Security update

- Changes status change url method to post for preventing CSRF attacks for ticket status manipluation - Fixed delete forever functionality
2018-09-18 16:14:44 +05:30
parent bacb5137da
commit 190f6500c2
4 changed files with 15 additions and 11 deletions
--- a/resources/lang/en/lang.php
+++ b/resources/lang/en/lang.php
@@ -1642,4 +1642,5 @@ return [
    'ticket_has_collaborator'                      => 'This ticket has collaborator(s)',
    'ticket_created_source'                        => 'This ticket is created via :source',
    'ticket-has-x-priority'                        => 'This ticket has :priority priority',
+    'clean-forever'                                => 'delete permanently',
 ];
--- a/resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php
+++ b/resources/views/themes/default1/agent/helpdesk/ticket/more/tickets-options-script.blade.php
@@ -138,7 +138,10 @@ var filterClick = 0;
                        c_status = "Close";
                    } else if(id == 5) {
                        c_status = "Delete";
+                    } else if(id == 'hard-delete') {
+                        c_status = "Delete forever";
                    }
+
                    $('.yes').html("Yes");
                }
                $('#custom-alert-body').html(msg);
@@ -148,7 +151,7 @@ var filterClick = 0;
            $('#modalpopup').on('submit', function(e){
                if (submit_form == 0) {
                    e.preventDefault();
-                    changeStatus('hard-delete', '{{Lang::get("lang.clean-")}}');
+                    changeStatus('hard-delete', '{{Lang::get("lang.clean-forever")}}');
                }
                $('#hard-delete').val('Delete forever')
            });
--- a/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php
+++ b/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php
@@ -1398,7 +1398,7 @@ if ($thread->title != "") {
    // Close a ticket
    $('#close').on('click', function(e) {
    $.ajax({
-    type: "GET",
+    type: "POST",
            url: "../ticket/close/{{$tickets->id}}",
            beforeSend: function() {
            $("#hidespin").hide();
@@ -1428,7 +1428,7 @@ if ($thread->title != "") {
 $('#approval_close').on('click', function(e) {
     
    $.ajax({
-    type: "GET",
+    type: "POST",
            url: "../ticket/close/get-approval/{{$tickets->id}}",//route 600
            beforeSend: function() {
            $("#hidespin").hide();
@@ -1463,7 +1463,7 @@ if ($thread->title != "") {
            // Resolved  a ticket
            $('#resolved').on('click', function(e) {
    $.ajax({
-    type: "GET",
+    type: "POST",
            url: "../ticket/resolve/{{$tickets->id}}",
            beforeSend: function() {
            $("#hide2").hide();
@@ -1493,7 +1493,7 @@ if ($thread->title != "") {
            // Open a ticket
            $('#open').on('click', function(e) {
    $.ajax({
-    type: "GET",
+    type: "POST",
            url: "../ticket/open/{{$tickets->id}}",
            beforeSend: function() {
            $("#hide2").hide();
@@ -1515,7 +1515,7 @@ if ($thread->title != "") {
            // delete a ticket
            $('#delete').on('click', function(e) {
    $.ajax({
-    type: "GET",
+    type: "POST",
            url: "../ticket/delete/{{$tickets->id}}",
            beforeSend: function() {
            $("#hide2").hide();