Fix bracket buttons rendering below text + UI/security improvements

CSS fixes: - Fix [ ] brackets appearing below button text by replacing display:inline-flex with display:inline-block + white-space:nowrap on .btn — removes cross-browser flex pseudo-element inconsistency as root cause - Remove conflicting .btn::before ripple block (position:absolute was overriding bracket content positioning) - Remove overflow:hidden from .btn which was clipping bracket content - Fix body::after duplicate rule causing GPU layer blink (second position:fixed rule re-created compositor layer, overriding display:none suppression) - Replace all transition:all with scoped property transitions in dashboard.css, ticket.css, base.css (prevents full CSS property evaluation on every hover) - Convert pulse-warning/pulse-critical keyframes from box-shadow to opacity animation (GPU-composited, eliminates CPU repaints at 60fps) - Fix mobile *::before/*::after blanket content:none rule — now targets only decorative frame glyphs, preserving button brackets and status indicators - Remove --terminal-green-dim override that broke .lt-btn hover backgrounds JS fixes: - Fix all lt.lt.toast.* double-prefix instances in dashboard.js - Add null guard before .appendChild() on bulkAssignUser select - Replace all remaining emoji with terminal bracket notation (dashboard.js, ticket.js, markdown.js) - Migrate all toast.*() shim calls to lt.toast.* across all JS files View fixes: - Remove hardcoded [ ] brackets from .btn buttons (CSS now adds them) - Replace all emoji with terminal bracket notation in all views and admin views - Add missing CSP nonces to AuditLogView.php and UserActivityView.php script tags - Bump CSS version strings to ?v=20260319b for cache busting Security fixes: - update_ticket.php: add authorization check (non-admins can only edit their own or assigned tickets) - add_comment.php: validate and cast ticket_id to integer with 400 response - clone_ticket.php: fix unconditional session_start(), add ticket ID validation, add internal ticket access check - bulk_operation.php: add HTTP 401/403 status codes on auth failures - upload_attachment.php: fix missing $conn arg in AttachmentModel constructor - assign_ticket.php: add ticket existence check and permission verification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 22:20:43 -04:00
parent dd8833ee2f
commit 27075a62ee
23 changed files with 376 additions and 328 deletions
--- a/views/DashboardView.php
+++ b/views/DashboardView.php
@@ -13,7 +13,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
    <title>Ticket Dashboard</title>
    <link rel="icon" type="image/png" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/images/favicon.png">
    <link rel="stylesheet" href="/assets/css/base.css">
-    <link rel="stylesheet" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/css/dashboard.css?v=20260131e">
+    <link rel="stylesheet" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/css/dashboard.css?v=20260319b">
    <script nonce="<?php echo $nonce; ?>" src="/assets/js/base.js"></script>
    <script nonce="<?php echo $nonce; ?>" src="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/js/ascii-banner.js"></script>
    <script nonce="<?php echo $nonce; ?>" src="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/js/toast.js"></script>
@@ -80,26 +80,26 @@ $nonce = SecurityHeadersMiddleware::getNonce();
    </script>
    <header class="user-header" role="banner">
        <div class="user-header-left">
-            <a href="/" class="app-title">🎫 Tinker Tickets</a>
+            <a href="/" class="app-title">[ TINKER TICKETS ]</a>
        </div>
        <div class="user-header-right">
            <?php if (isset($GLOBALS['currentUser'])): ?>
-                <span class="user-name">👤 <?php echo htmlspecialchars($GLOBALS['currentUser']['display_name'] ?? $GLOBALS['currentUser']['username']); ?></span>
+                <span class="user-name">[ <?php echo htmlspecialchars(strtoupper($GLOBALS['currentUser']['display_name'] ?? $GLOBALS['currentUser']['username'])); ?> ]</span>
                <?php if ($GLOBALS['currentUser']['is_admin']): ?>
                    <div class="admin-dropdown">
-                        <button class="admin-badge" data-action="toggle-admin-menu">Admin ▼</button>
+                        <button class="admin-badge" data-action="toggle-admin-menu">[ ADMIN ▼ ]</button>
                        <div class="admin-dropdown-content" id="adminDropdown">
-                            <a href="/admin/templates">📋 Templates</a>
