Security update
- Changes status change url method to post for preventing CSRF attacks for ticket status manipluation - Fixed delete forever functionality
This commit is contained in:
Manish Verma
committed by
Manish Verma
Manish Verma
parent
bacb5137da
commit
190f6500c2
@@ -1642,4 +1642,5 @@ return [
|
|||||||
'ticket_has_collaborator' => 'This ticket has collaborator(s)',
|
'ticket_has_collaborator' => 'This ticket has collaborator(s)',
|
||||||
'ticket_created_source' => 'This ticket is created via :source',
|
'ticket_created_source' => 'This ticket is created via :source',
|
||||||
'ticket-has-x-priority' => 'This ticket has :priority priority',
|
'ticket-has-x-priority' => 'This ticket has :priority priority',
|
||||||
|
'clean-forever' => 'delete permanently',
|
||||||
];
|
];
|
||||||
|
|||||||
@@ -138,7 +138,10 @@ var filterClick = 0;
|
|||||||
c_status = "Close";
|
c_status = "Close";
|
||||||
} else if(id == 5) {
|
} else if(id == 5) {
|
||||||
c_status = "Delete";
|
c_status = "Delete";
|
||||||
|
} else if(id == 'hard-delete') {
|
||||||
|
c_status = "Delete forever";
|
||||||
}
|
}
|
||||||
|
|
||||||
$('.yes').html("Yes");
|
$('.yes').html("Yes");
|
||||||
}
|
}
|
||||||
$('#custom-alert-body').html(msg);
|
$('#custom-alert-body').html(msg);
|
||||||
@@ -148,7 +151,7 @@ var filterClick = 0;
|
|||||||
$('#modalpopup').on('submit', function(e){
|
$('#modalpopup').on('submit', function(e){
|
||||||
if (submit_form == 0) {
|
if (submit_form == 0) {
|
||||||
e.preventDefault();
|
e.preventDefault();
|
||||||
changeStatus('hard-delete', '{{Lang::get("lang.clean-")}}');
|
changeStatus('hard-delete', '{{Lang::get("lang.clean-forever")}}');
|
||||||
}
|
}
|
||||||
$('#hard-delete').val('Delete forever')
|
$('#hard-delete').val('Delete forever')
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -1398,7 +1398,7 @@ if ($thread->title != "") {
|
|||||||
// Close a ticket
|
// Close a ticket
|
||||||
$('#close').on('click', function(e) {
|
$('#close').on('click', function(e) {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: "GET",
|
type: "POST",
|
||||||
url: "../ticket/close/{{$tickets->id}}",
|
url: "../ticket/close/{{$tickets->id}}",
|
||||||
beforeSend: function() {
|
beforeSend: function() {
|
||||||
$("#hidespin").hide();
|
$("#hidespin").hide();
|
||||||
@@ -1428,7 +1428,7 @@ if ($thread->title != "") {
|
|||||||
$('#approval_close').on('click', function(e) {
|
$('#approval_close').on('click', function(e) {
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: "GET",
|
type: "POST",
|
||||||
url: "../ticket/close/get-approval/{{$tickets->id}}",//route 600
|
url: "../ticket/close/get-approval/{{$tickets->id}}",//route 600
|
||||||
beforeSend: function() {
|
beforeSend: function() {
|
||||||
$("#hidespin").hide();
|
$("#hidespin").hide();
|
||||||
@@ -1463,7 +1463,7 @@ if ($thread->title != "") {
|
|||||||
// Resolved a ticket
|
// Resolved a ticket
|
||||||
$('#resolved').on('click', function(e) {
|
$('#resolved').on('click', function(e) {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: "GET",
|
type: "POST",
|
||||||
url: "../ticket/resolve/{{$tickets->id}}",
|
url: "../ticket/resolve/{{$tickets->id}}",
|
||||||
beforeSend: function() {
|
beforeSend: function() {
|
||||||
$("#hide2").hide();
|
$("#hide2").hide();
|
||||||
@@ -1493,7 +1493,7 @@ if ($thread->title != "") {
|
|||||||
// Open a ticket
|
// Open a ticket
|
||||||
$('#open').on('click', function(e) {
|
$('#open').on('click', function(e) {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: "GET",
