LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82aa4bf5de5258f1734db0188728fa7f5b750286
tinker_tickets/api
T
History
jared 82aa4bf5de Harden attachment deletion and template CRUD validation 
- delete_attachment.php: add realpath() path traversal check before
  unlink() — mirrors the defense-in-depth already in download_attachment.php;
  also cast ticket_id to int when building the path
- manage_templates.php: add input validation to POST and PUT handlers:
  required field checks, max length caps (name 100, title 255, desc 64KB),
  allowlist validation for category/type, priority clamped to 1-5

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 13:41:22 -04:00
..
add_comment.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
assign_ticket.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
audit_log.php
Fix CSS variables, missing utility classes, API hardening, and audit log UX
2026-03-28 13:22:12 -04:00
bootstrap.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
bulk_operation.php
Fix bracket buttons rendering below text + UI/security improvements
2026-03-19 22:20:43 -04:00
check_duplicates.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
clone_ticket.php
Use canUserAccessTicket() in clone_ticket.php; fix README bootstrap entry
2026-03-20 21:47:03 -04:00
custom_fields.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
delete_attachment.php
Harden attachment deletion and template CRUD validation
2026-03-28 13:41:22 -04:00
delete_comment.php
Integrate web_template design system and fix security/quality issues
2026-03-17 23:22:24 -04:00
download_attachment.php
Integrate web_template design system and fix security/quality issues
2026-03-17 23:22:24 -04:00
export_tickets.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
generate_api_key.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
get_template.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
get_users.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
health.php
Add performance, security, and reliability improvements
2026-01-30 14:39:13 -05:00
manage_recurring.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
manage_templates.php
Harden attachment deletion and template CRUD validation
2026-03-28 13:41:22 -04:00
manage_workflows.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
revoke_api_key.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
saved_filters.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
ticket_dependencies.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
update_comment.php
Integrate web_template design system and fix security/quality issues
2026-03-17 23:22:24 -04:00
update_ticket.php
Show only changed fields (delta) in ticket activity timeline
2026-03-28 13:35:01 -04:00
upload_attachment.php
Enforce ticket visibility on attachment and update endpoints
2026-03-20 21:42:47 -04:00
user_preferences.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00