Commit Graph

298 Commits

Author SHA1 Message Date
Sebastian Schmidt 7bae63a5e9 Merge branch 'master' into improve-upstream 2018-10-02 21:23:17 +10:00
Sebastian Schmidt b1a4b66da6 Secure external resourses with RSI
* Specify language in html tag
* Remove an empty script tag (when no google analytics )
2018-10-02 21:21:22 +10:00
Sebastian Schmidt 13476d9cff Fix infinity symbol by useing a utf-8 char 2018-10-02 21:21:22 +10:00
Sebastian Schmidt 7c7942f4b0 Hide ID: on ticket if the tax system is disabled 2018-10-02 21:06:44 +10:00
Sebastian Schmidt d4c7214cc4 Allow more decimal points for currency input
Service/Organiser Fees
2018-10-02 21:06:44 +10:00
Jeremy Quinton ea53c20e76 Merge pull request #478 from publicarray/fix-vulns
Fix vulnerabilities
2018-10-02 12:13:15 +02:00
Jeremy Quinton ed827d5221 Merge pull request #448 from scottybo/master
Fix issue where taxamt not set after import
2018-10-02 11:09:41 +02:00
Jeremy Quinton 3868bd4e9e Fixed small publish event link 2018-11-04 21:34:28 +02:00
Jeremy Quinton 703ad37ef5 Prevent xss
1) added better validation across all user input both for the operator of Attendize and end user.
2) Remove html from translations so {{ }} can be used instead of {!! !!} as its more secure.
2018-11-04 21:30:08 +02:00
Jeremy Quinton b62e41265f strip html tags as the string is not escaped by blade 2018-11-04 21:26:55 +02:00
Jeremy Quinton bdcd12ca28 Merge branch 'master' of https://github.com/Attendize/Attendize 2018-11-04 21:21:01 +02:00
Jeremy Quinton c604d08e8d Fixed license references throughout codebase 2018-11-04 21:12:11 +02:00
Jeremy Quinton d4057e9241 updated license reference 2018-11-04 21:09:26 +02:00
Jeremy Quinton 09335d7aee added image reference 2018-11-04 21:06:17 +02:00
Sebastian Schmidt 5cdfe7151b Fix XSS vulnerability on QR code scanner 2018-10-02 18:15:58 +10:00
Sebastian Schmidt 9365d74567 Cleanup and http -> https 2018-09-22 13:03:19 +10:00
Jeremy Quinton c3cd0a60c7 fixes #414 #450 #434 2018-11-04 21:02:41 +02:00
Jeremy Quinton 920fbac64e replace lang with trans and escape html correctly for various views 2018-11-04 20:22:51 +02:00
Jeremy Quinton 81d67e4180 updated copy in install process 2018-11-04 20:15:21 +02:00
Scott Bowler 534d3a2126 Modify deprecated "lists" to "pluck" 2018-09-03 14:44:56 +01:00
Jeremy Quinton b257eeb3d3 Merge pull request #446 from heilgar/445-surveys-list-bug
445 fix surveys bug after updating to L5.6
2018-09-02 19:40:45 +02:00
Jeremy Quinton db148aa45d use trans instead of lang so messages display correctly with html not escaped 2018-09-02 18:09:39 +02:00
heilgar 6d9fd0ccdc 445 fix surveys bug after updating to L5.6 2018-09-02 19:01:53 +03:00
Jeremy Quinton 5f2c4c8ac9 Merge pull request #424 from Attendize/upgrade-laravel-5.6
Upgrading to Laravel 5.6
2018-08-21 12:55:31 +02:00
Jeremy Quinton 73b7808ff4 When an order is refunded display the actual refunded amount.
When viewing a refunded order display the amount_refunded instead of the order amount.
2018-08-17 17:13:57 +02:00
Mohamed Ahmed bed28ef5cb Tickets available after event started 2018-08-17 10:46:30 +02:00
Jeremy Quinton ac5ff98f61 Removed migs and coinbase as default payment gateways
Going forward Attendize will only support Stripe and Paypal as defaults. In future we will add instructions on customising Attendize with your own payment gateway.
2018-08-16 15:50:12 +02:00
Jeremy Quinton 8d51cd348f Upgrading to Laravel 5.6
1) Changed method call from lists to pluck.
2) Use set put instead of session set.
3) Removed references to artisan optimize command.
4) Added additionl check to base controller if auth user not set redirect to login.
5) Flush the session on logout.
6) Updated Event and Route service providers to work with Laravel 5.6.
7) Added new default logging config file.
8) Bump PHP versions from 7.0.30 to 7.1.20.