-                            <a href="/admin/workflow">🔄 Workflow</a>
-                            <a href="/admin/recurring-tickets">🔁 Recurring Tickets</a>
-                            <a href="/admin/custom-fields">📝 Custom Fields</a>
-                            <a href="/admin/user-activity">👥 User Activity</a>
-                            <a href="/admin/audit-log">📜 Audit Log</a>
-                            <a href="/admin/api-keys">🔑 API Keys</a>
+                            <a href="/admin/templates">TEMPLATES</a>
+                            <a href="/admin/workflow">WORKFLOW</a>
+                            <a href="/admin/recurring-tickets">RECURRING</a>
+                            <a href="/admin/custom-fields">CUSTOM FIELDS</a>
+                            <a href="/admin/user-activity">USER ACTIVITY</a>
+                            <a href="/admin/audit-log">AUDIT LOG</a>
+                            <a href="/admin/api-keys">API KEYS</a>
                        </div>
                    </div>
                <?php endif; ?>
-                <button class="settings-icon" title="Settings (Alt+S)" data-action="open-settings" aria-label="Settings">⚙</button>
+                <button class="settings-icon" title="Settings (Alt+S)" data-action="open-settings" aria-label="Settings">[ CFG ]</button>
            <?php endif; ?>
        </div>
    </header>
@@ -203,42 +203,42 @@ $nonce = SecurityHeadersMiddleware::getNonce();
    <div class="stats-widgets">
        <div class="stats-row">
            <div class="stat-card stat-open">
-                <div class="stat-icon">📂</div>
+                <div class="stat-icon">[ # ]</div>
                <div class="stat-content">
                    <div class="stat-value"><?php echo $stats['open_tickets']; ?></div>
                    <div class="stat-label">Open Tickets</div>
                </div>
            </div>
            <div class="stat-card stat-critical">
-                <div class="stat-icon">🔥</div>
+                <div class="stat-icon">[ ! ]</div>
                <div class="stat-content">
                    <div class="stat-value"><?php echo $stats['critical']; ?></div>
                    <div class="stat-label">Critical (P1)</div>
                </div>
            </div>
            <div class="stat-card stat-unassigned">
-                <div class="stat-icon">👤</div>
+                <div class="stat-icon">[ @ ]</div>
                <div class="stat-content">
                    <div class="stat-value"><?php echo $stats['unassigned']; ?></div>
                    <div class="stat-label">Unassigned</div>
                </div>
            </div>
            <div class="stat-card stat-today">
-                <div class="stat-icon">📅</div>
+                <div class="stat-icon">[ + ]</div>
                <div class="stat-content">
                    <div class="stat-value"><?php echo $stats['created_today']; ?></div>
                    <div class="stat-label">Created Today</div>
                </div>
            </div>
            <div class="stat-card stat-resolved">
-                <div class="stat-icon">✓</div>
+                <div class="stat-icon">[ ✓ ]</div>
                <div class="stat-content">
                    <div class="stat-value"><?php echo $stats['closed_today']; ?></div>
                    <div class="stat-label">Closed Today</div>
                </div>
            </div>
            <div class="stat-card stat-time">
-                <div class="stat-icon">⏱</div>
+                <div class="stat-icon">[ t ]</div>
                <div class="stat-content">
                    <div class="stat-value"><?php echo $stats['avg_resolution_hours']; ?>h</div>
                    <div class="stat-label">Avg Resolution</div>
@@ -252,7 +252,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
    <div class="dashboard-toolbar">
        <!-- Left: Title + Search -->
        <div class="toolbar-left">
-            <h1 class="dashboard-title">🎫 Tickets</h1>
+            <h1 class="dashboard-title">[ TICKETS ]</h1>
            <form method="GET" action="" class="toolbar-search">
                <!-- Preserve existing parameters -->
                <?php if (isset($_GET['status'])): ?>
@@ -273,11 +273,11 @@ $nonce = SecurityHeadersMiddleware::getNonce();

                <input type="text"
                    name="search"
-                    placeholder="🔍 Search tickets..."
+                    placeholder="&gt; Search tickets..."
