tinker_tickets

Files

T

jared 6b76496640 fix: CSRF on ticket create form, DOM-safe duplicate list, audit-log param validation

- TicketController::create: validate csrf_token from POST before processing
- CreateTicketView: emit hidden csrf_token field; replace innerHTML duplicate
  list with DOM methods to prevent any XSS path; guard checkDuplicates() with
  lt.api availability check
- index.php audit-log: allowlist action_type; validate date_from/date_to as
  YYYY-MM-DD before passing to query

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-28 21:26:52 -04:00

admin

Fix CSS variables, missing utility classes, API hardening, and audit log UX

2026-03-28 13:22:12 -04:00

CreateTicketView.php

fix: CSRF on ticket create form, DOM-safe duplicate list, audit-log param validation

2026-03-28 21:26:52 -04:00

DashboardView.php

Align UI with web_template TDS v1.2 standards

2026-03-28 13:06:40 -04:00

layout_footer.php

Align UI with web_template TDS v1.2 standards

2026-03-28 13:06:40 -04:00

layout_header.php

feat: LDAP avatar support via lldap

2026-03-28 20:47:08 -04:00

TicketView.php

feat: LDAP avatar support via lldap

2026-03-28 20:47:08 -04:00