|
type: "POST",
|
||||||
url: "../ticket/open/{{$tickets->id}}",
|
url: "../ticket/open/{{$tickets->id}}",
|
||||||
beforeSend: function() {
|
beforeSend: function() {
|
||||||
$("#hide2").hide();
|
$("#hide2").hide();
|
||||||
@@ -1515,7 +1515,7 @@ if ($thread->title != "") {
|
|||||||
// delete a ticket
|
// delete a ticket
|
||||||
$('#delete').on('click', function(e) {
|
$('#delete').on('click', function(e) {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: "GET",
|
type: "POST",
|
||||||
url: "../ticket/delete/{{$tickets->id}}",
|
url: "../ticket/delete/{{$tickets->id}}",
|
||||||
beforeSend: function() {
|
beforeSend: function() {
|
||||||
$("#hide2").hide();
|
$("#hide2").hide();
|
||||||
|
|||||||
@@ -346,11 +346,11 @@ Route::group(['middleware' => ['web']], function () {
|
|||||||
Route::patch('/internal/note/{id}', ['as' => 'Internal.note', 'uses' => 'Agent\helpdesk\TicketController@InternalNote']); /* Patch Internal Note */
|
Route::patch('/internal/note/{id}', ['as' => 'Internal.note', 'uses' => 'Agent\helpdesk\TicketController@InternalNote']); /* Patch Internal Note */
|
||||||
Route::patch('/ticket/assign/{id}', ['as' => 'assign.ticket', 'uses' => 'Agent\helpdesk\TicketController@assign']); /* Patch Ticket assigned to whom */
|
Route::patch('/ticket/assign/{id}', ['as' => 'assign.ticket', 'uses' => 'Agent\helpdesk\TicketController@assign']); /* Patch Ticket assigned to whom */
|
||||||
Route::patch('/ticket/post/edit/{id}', ['as' => 'ticket.post.edit', 'uses' => 'Agent\helpdesk\TicketController@ticketEditPost']); /* Patchi Ticket Edit */
|
Route::patch('/ticket/post/edit/{id}', ['as' => 'ticket.post.edit', 'uses' => 'Agent\helpdesk\TicketController@ticketEditPost']); /* Patchi Ticket Edit */
|
||||||
Route::get('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /* Get Print Ticket */
|
Route::post('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /* Get Print Ticket */
|
||||||
Route::get('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /* Get Ticket Close */
|
Route::post('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /* Get Ticket Close */
|
||||||
Route::get('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /* Get ticket Resolve */
|
Route::post('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /* Get ticket Resolve */
|
||||||
Route::get('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /* Get Ticket Open */
|
Route::post('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /* Get Ticket Open */
|
||||||
Route::get('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /* Get Ticket Delete */
|
Route::post('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /* Get Ticket Delete */
|
||||||
Route::get('/email/ban/{id}', ['as' => 'ban.email', 'uses' => 'Agent\helpdesk\TicketController@ban']); /* Get Ban Email */
|
Route::get('/email/ban/{id}', ['as' => 'ban.email', 'uses' => 'Agent\helpdesk\TicketController@ban']); /* Get Ban Email */
|
||||||
Route::get('/ticket/surrender/{id}', ['as' => 'ticket.surrender', 'uses' => 'Agent\helpdesk\TicketController@surrender']); /* Get Ticket Surrender */
|
Route::get('/ticket/surrender/{id}', ['as' => 'ticket.surrender', 'uses' => 'Agent\helpdesk\TicketController@surrender']); /* Get Ticket Surrender */
|
||||||
Route::get('/aaaa', 'Client\helpdesk\GuestController@ticket_number');
|
Route::get('/aaaa', 'Client\helpdesk\GuestController@ticket_number');
|
||||||
|
|||||||
Reference in New Issue
Block a user