- Fix fatal PHP error in UserModel::getAllGroups() - typo 'setCache'
should be 'setCached', was causing ticket page to fail to render
- Fix settings.js null reference errors when timezone element missing
on ticket page (only exists on dashboard)
- Fix ESC key detection for settings modal (checked 'block' but modal
uses 'flex' display)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add timezone dropdown to settings modal with common timezones
- Save/load timezone preference per user
- Apply user's timezone preference after authentication
- Override system default with user preference if set
- Make dashboard logo clickable (returns to default filters)
- Show current timezone in settings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security improvements across all JavaScript files:
CSRF Protection:
- assets/js/ticket.js - Added X-CSRF-Token header to 5 fetch calls
(update_ticket.php x3, add_comment.php, assign_ticket.php)
- assets/js/dashboard.js - Added X-CSRF-Token to 8 fetch calls
(update_ticket.php x2, bulk_operation.php x6)
- assets/js/settings.js - Added X-CSRF-Token to user preferences save
- assets/js/advanced-search.js - Added X-CSRF-Token to filter save/delete
XSS Prevention:
- assets/js/ticket.js:183-209 - Replaced insertAdjacentHTML() with safe
DOM API (createElement/textContent) to prevent script injection in
comment rendering. User-supplied data (user_name, created_at) now
auto-escaped via textContent.
All state-changing operations now include CSRF token validation.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
