BitMaster/ProxyPanel
1
0
Fork 0
mirror of https://github.com/ProxyPanel/ProxyPanel.git synced 2026-04-02 10:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
f8cb2b9062794032b63a0d67a8df01834cb2a239
ProxyPanel/app/Http/Controllers/User/TicketController.php
BrettonYe f8cb2b9062 Fixed Order & Ticket IDOR 
Solved #292 2nd & 3rd problem;
2026-03-15 22:44:48 +08:00

112 lines
3.6 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\User;
use App\Http\Controllers\Controller;
use App\Models\Ticket;
use Illuminate\Contracts\View\View;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
class TicketController extends Controller
{
public function index(Request $request): View
{ // 工单
return view('user.tickets', [
'tickets' => auth()->user()->tickets()->latest()->paginate(10)->appends($request->except('page')),
'responseStats' => Ticket::getAvgFirstResponseData(),
]);
}
public function store(Request $request): JsonResponse
{ // 添加工单
$validatedData = $request->validate([
'title' => 'required|string|max:255',
'content' => 'required|string|max:300',
]);
// 清理内容,防止恶意代码
$title = $validatedData['title'];
$content = substr(str_replace(['atob', 'eval'], '', clean($validatedData['content'])), 0, 300);
$ticket = auth()->user()->tickets()->create(compact('title', 'content'));
if ($ticket) {
// 通知相关管理员
return response()->json([
'status' => 'success',
'message' => trans('common.success_item', ['attribute' => trans('common.submit')]),
]);
}
return response()->json([
'status' => 'fail',
'message' => trans('common.failed_item', ['attribute' => trans('common.create')]),
]);
}
public function edit(Ticket $ticket): View
{ // 回复工单
if ($ticket->user_id !== auth()->id()) {
abort(404, trans('http-statuses.404'));
}
$replyList = $ticket->reply()
->with('ticket:id,status', 'admin:id,username,qq', 'user:id,username,qq')
->oldest()
->get();
return view('user.replyTicket', compact('ticket', 'replyList'));
}
public function reply(Request $request, Ticket $ticket): JsonResponse
{
if ($ticket->user_id !== auth()->id()) {
return response()->json(['status' => 'fail', 'message' => trans('http-statuses.401')]);
}
$validatedData = $request->validate([
'content' => 'required|string|max:300',
]);
// 清理内容,防止恶意代码
$content = substr(str_replace(['atob', 'eval'], '', clean($validatedData['content'])), 0, 300);
$reply = $ticket->reply()->create([
'user_id' => auth()->id(),
'content' => $content,
]);
if ($reply) {
return response()->json([
'status' => 'success',
'message' => trans('common.success_item', ['attribute' => trans('user.ticket.reply')]),
]);
}
return response()->json([
'status' => 'fail',
'message' => trans('common.failed_item', ['attribute' => trans('user.ticket.reply')]),
]);
}
public function close(Ticket $ticket): JsonResponse
{ // 关闭工单
if ($ticket->user_id !== auth()->id()) {
return response()->json(['status' => 'fail', 'message' => trans('http-statuses.401')]);
}
if ($ticket->close()) {
return response()->json([
'status' => 'success',
'message' => trans('common.success_item', ['attribute' => trans('common.close')]),
]);
}
return response()->json([
'status' => 'fail',
'message' => trans('common.failed_item', ['attribute' => trans('common.close')]),
]);
}
}
Reference in New Issue View Git Blame Copy Permalink