vr-shopxo-plugin

History

Council 098bcfe780 fix(P0): P0-1 idempotent ticket issuance, P0-3 XSS, P0-4 QR secret exception P0-1: issueTicket() now checks for existing tickets by (order_id, spec_base_id) before inserting. Prevents duplicate tickets on HTTP retry/multi-instance. P0-3: Removed \|raw from simple_desc and content in ticket_detail.html. Prevents stored XSS via malicious admin content injection. P0-4: getQrSecret() now throws exception if VR_TICKET_QR_SECRET is unset, instead of falling back to insecure default key.	2026-04-15 16:59:22 +08:00
..
vr_ticket	fix(P0): P0-1 idempotent ticket issuance, P0-3 XSS, P0-4 QR secret exception	2026-04-15 16:59:22 +08:00
index.html	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00

Council 098bcfe780 fix(P0): P0-1 idempotent ticket issuance, P0-3 XSS, P0-4 QR secret exception

P0-1: issueTicket() now checks for existing tickets by (order_id, spec_base_id)
      before inserting. Prevents duplicate tickets on HTTP retry/multi-instance.
P0-3: Removed |raw from simple_desc and content in ticket_detail.html.
      Prevents stored XSS via malicious admin content injection.
P0-4: getQrSecret() now throws exception if VR_TICKET_QR_SECRET is unset,
      instead of falling back to insecure default key.

2026-04-15 16:59:22 +08:00

vr_ticket

fix(P0): P0-1 idempotent ticket issuance, P0-3 XSS, P0-4 QR secret exception

2026-04-15 16:59:22 +08:00

index.html

feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)

2026-04-15 13:09:44 +08:00