vr-shopxo-plugin/reviews
Council 11fa6ccfdb council(draft): BackendArchitect - 输出 vr-shopxo-plugin 架构评审报告
发现严重问题:
- onOrderPaid() 无幂等性(并发重复发票)
- verifyTicket() TOCTOU 竞态条件
- QR Secret 默认密钥硬编码
- |raw XSS 漏洞(goods.simple_desc)
- 购票参数无服务端验证

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 09:18:34 +08:00
..
PM-Q1-Q4-review.md council(draft): PM - PM Q1-Q4 review output 2026-04-14 18:21:32 +08:00
arch-reviewer-on-docs-round2.md fix: 明确允许最小范围修改ShopXO源码(MIT协议),以进度为先 2026-04-14 14:10:59 +08:00
code-review-BackendArchitect.md council(draft): BackendArchitect - 输出 vr-shopxo-plugin 架构评审报告 2026-04-15 09:18:34 +08:00
pm-reviewer-on-docs.md fix: 明确允许最小范围修改ShopXO源码(MIT协议),以进度为先 2026-04-14 14:10:59 +08:00