LotusGuild/tinker_tickets
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84cc023bc47a619414569972f021def712ad16b3
tinker_tickets/api
History
Jared Vititoe 84cc023bc4 Enforce ticket visibility on attachment and update endpoints 
- delete_attachment.php: check canUserAccessTicket() before allowing deletion; return 404 (not 403) for inaccessible tickets to prevent existence leakage
- upload_attachment.php: verify ticket access on both GET (list) and POST (upload) before processing
- update_ticket.php: pass currentUser to controller; add canUserAccessTicket() check before permission check; return 404 for inaccessible tickets instead of leaking existence via 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 21:42:47 -04:00
..
add_comment.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
assign_ticket.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
audit_log.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
bootstrap.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
bulk_operation.php
Fix bracket buttons rendering below text + UI/security improvements
2026-03-19 22:20:43 -04:00
check_duplicates.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
clone_ticket.php
Fix bracket buttons rendering below text + UI/security improvements
2026-03-19 22:20:43 -04:00
custom_fields.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
delete_attachment.php
Enforce ticket visibility on attachment and update endpoints
2026-03-20 21:42:47 -04:00
delete_comment.php
Integrate web_template design system and fix security/quality issues
2026-03-17 23:22:24 -04:00
download_attachment.php
Integrate web_template design system and fix security/quality issues
2026-03-17 23:22:24 -04:00
export_tickets.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
generate_api_key.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
get_template.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
get_users.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
health.php
Add performance, security, and reliability improvements
2026-01-30 14:39:13 -05:00
manage_recurring.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
manage_templates.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
manage_workflows.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
revoke_api_key.php
Fix error message disclosure in API endpoints
2026-01-30 18:56:29 -05:00
saved_filters.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00
ticket_dependencies.php
Fix visibility enforcement and register missing API routes
2026-03-20 21:39:02 -04:00
update_comment.php
Integrate web_template design system and fix security/quality issues
2026-03-17 23:22:24 -04:00
update_ticket.php
Enforce ticket visibility on attachment and update endpoints
2026-03-20 21:42:47 -04:00
upload_attachment.php
Enforce ticket visibility on attachment and update endpoints
2026-03-20 21:42:47 -04:00
user_preferences.php
Audit fixes: security, dead code removal, API consolidation, JS dedup
2026-02-11 14:50:06 -05:00