From 190f6500c2ad5e2b76b56d640cb91db838af06b9 Mon Sep 17 00:00:00 2001 From: Manish Verma Date: Tue, 18 Sep 2018 16:14:44 +0530 Subject: [PATCH] Security update - Changes status change url method to post for preventing CSRF attacks for ticket status manipluation - Fixed delete forever functionality --- resources/lang/en/lang.php | 1 + .../ticket/more/tickets-options-script.blade.php | 5 ++++- .../default1/agent/helpdesk/ticket/timeline.blade.php | 10 +++++----- routes/web.php | 10 +++++----- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/resources/lang/en/lang.php b/resources/lang/en/lang.php index d50dc4636..b417da286 100644 --- a/resources/lang/en/lang.php +++ b/resources/lang/en/lang.php @@ -1642,4 +1642,5 @@ return [ 'ticket_has_collaborator' => 'This ticket has collaborator(s)', 'ticket_created_source' => 'This ticket is created via :source', 'ticket-has-x-priority' => 'This ticket has :priority priority', + 'clean-forever' => 'delete permanently', ]; diff --git a/resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php b/resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php index 3b5e183d7..42e3db71a 100644 --- a/resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php +++ b/resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php @@ -138,7 +138,10 @@ var filterClick = 0; c_status = "Close"; } else if(id == 5) { c_status = "Delete"; + } else if(id == 'hard-delete') { + c_status = "Delete forever"; } + $('.yes').html("Yes"); } $('#custom-alert-body').html(msg); @@ -148,7 +151,7 @@ var filterClick = 0; $('#modalpopup').on('submit', function(e){ if (submit_form == 0) { e.preventDefault(); - changeStatus('hard-delete', '{{Lang::get("lang.clean-")}}'); + changeStatus('hard-delete', '{{Lang::get("lang.clean-forever")}}'); } $('#hard-delete').val('Delete forever') }); diff --git a/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php b/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php index 5f316728c..b927de8f2 100644 --- a/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php +++ b/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php @@ -1398,7 +1398,7 @@ if ($thread->title != "") { // Close a ticket $('#close').on('click', function(e) { $.ajax({ - type: "GET", + type: "POST", url: "../ticket/close/{{$tickets->id}}", beforeSend: function() { $("#hidespin").hide(); @@ -1428,7 +1428,7 @@ if ($thread->title != "") { $('#approval_close').on('click', function(e) { $.ajax({ - type: "GET", + type: "POST", url: "../ticket/close/get-approval/{{$tickets->id}}",//route 600 beforeSend: function() { $("#hidespin").hide(); @@ -1463,7 +1463,7 @@ if ($thread->title != "") { // Resolved a ticket $('#resolved').on('click', function(e) { $.ajax({ - type: "GET", + type: "POST", url: "../ticket/resolve/{{$tickets->id}}", beforeSend: function() { $("#hide2").hide(); @@ -1493,7 +1493,7 @@ if ($thread->title != "") { // Open a ticket $('#open').on('click', function(e) { $.ajax({ - type: "GET", + type: "POST", url: "../ticket/open/{{$tickets->id}}", beforeSend: function() { $("#hide2").hide(); @@ -1515,7 +1515,7 @@ if ($thread->title != "") { // delete a ticket $('#delete').on('click', function(e) { $.ajax({ - type: "GET", + type: "POST", url: "../ticket/delete/{{$tickets->id}}", beforeSend: function() { $("#hide2").hide(); diff --git a/routes/web.php b/routes/web.php index b92b5987f..b1e10d7d0 100644 --- a/routes/web.php +++ b/routes/web.php @@ -346,11 +346,11 @@ Route::group(['middleware' => ['web']], function () { Route::patch('/internal/note/{id}', ['as' => 'Internal.note', 'uses' => 'Agent\helpdesk\TicketController@InternalNote']); /* Patch Internal Note */ Route::patch('/ticket/assign/{id}', ['as' => 'assign.ticket', 'uses' => 'Agent\helpdesk\TicketController@assign']); /* Patch Ticket assigned to whom */ Route::patch('/ticket/post/edit/{id}', ['as' => 'ticket.post.edit', 'uses' => 'Agent\helpdesk\TicketController@ticketEditPost']); /* Patchi Ticket Edit */ - Route::get('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /* Get Print Ticket */ - Route::get('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /* Get Ticket Close */ - Route::get('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /* Get ticket Resolve */ - Route::get('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /* Get Ticket Open */ - Route::get('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /* Get Ticket Delete */ + Route::post('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /* Get Print Ticket */ + Route::post('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /* Get Ticket Close */ + Route::post('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /* Get ticket Resolve */ + Route::post('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /* Get Ticket Open */ + Route::post('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /* Get Ticket Delete */ Route::get('/email/ban/{id}', ['as' => 'ban.email', 'uses' => 'Agent\helpdesk\TicketController@ban']); /* Get Ban Email */ Route::get('/ticket/surrender/{id}', ['as' => 'ticket.surrender', 'uses' => 'Agent\helpdesk\TicketController@surrender']); /* Get Ticket Surrender */ Route::get('/aaaa', 'Client\helpdesk\GuestController@ticket_number');