                    class="search-box"
                    value="<?php echo isset($_GET['search']) ? htmlspecialchars($_GET['search']) : ''; ?>">
                <button type="submit" class="btn search-btn">Search</button>
-                <button type="button" class="btn btn-secondary" data-action="open-advanced-search" title="Advanced Search">⚙ Advanced</button>
+                <button type="button" class="btn btn-secondary" data-action="open-advanced-search" title="Advanced Search">FILTER</button>
                <?php if (isset($_GET['search']) && !empty($_GET['search'])): ?>
                    <a href="?" class="clear-search-btn">✗</a>
                <?php endif; ?>
@@ -468,9 +468,9 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                    // Quick actions column
                    echo "<td class='quick-actions-cell'>";
                    echo "<div class='quick-actions'>";
-                    echo "<button data-action='view-ticket' data-ticket-id='{$row['ticket_id']}' class='quick-action-btn' title='View'>👁</button>";
-                    echo "<button data-action='quick-status' data-ticket-id='{$row['ticket_id']}' data-status='{$row['status']}' class='quick-action-btn' title='Change Status'>🔄</button>";
-                    echo "<button data-action='quick-assign' data-ticket-id='{$row['ticket_id']}' class='quick-action-btn' title='Assign'>👤</button>";
+                    echo "<button data-action='view-ticket' data-ticket-id='{$row['ticket_id']}' class='quick-action-btn' title='View'>&gt;</button>";
+                    echo "<button data-action='quick-status' data-ticket-id='{$row['ticket_id']}' data-status='{$row['status']}' class='quick-action-btn' title='Change Status'>~</button>";
+                    echo "<button data-action='quick-assign' data-ticket-id='{$row['ticket_id']}' class='quick-action-btn' title='Assign'>@</button>";
                    echo "</div>";
                    echo "</td>";
                    echo "</tr>";
@@ -509,17 +509,17 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                                <div class="ticket-card-main">
                                    <div class="ticket-card-title"><?php echo htmlspecialchars($row['title']); ?></div>
                                    <div class="ticket-card-meta">
-                                        <span>📁 <?php echo htmlspecialchars($row['category']); ?></span>
-                                        <span>👤 <?php echo htmlspecialchars($assignedTo); ?></span>
-                                        <span>📅 <?php echo date('M j', strtotime($row['updated_at'])); ?></span>
+                                        <span><?php echo htmlspecialchars($row['category']); ?></span>
+                                        <span>@ <?php echo htmlspecialchars($assignedTo); ?></span>
+                                        <span><?php echo date('M j', strtotime($row['updated_at'])); ?></span>
                                    </div>
                                </div>
                                <div class="ticket-card-status <?php echo $statusClass; ?>">
                                    <?php echo $row['status']; ?>
                                </div>
                                <div class="ticket-card-actions">
-                                    <button data-action="view-ticket" data-ticket-id="<?php echo $row['ticket_id']; ?>" title="View">👁</button>
-                                    <button data-action="quick-status" data-ticket-id="<?php echo $row['ticket_id']; ?>" data-status="<?php echo $row['status']; ?>" title="Status">🔄</button>
+                                    <button data-action="view-ticket" data-ticket-id="<?php echo $row['ticket_id']; ?>" title="View">&gt;</button>
+                                    <button data-action="quick-status" data-ticket-id="<?php echo $row['ticket_id']; ?>" data-status="<?php echo $row['status']; ?>" title="Status">~</button>
                                </div>
                            </div>
                            <?php
@@ -578,7 +578,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
    <div class="lt-modal-overlay" id="settingsModal" aria-hidden="true" role="dialog" aria-modal="true" aria-labelledby="settingsModalTitle">
        <div class="lt-modal">
            <div class="lt-modal-header">
-                <span class="lt-modal-title" id="settingsModalTitle">⚙ System Preferences</span>
+                <span class="lt-modal-title" id="settingsModalTitle">[ CFG ] SYSTEM PREFERENCES</span>
                <button class="lt-modal-close" data-modal-close aria-label="Close settings">✕</button>
            </div>

@@ -734,7 +734,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
    <div class="lt-modal-overlay" id="advancedSearchModal" aria-hidden="true" role="dialog" aria-modal="true" aria-labelledby="advancedSearchModalTitle">
        <div class="lt-modal">
            <div class="lt-modal-header">
-                <span class="lt-modal-title" id="advancedSearchModalTitle">🔍 Advanced Search</span>
+                <span class="lt-modal-title" id="advancedSearchModalTitle">[ FILTER ] ADVANCED SEARCH</span>
                <button class="lt-modal-close" data-modal-close aria-label="Close advanced search">✕</button>
            </div>

@@ -750,8 +750,8 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                            </select>
                        </div>
                        <div class="setting-row setting-row-right">
-                            <button type="button" class="btn btn-secondary btn-setting" data-action="save-filter">💾 Save Current</button>
-                            <button type="button" class="btn btn-secondary btn-setting" data-action="delete-filter">🗑 Delete Selected</button>
+                            <button type="button" class="btn btn-secondary btn-setting" data-action="save-filter">SAVE</button>
+                            <button type="button" class="btn btn-secondary btn-setting" data-action="delete-filter">DELETE</button>
                        </div>
                    </div>