Security update

- Changes status change url method to post for preventing CSRF attacks for ticket status manipluation
- Fixed delete forever functionality

resources/lang/en/lang.php

@@ -1642,4 +1642,5 @@ return [
     'ticket_has_collaborator'                      => 'This ticket has collaborator(s)',
     'ticket_created_source'                        => 'This ticket is created via :source',
     'ticket-has-x-priority'                        => 'This ticket has :priority priority',
+    'clean-forever'                                => 'delete permanently',
 ];

resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php

@@ -138,7 +138,10 @@ var filterClick = 0;
                         c_status = "Close";
                     } else if(id == 5) {
                         c_status = "Delete";
+                    } else if(id == 'hard-delete') {
+                        c_status = "Delete forever";
                     }
+
                     $('.yes').html("Yes");
                 }
                 $('#custom-alert-body').html(msg);
@@ -148,7 +151,7 @@ var filterClick = 0;
             $('#modalpopup').on('submit', function(e){
                 if (submit_form == 0) {
                     e.preventDefault();
-                    changeStatus('hard-delete', '{{Lang::get("lang.clean-")}}');
+                    changeStatus('hard-delete', '{{Lang::get("lang.clean-forever")}}');
                 }
                 $('#hard-delete').val('Delete forever')
             });

resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php

@@ -1398,7 +1398,7 @@ if ($thread->title != "") {
     // Close a ticket
     $('#close').on('click', function(e) {
     $.ajax({
-    type: "GET",
+    type: "POST",
             url: "../ticket/close/{{$tickets->id}}",
             beforeSend: function() {
             $("#hidespin").hide();
@@ -1428,7 +1428,7 @@ if ($thread->title != "") {
  $('#approval_close').on('click', function(e) {
      
     $.ajax({
-    type: "GET",
+    type: "POST",
             url: "../ticket/close/get-approval/{{$tickets->id}}",//route 600
             beforeSend: function() {
             $("#hidespin").hide();
@@ -1463,7 +1463,7 @@ if ($thread->title != "") {
             // Resolved  a ticket
             $('#resolved').on('click', function(e) {
     $.ajax({
-    type: "GET",
+    type: "POST",
             url: "../ticket/resolve/{{$tickets->id}}",
             beforeSend: function() {
             $("#hide2").hide();
@@ -1493,7 +1493,7 @@ if ($thread->title != "") {
             // Open a ticket
             $('#open').on('click', function(e) {
     $.ajax({
-    type: "GET",
+    type: "POST",
             url: "../ticket/open/{{$tickets->id}}",
             beforeSend: function() {
             $("#hide2").hide();
@@ -1515,7 +1515,7 @@ if ($thread->title != "") {
             // delete a ticket
             $('#delete').on('click', function(e) {
     $.ajax({
-    type: "GET",
+    type: "POST",
             url: "../ticket/delete/{{$tickets->id}}",
             beforeSend: function() {
             $("#hide2").hide();

routes/web.php

@@ -346,11 +346,11 @@ Route::group(['middleware' => ['web']], function () {
         Route::patch('/internal/note/{id}', ['as' => 'Internal.note', 'uses' => 'Agent\helpdesk\TicketController@InternalNote']); /*  Patch Internal Note */
         Route::patch('/ticket/assign/{id}', ['as' => 'assign.ticket', 'uses' => 'Agent\helpdesk\TicketController@assign']); /*  Patch Ticket assigned to whom */
         Route::patch('/ticket/post/edit/{id}', ['as' => 'ticket.post.edit', 'uses' => 'Agent\helpdesk\TicketController@ticketEditPost']); /*  Patchi Ticket Edit */
-        Route::get('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /*  Get Print Ticket */
-        Route::get('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /*  Get Ticket Close */
-        Route::get('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /*  Get ticket Resolve */
-        Route::get('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /*  Get Ticket Open */
-        Route::get('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /*  Get Ticket Delete */
+        Route::post('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /*  Get Print Ticket */
+        Route::post('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /*  Get Ticket Close */
+        Route::post('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /*  Get ticket Resolve */
+        Route::post('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /*  Get Ticket Open */
+        Route::post('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /*  Get Ticket Delete */
         Route::get('/email/ban/{id}', ['as' => 'ban.email', 'uses' => 'Agent\helpdesk\TicketController@ban']); /*  Get Ban Email */
         Route::get('/ticket/surrender/{id}', ['as' => 'ticket.surrender', 'uses' => 'Agent\helpdesk\TicketController@surrender']); /*  Get Ticket Surrender */
         Route::get('/aaaa', 'Client\helpdesk\GuestController@ticket_number');