble: 8 → 4(符合 RFC 4122 UUID v4)
变体位保持 10xx 格式不变
|
2026-04-20 13:21:44 +08:00 |
|
Council
|
1244adfaae
|
feat(Admin): SeatTemplateSave 时为无 id 的 room 生成 UUID
兜底逻辑:在保存场馆模板时,遍历 rooms,
若 room.id 为空则用 time()+mt_rand 生成唯一 UUID。
不修改已有数据的读取逻辑(读取端已有 room_N 兼容兜底)。
|
2026-04-20 12:58:19 +08:00 |
|
Council
|
2452fde466
|
refactor(vr_ticket): full plugin restructure - Admin.php root pattern + Hook.php
Phase 2 completion - complete backend management rebuild:
Plugin architecture change (旧 → 新):
- 删: admin/controller/ 子目录多控制器 → 留: admin/Admin.php 单控制器
- 删: admin/view/ → 留: view/{module}/
- 删: EventListener.php, app.php, plugin.json → 留: Hook.php, config.json
New files:
- Hook.php: 插件钩子入口(侧边栏菜单 + 订单支付处理)
- config.json: 插件配置(is_enable 等)
- install.sql / uninstall.sql: 安装卸载脚本
- view/venue/list.html, save.html: 场馆管理视图(AmazeUI)
- view/admin/setup.html: 插件设置页
Modified files:
- service/AuditService.php, BaseService.php, SeatSkuService.php, TicketService.php
- admin/Admin.php: 全新 Admin.php 根目录控制器
ShopXO core changes:
- app/index/controller/Goods.php: ticket 类型商品详情页路由
- app/service/AdminPowerService.php: 权限系统适配
- config/shopxo.php: 配置
AmazeUI frontend migration:
- All views migrated from LayUI to AmazeUI
- Vue 3 editor for venue/seat configuration
- CDN: unpkg.com → cdn.staticfile.net
Fixes included:
- Infinite loading (missing footer include)
- Vue3 textarea interpolation bug
- Template path resolution (../../../plugins/...)
- Hook return fields (id/url/is_show)
- DB field names verified from source
|
2026-04-17 00:46:00 +08:00 |
|
Council
|
f6bcad6bfb
|
fix: 表名前缀修复 + 创建缺失的audit_log表
- BaseService::table() 从 'plugins_vr_' 改为 'vr_'
(原名 plugins_vr_seat_templates → ShopXO前缀后变成 vrt_plugins_vr_seat_templates,实际表名是 vrt_vr_seat_templates)
- Admin.php 所有硬编码 Db::name('plugins_vr_xxx') 改为 Db::name('vr_xxx')
- 在数据库创建缺失的 vrt_vr_audit_log 表
|
2026-04-16 17:23:40 +08:00 |
|
Council
|
35c10a7f66
|
council(security): SecurityEngineer - add missing VenueList methods + security audit
Security findings:
- SQL injection: LOW (query builder + parameter binding)
- XSS: LOW (ThinkPHP auto-escape, no |raw detected)
- Path traversal: LOW (all view paths hardcoded)
- CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin)
Critical fix: admin/Admin.php was missing VenueList(), VenueSave(),
VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would
return 500 error. Added all three methods with v3.0 seat_map support.
P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-16 08:53:41 +08:00 |
|
Council
|
b41e268a77
|
council(round3): FrontendDev - fix admin/Admin.php routing + camelCase sidebar URLs
路由分析结论:
- PluginsService::PluginsControlCall 使用 ucfirst() 转换类名
- sidebar URL /plugins/vr_ticket/admin/seatTemplateList
- → class=\app\plugins\vr_ticket\admin\Admin, method=SeatTemplateList()
- admin/Admin.php 方法名使用 camelCase 与 URL 匹配
修改内容:
- admin/Admin.php: 更新注释,方法名已使用 camelCase ✓
- plugin.json: sidebar URL 从 snake_case 改为 camelCase 格式
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-16 08:34:50 +08:00 |