tinker_tickets

LotusGuild/tinker_tickets

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jared Vititoe	998b85e907	feat: Replace browser alerts with terminal-aesthetic notifications Replaced all native browser dialogs with custom terminal-style UI: Utility Functions (dashboard.js): - showConfirmModal() - Reusable confirmation modal with type-based colors - showInputModal() - Text input modal for user prompts - Both support keyboard shortcuts (ESC to cancel, Enter to submit) Alert Replacements (22 instances): - Validation warnings → toast.warning() (amber, 2s) - Error messages → toast.error() (red, 5s) - Success messages → toast.success() or toast.warning() with details - Example: "Bulk close: 5 succeeded, 2 failed" vs simple "Operation complete" Confirm Replacements (3 instances): - dashboard.js:509 - Bulk close confirmation → showConfirmModal() - ticket.js:417 - Status change warning → showConfirmModal() - advanced-search.js:321 - Delete filter → showConfirmModal('error' type) Prompt Replacement (1 instance): - advanced-search.js:151 - Save filter name → showInputModal() Benefits: ✓ Visual consistency - matches terminal CRT aesthetic ✓ Non-blocking - toasts don't interrupt workflow ✓ Better UX - different colors for different message types ✓ Keyboard friendly - ESC/Enter support in modals ✓ Reusable - modal functions available for future use All dialogs maintain retro aesthetic with: - ASCII borders (╚ ╝) - Terminal green glow - Monospace fonts - Color-coded by type (amber warning, red error, cyan info) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-09 16:54:02 -05:00
Jared Vititoe	58f2e9d143	feat: Add CSRF tokens to all JavaScript fetch calls and fix XSS Security improvements across all JavaScript files: CSRF Protection: - assets/js/ticket.js - Added X-CSRF-Token header to 5 fetch calls (update_ticket.php x3, add_comment.php, assign_ticket.php) - assets/js/dashboard.js - Added X-CSRF-Token to 8 fetch calls (update_ticket.php x2, bulk_operation.php x6) - assets/js/settings.js - Added X-CSRF-Token to user preferences save - assets/js/advanced-search.js - Added X-CSRF-Token to filter save/delete XSS Prevention: - assets/js/ticket.js:183-209 - Replaced insertAdjacentHTML() with safe DOM API (createElement/textContent) to prevent script injection in comment rendering. User-supplied data (user_name, created_at) now auto-escaped via textContent. All state-changing operations now include CSRF token validation. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-09 16:13:13 -05:00
Jared Vititoe	962724d811	better filtering and searching	2026-01-09 11:20:27 -05:00

Author

SHA1

Message

Date

Jared Vititoe

998b85e907

feat: Replace browser alerts with terminal-aesthetic notifications

Replaced all native browser dialogs with custom terminal-style UI:

**Utility Functions** (dashboard.js):
- showConfirmModal() - Reusable confirmation modal with type-based colors
- showInputModal() - Text input modal for user prompts
- Both support keyboard shortcuts (ESC to cancel, Enter to submit)

**Alert Replacements** (22 instances):
- Validation warnings → toast.warning() (amber, 2s)
- Error messages → toast.error() (red, 5s)
- Success messages → toast.success() or toast.warning() with details
- Example: "Bulk close: 5 succeeded, 2 failed" vs simple "Operation complete"

**Confirm Replacements** (3 instances):
- dashboard.js:509 - Bulk close confirmation → showConfirmModal()
- ticket.js:417 - Status change warning → showConfirmModal()
- advanced-search.js:321 - Delete filter → showConfirmModal('error' type)

**Prompt Replacement** (1 instance):
- advanced-search.js:151 - Save filter name → showInputModal()

**Benefits**:
✓ Visual consistency - matches terminal CRT aesthetic
✓ Non-blocking - toasts don't interrupt workflow
✓ Better UX - different colors for different message types
✓ Keyboard friendly - ESC/Enter support in modals
✓ Reusable - modal functions available for future use

All dialogs maintain retro aesthetic with:
- ASCII borders (╚ ╝)
- Terminal green glow
- Monospace fonts
- Color-coded by type (amber warning, red error, cyan info)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-01-09 16:54:02 -05:00

Jared Vititoe

58f2e9d143

feat: Add CSRF tokens to all JavaScript fetch calls and fix XSS

Security improvements across all JavaScript files:

CSRF Protection:
- assets/js/ticket.js - Added X-CSRF-Token header to 5 fetch calls
  (update_ticket.php x3, add_comment.php, assign_ticket.php)
- assets/js/dashboard.js - Added X-CSRF-Token to 8 fetch calls
  (update_ticket.php x2, bulk_operation.php x6)
- assets/js/settings.js - Added X-CSRF-Token to user preferences save
- assets/js/advanced-search.js - Added X-CSRF-Token to filter save/delete

XSS Prevention:
- assets/js/ticket.js:183-209 - Replaced insertAdjacentHTML() with safe
  DOM API (createElement/textContent) to prevent script injection in
  comment rendering. User-supplied data (user_name, created_at) now
  auto-escaped via textContent.

All state-changing operations now include CSRF token validation.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-01-09 16:13:13 -05:00

Jared Vititoe

962724d811

better filtering and searching

2026-01-09 11:20:27 -05:00

3 Commits