From 5d8b86bf5e6eb85ad04815dbf892522934d85742 Mon Sep 17 00:00:00 2001
From: Manish Verma <mverma16@outlook.com>
Date: Fri, 12 Mar 2021 18:39:45 +0530
Subject: [PATCH] URL access vulenrability patch

---
 .../Controllers/SettingsController.php        |  5 +++++
 .../Admin/helpdesk/PriorityController.php     |  2 +-
 .../Admin/helpdesk/UrlSettingController.php   |  2 +-
 app/Http/Controllers/Job/MailController.php   |  5 +++++
 app/Http/Controllers/Job/QueueController.php  |  5 +++++
 .../manage/ticket_priority/index.blade.php    | 19 +++++++++----------
 6 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/app/FaveoStorage/Controllers/SettingsController.php b/app/FaveoStorage/Controllers/SettingsController.php
index 077ef4302..a2d1e31ee 100644
--- a/app/FaveoStorage/Controllers/SettingsController.php
+++ b/app/FaveoStorage/Controllers/SettingsController.php
@@ -13,6 +13,11 @@ use RecursiveIteratorIterator;
 
 class SettingsController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware(['auth', 'roles']);
+    }
+
     public function settingsIcon()
     {
         return ' <div class="col-md-2 col-sm-6">
diff --git a/app/Http/Controllers/Admin/helpdesk/PriorityController.php b/app/Http/Controllers/Admin/helpdesk/PriorityController.php
index 625a44fd9..a4d395fda 100644
--- a/app/Http/Controllers/Admin/helpdesk/PriorityController.php
+++ b/app/Http/Controllers/Admin/helpdesk/PriorityController.php
@@ -31,7 +31,7 @@ class PriorityController extends Controller
     {
         $this->PhpMailController = $PhpMailController;
         $this->NotificationController = $NotificationController;
-        $this->middleware('auth');
+        $this->middleware('roles');
     }
 
     /**
diff --git a/app/Http/Controllers/Admin/helpdesk/UrlSettingController.php b/app/Http/Controllers/Admin/helpdesk/UrlSettingController.php
index 6e526bdae..ba5006d8f 100644
--- a/app/Http/Controllers/Admin/helpdesk/UrlSettingController.php
+++ b/app/Http/Controllers/Admin/helpdesk/UrlSettingController.php
@@ -10,7 +10,7 @@ class UrlSettingController extends Controller
 {
     public function __construct()
     {
-        $this->middleware('auth');
+        $this->middleware(['auth', 'roles']);
     }
 
     public function settings(Request $request)
diff --git a/app/Http/Controllers/Job/MailController.php b/app/Http/Controllers/Job/MailController.php
index bab160754..0e4340471 100644
--- a/app/Http/Controllers/Job/MailController.php
+++ b/app/Http/Controllers/Job/MailController.php
@@ -9,6 +9,11 @@ use Illuminate\Http\Request;
 
 class MailController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware(['auth', 'roles']);
+    }
+
     public function serviceForm(Request $request)
     {
         $serviceid = $request->input('service');
diff --git a/app/Http/Controllers/Job/QueueController.php b/app/Http/Controllers/Job/QueueController.php
index 9a994201d..fe5903ba0 100644
--- a/app/Http/Controllers/Job/QueueController.php
+++ b/app/Http/Controllers/Job/QueueController.php
@@ -12,6 +12,11 @@ use Illuminate\Http\Request;
 
 class QueueController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware(['auth', 'roles']);
+    }
+
     public function index()
     {
         try {
diff --git a/resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php b/resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php
index 64ec1ca4c..e2c1eb0de 100644
--- a/resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php
+++ b/resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php
@@ -58,14 +58,11 @@ class="nav-link active"
             </a>
         </div>
     </div>
+    <div class="card-header">
+        <div class="card-tools" style="color:#fff">
+         <a class="right" title="" data-placement="right" data-toggle="tooltip" href="#" data-original-title="{{Lang::get('lang.active_user_can_select_the_priority_while_creating_ticket')}}">
 
-    <div class="card-body">
-
-        <div class="mb-3">
-            
-            <a class="right" title="" data-placement="right" data-toggle="tooltip" href="#" data-original-title="{{Lang::get('lang.active_user_can_select_the_priority_while_creating_ticket')}}">
-
-                <span class="lead" >{!! Lang::get('lang.current') !!}{!! Lang::get('lang.user_priority_status') !!}</span> - 
+                <span class="lead" >{!! Lang::get('lang.user_priority_status') !!}</span>
            </a>
 
             <div class="btn-group" id="toggle_event_editing">
@@ -73,7 +70,8 @@ class="nav-link active"
                 <button type="button"  class="btn {{$user_status->status == '1' ? 'btn-info' : 'btn-default'}} unlocked_inactive">Active</button>
             </div>
         </div>
-
+    </div>
+    <div class="card-body">
         {!! Datatable::table()
         ->addColumn(
         Lang::get('lang.priority'),
@@ -85,6 +83,8 @@ class="nav-link active"
         ->render() !!}
     </div>
 </div>
+@stop
+@push('scripts')
 <script type="text/javascript">
     $('a').tooltip()
 </script>
@@ -133,5 +133,4 @@ class="nav-link active"
         });
     });
 </script>
-
-@stop
\ No newline at end of file
+@endpush
\ No newline at end of file