cuongpv/faveo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

URL access vulenrability patch

Browse Source
This commit is contained in:
Manish Verma
2021-03-12 18:39:45 +05:30
parent 25c383d8b8
commit 5d8b86bf5e
6 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/FaveoStorage/Controllers/SettingsController.php
View File

@@ -13,6 +13,11 @@ use RecursiveIteratorIterator;
class SettingsController extends Controller class SettingsController extends Controller
{ {
public function __construct()
{
$this->middleware(['auth', 'roles']);
}
public function settingsIcon() public function settingsIcon()
{ {
return ' <div class="col-md-2 col-sm-6"> return ' <div class="col-md-2 col-sm-6">

2
app/Http/Controllers/Admin/helpdesk/PriorityController.php
View File

@@ -31,7 +31,7 @@ class PriorityController extends Controller
{ {
$this->PhpMailController = $PhpMailController; $this->PhpMailController = $PhpMailController;
$this->NotificationController = $NotificationController; $this->NotificationController = $NotificationController;
$this->middleware('auth'); $this->middleware('roles');
} }
/** /**

2
app/Http/Controllers/Admin/helpdesk/UrlSettingController.php
View File

@@ -10,7 +10,7 @@ class UrlSettingController extends Controller
{ {
public function __construct() public function __construct()
{ {
$this->middleware('auth'); $this->middleware(['auth', 'roles']);
} }
public function settings(Request $request) public function settings(Request $request)

5
app/Http/Controllers/Job/MailController.php
View File

@@ -9,6 +9,11 @@ use Illuminate\Http\Request;
class MailController extends Controller class MailController extends Controller
{ {
public function __construct()
{
$this->middleware(['auth', 'roles']);
}
public function serviceForm(Request $request) public function serviceForm(Request $request)
{ {
$serviceid = $request->input('service'); $serviceid = $request->input('service');

5
app/Http/Controllers/Job/QueueController.php
View File

@@ -12,6 +12,11 @@ use Illuminate\Http\Request;
class QueueController extends Controller class QueueController extends Controller
{ {
public function __construct()
{
$this->middleware(['auth', 'roles']);
}
public function index() public function index()
{ {
try { try {

17
resources/views/themes/default1/admin/helpdesk/manage/ticket_priority/index.blade.php
View File

@@ -58,14 +58,11 @@ class="nav-link active"
</a> </a>
</div> </div>
</div> </div>
<div class="card-header">
<div class="card-body"> <div class="card-tools" style="color:#fff">
<div class="mb-3">
<a class="right" title="" data-placement="right" data-toggle="tooltip" href="#" data-original-title="{{Lang::get('lang.active_user_can_select_the_priority_while_creating_ticket')}}"> <a class="right" title="" data-placement="right" data-toggle="tooltip" href="#" data-original-title="{{Lang::get('lang.active_user_can_select_the_priority_while_creating_ticket')}}">
<span class="lead" >{!! Lang::get('lang.current') !!}{!! Lang::get('lang.user_priority_status') !!}</span> - <span class="lead" >{!! Lang::get('lang.user_priority_status') !!}</span>
</a> </a>
<div class="btn-group" id="toggle_event_editing"> <div class="btn-group" id="toggle_event_editing">
@@ -73,7 +70,8 @@ class="nav-link active"
<button type="button" class="btn {{$user_status->status == '1' ? 'btn-info' : 'btn-default'}} unlocked_inactive">Active</button> <button type="button" class="btn {{$user_status->status == '1' ? 'btn-info' : 'btn-default'}} unlocked_inactive">Active</button>
</div> </div>
</div> </div>
</div>
<div class="card-body">
{!! Datatable::table() {!! Datatable::table()
->addColumn( ->addColumn(
Lang::get('lang.priority'), Lang::get('lang.priority'),
@@ -85,6 +83,8 @@ class="nav-link active"
->render() !!} ->render() !!}
</div> </div>
</div> </div>
@stop
@push('scripts')
<script type="text/javascript"> <script type="text/javascript">
$('a').tooltip() $('a').tooltip()
</script> </script>
@@ -133,5 +133,4 @@ class="nav-link active"
}); });
}); });
</script> </script>
@endpush
@stop