vr-shopxo-plugin

Commit Graph

Author	SHA1	Message	Date
Council	f6bcad6bfb	fix: 表名前缀修复 + 创建缺失的audit_log表 - BaseService::table() 从 'plugins_vr_' 改为 'vr_' (原名 plugins_vr_seat_templates → ShopXO前缀后变成 vrt_plugins_vr_seat_templates，实际表名是 vrt_vr_seat_templates) - Admin.php 所有硬编码 Db::name('plugins_vr_xxx') 改为 Db::name('vr_xxx') - 在数据库创建缺失的 vrt_vr_audit_log 表	2026-04-16 17:23:40 +08:00
Council	35c10a7f66	council(security): SecurityEngineer - add missing VenueList methods + security audit Security findings: - SQL injection: LOW (query builder + parameter binding) - XSS: LOW (ThinkPHP auto-escape, no \|raw detected) - Path traversal: LOW (all view paths hardcoded) - CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin) Critical fix: admin/Admin.php was missing VenueList(), VenueSave(), VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would return 500 error. Added all three methods with v3.0 seat_map support. P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:53:41 +08:00
Council	b41e268a77	council(round3): FrontendDev - fix admin/Admin.php routing + camelCase sidebar URLs 路由分析结论： - PluginsService::PluginsControlCall 使用 ucfirst() 转换类名 - sidebar URL /plugins/vr_ticket/admin/seatTemplateList - → class=\app\plugins\vr_ticket\admin\Admin, method=SeatTemplateList() - admin/Admin.php 方法名使用 camelCase 与 URL 匹配修改内容： - admin/Admin.php: 更新注释，方法名已使用 camelCase ✓ - plugin.json: sidebar URL 从 snake_case 改为 camelCase 格式 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:34:50 +08:00

Author

SHA1

Message

Date

Council

f6bcad6bfb

fix: 表名前缀修复 + 创建缺失的audit_log表

- BaseService::table() 从 'plugins_vr_' 改为 'vr_'
  (原名 plugins_vr_seat_templates → ShopXO前缀后变成 vrt_plugins_vr_seat_templates，实际表名是 vrt_vr_seat_templates)
- Admin.php 所有硬编码 Db::name('plugins_vr_xxx') 改为 Db::name('vr_xxx')
- 在数据库创建缺失的 vrt_vr_audit_log 表

2026-04-16 17:23:40 +08:00

Council

35c10a7f66

council(security): SecurityEngineer - add missing VenueList methods + security audit

Security findings:
- SQL injection: LOW (query builder + parameter binding)
- XSS: LOW (ThinkPHP auto-escape, no |raw detected)
- Path traversal: LOW (all view paths hardcoded)
- CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin)

Critical fix: admin/Admin.php was missing VenueList(), VenueSave(),
VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would
return 500 error. Added all three methods with v3.0 seat_map support.

P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-16 08:53:41 +08:00

Council

b41e268a77

council(round3): FrontendDev - fix admin/Admin.php routing + camelCase sidebar URLs

路由分析结论：
- PluginsService::PluginsControlCall 使用 ucfirst() 转换类名
- sidebar URL /plugins/vr_ticket/admin/seatTemplateList
- → class=\app\plugins\vr_ticket\admin\Admin, method=SeatTemplateList()
- admin/Admin.php 方法名使用 camelCase 与 URL 匹配

修改内容：
- admin/Admin.php: 更新注释，方法名已使用 camelCase ✓
- plugin.json: sidebar URL 从 snake_case 改为 camelCase 格式

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-16 08:34:50 +08:00

3 Commits (f6bcad6bfb7a6bd17214a92f7c97dcfb347a3b23)