Jared Vititoe
164c2d231a
Security fixes: - add_comment.php: verify canUserAccessTicket() before allowing comment creation - assign_ticket.php: use canUserAccessTicket() to prevent info leakage via 403 vs 404 - check_duplicates.php: apply getVisibilityFilter() so confidential ticket titles are not exposed in duplicate search results - ticket_dependencies.php: verify ticket access on GET before returning dependency data Route registration: - Register 7 previously missing API endpoints in index.php: custom_fields, saved_filters, audit_log, user_preferences, download_attachment, clone_ticket, health Frontend: - ticket.js: fill empty catch block and empty else block in addComment() with proper error toasts Documentation: - README.md: document all API endpoints and update project structure listing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
5.0 KiB
5.0 KiB