9) Added missing translations.
10) Fixed some issues with the templates.
2018-08-15 13:26:10 +02:00
Jeremy Quinton 9eb5d1c062 Merge pull request #423 from Attendize/fix-language-translation
fixes #415
2018-08-14 19:20:06 +02:00
Jeremy Quinton 099ab7d2ff fixes #415
fixes issue where the number of events are not displaying correctly
2018-08-14 19:16:56 +02:00
Jeremy Quinton 8498f248e8 Merge pull request #416 from scottybo/master
Fix issue with inviting attendees
2018-08-14 18:31:35 +02:00
Haroen Viaene e962c903c6 fix untranslated string
fixes #418
2018-08-14 11:22:29 +02:00
Scott Bowler 97c461cd04 Restore strings incorrectly marked as obsolete 2018-08-13 10:01:37 +01:00
Jeremy Quinton ba7ca79df0 removed unnecessary footer from ticket 2018-07-26 14:16:25 +02:00
Sam Bell 8d86ca2003 Missing div close tag added 2018-07-26 11:48:58 +01:00
Jeremy Quinton cd213b56b3 Merge branch 'master' into charge-vat-at-organiser-level 2018-07-18 19:37:56 +02:00
Jeremy Quinton ebbd4d7b4d updating extra references
1) Updated some extra references to tax amounts in the blade templates
2018-07-18 18:23:36 +02:00
Jeremy Quinton dcd47ea543 Updating template
1) Found a stray template that did not get the latest tax updates so added the standard tax logic to the template
2018-07-18 17:50:06 +02:00
Sam Bell e2aad7914b Image URL fixed 2018-07-12 13:38:43 +01:00
Jeremy Quinton 1c7c8be8f7 Finalised Charging V.A.T
1) Added Javascript partial so display and hide of the Charge Tax functionality can be shared.
2) Moved @yield head for the the master without menus layout to the correct place. Using jQuery functionality @head anywhere wouldn't work as the library was included afterwards.
3) Moved the question for organisers about Tax and the labels for tax fields to the language file.
2018-07-11 19:51:11 +02:00
Jeremy Quinton 9b5d61ffdd Added Tax to emails and various views
1) When Taxed is charged display it on the various views where tax should be displayed. Orders Listing Page, Orders Summary page.
2) Use the Order service to display correct values in emails and views.
2018-07-11 13:47:41 +02:00
Jeremy Quinton 43dab40873 Update attendee ticket email
update tickets to have the correct V.A.T amount
2018-07-10 15:04:46 +02:00
Jeremy Quinton c5676bbe45 Improvements to charging Tax
1) Surfaced more logic from from views into service.
2) If charge_tax is set in database tax is charged.
3) Made the name of the Order service OrderService so its not confused with the Order Eloquent Model.
4) Move order totalling logic in to Service and call service where necessary.
2018-07-10 12:19:20 +02:00
Jeremy Quinton b3dae02cef Tax improvements
1) remove logic for calculating Tax out of the blade view and into a service.
2) implemented service in the correct controller.
2018-07-10 10:36:42 +02:00
Jeremy Quinton 6771a56197 Added charging tax at the organiser level
1) Added new field to the organiser model called charge_tax. Added the migration for this.
2)  Renamed tax fields columns in the database to be the same as the other organiser fields for consistency.
3) Added charge_tax option to the various organiser create and edit pages.
4) Have re-enabled some tests and used the @group passing label so we can start running tests for the various parts of the applicaiton.
2018-07-09 18:13:23 +02:00
Jeremy Quinton 3616050b94 installer improvements
1) removed space in mail_from_name. Spaces in .env files cause problems on install.
2) if we are using Docker set some sane defaults
2018-07-06 17:38:18 +02:00
Jeremy Quinton 4dee2011f9 Installer improvements
1) Added additional edge case for installer that I missed.
2) Reference class via use statement and correct namespacing.
3) If we are using the docker environment set certain defaults from environment variables instead of hardcoding.
2018-07-06 13:18:04 +02:00
Jeremy Quinton d10abaafd8 updated error message 2018-07-05 12:04:45 +02:00
Jeremy Quinton 176f33a829 removed css style not needed 2018-07-05 12:04:37 +02:00
Jeremy Quinton fe65e36c57 Improved install process
1. If Attendize is already installed don't throw an Unauthorized 403 error but instead ask user to create default account or login if default account already created.
2. Added defaults to the install process for database connection so if user gets to install page and hits install will use default database values.
3. Added basic validation on database connection details. If the details where empty previously allowed user to submit form.
2018-07-04 16:54:33 +02:00