vr-shopxo-plugin

History

Council 35c10a7f66 council(security): SecurityEngineer - add missing VenueList methods + security audit Security findings: - SQL injection: LOW (query builder + parameter binding) - XSS: LOW (ThinkPHP auto-escape, no \|raw detected) - Path traversal: LOW (all view paths hardcoded) - CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin) Critical fix: admin/Admin.php was missing VenueList(), VenueSave(), VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would return 500 error. Added all three methods with v3.0 seat_map support. P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-16 08:53:41 +08:00
..
admin	fix(Phase 2): 修复后台路由+视图路径，Vrticket控制器上线	2026-04-16 07:59:27 +08:00
api	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
index	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
install	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
lang	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
module	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
plugins	council(security): SecurityEngineer - add missing VenueList methods + security audit	2026-04-16 08:53:41 +08:00
route	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
service	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
tpl	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
.gitignore	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
AppService.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
BaseController.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
ExceptionHandle.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
Request.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
common.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
middleware.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
provider.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00
service.php	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)	2026-04-15 13:09:44 +08:00