URL access vulenrability patch

2021-03-12 18:39:45 +05:30
parent 25c383d8b8
commit 5d8b86bf5e
6 changed files with 26 additions and 12 deletions
--- a/app/FaveoStorage/Controllers/SettingsController.php
+++ b/app/FaveoStorage/Controllers/SettingsController.php
@@ -13,6 +13,11 @@ use RecursiveIteratorIterator;

 class SettingsController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware(['auth', 'roles']);
+    }
+
    public function settingsIcon()
    {
        return ' <div class="col-md-2 col-sm-6">
--- a/app/Http/Controllers/Admin/helpdesk/PriorityController.php
+++ b/app/Http/Controllers/Admin/helpdesk/PriorityController.php
@@ -31,7 +31,7 @@ class PriorityController extends Controller
    {
        $this->PhpMailController = $PhpMailController;
        $this->NotificationController = $NotificationController;
-        $this->middleware('auth');
+        $this->middleware('roles');
    }

    /**
--- a/app/Http/Controllers/Admin/helpdesk/UrlSettingController.php
+++ b/app/Http/Controllers/Admin/helpdesk/UrlSettingController.php
@@ -10,7 +10,7 @@ class UrlSettingController extends Controller
 {
    public function __construct()
    {
-        $this->middleware('auth');
+        $this->middleware(['auth', 'roles']);
    }

    public function settings(Request $request)
--- a/app/Http/Controllers/Job/MailController.php
+++ b/app/Http/Controllers/Job/MailController.php
@@ -9,6 +9,11 @@ use Illuminate\Http\Request;

 class MailController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware(['auth', 'roles']);
+    }
+
    public function serviceForm(Request $request)
    {
        $serviceid = $request->input('service');
--- a/app/Http/Controllers/Job/QueueController.php
+++ b/app/Http/Controllers/Job/QueueController.php
@@ -12,6 +12,11 @@ use Illuminate\Http\Request;

 class QueueController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware(['auth', 'roles']);
+    }
+
    public function index()
    {
        try {
--- a/resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php
+++ b/resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php
@@ -58,14 +58,11 @@ class="nav-link active"
            </a>
        </div>
    </div>
+    <div class="card-header">
+        <div class="card-tools" style="color:#fff">
+         <a class="right" title="" data-placement="right" data-toggle="tooltip" href="#" data-original-title="{{Lang::get('lang.active_user_can_select_the_priority_while_creating_ticket')}}">

-    <div class="card-body">
-
-        <div class="mb-3">
-            
-            <a class="right" title="" data-placement="right" data-toggle="tooltip" href="#" data-original-title="{{Lang::get('lang.active_user_can_select_the_priority_while_creating_ticket')}}">
-
-                <span class="lead" >{!! Lang::get('lang.current') !!}{!! Lang::get('lang.user_priority_status') !!}</span> - 
+                <span class="lead" >{!! Lang::get('lang.user_priority_status') !!}</span>
           </a>

            <div class="btn-group" id="toggle_event_editing">
@@ -73,7 +70,8 @@ class="nav-link active"
                <button type="button"  class="btn {{$user_status->status == '1' ? 'btn-info' : 'btn-default'}} unlocked_inactive">Active</button>
            </div>
        </div>
-
+    </div>
+    <div class="card-body">
        {!! Datatable::table()
        ->addColumn(
        Lang::get('lang.priority'),
@@ -85,6 +83,8 @@ class="nav-link active"
        ->render() !!}
    </div>
 </div>
+@stop
+@push('scripts')
 <script type="text/javascript">
    $('a').tooltip()
 </script>
@@ -133,5 +133,4 @@ class="nav-link active"
        });
    });
 </script>
-
-@stop
+@endpush