gitmedia/mivita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

27-05-2026 DHL Modul v2.1 / Optimierung tracking

Browse source
This commit is contained in:
Kevin Adametz 2026-05-27 18:51:23 +02:00
parent 036595be94
commit 2bdc9ada3c
33 changed files with 2367 additions and 2086 deletions
Download patch file Download diff file Expand all files Collapse all files

5
resources/views/admin/dhl/show.blade.php
View file

@ -109,9 +109,12 @@
<div class="text-xs font-weight-bold text-info text-uppercase mb-1">Tracking</div>
<div class="h6 mb-0 font-weight-bold text-gray-800">
@if(false)
@php
$publicTrackingUrl = \App\Domain\EarlyDomainParser::getMainUrl().'/tracking';
@endphp
<code class="text-info">{{ $shipment->dhl_shipment_no }}</code>
<br>
<a href="{{ route('public.tracking') }}?tracking_number={{ $shipment->dhl_shipment_no }}"
<a href="{{ $publicTrackingUrl }}?tracking_number={{ urlencode($shipment->dhl_shipment_no) }}"
target="_blank" class="text-muted small">
<i class="fas fa-external-link-alt"></i> Verfolgen
</a>

46
resources/views/public/tracking.blade.php
View file

@ -212,20 +212,37 @@ $(document).ready(function() {
});
});
// Escape HTML special characters so DHL-/DB-derived strings can never
// execute JavaScript even if jQuery's .html() is used.
function escapeTrackingHtml(value) {
if (value === null || value === undefined) {
return '';
}
return String(value)
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;');
}
// Show tracking results
function showTrackingResult(data) {
var statusBadge = getStatusBadge(data.status);
var trackingStatusInfo = data.tracking_status ?
`<p class="mb-2"><strong>DHL Status:</strong> <em>${data.tracking_status}</em></p>` : '';
var lastTrackedInfo = data.last_tracked_at ?
`<p class="mb-2"><strong>Zuletzt aktualisiert:</strong> ${data.last_tracked_at}</p>` : '';
var trackingStatusInfo = data.tracking_status ?
`<p class="mb-2"><strong>DHL Status:</strong> <em>${escapeTrackingHtml(data.tracking_status)}</em></p>` : '';
var lastTrackedInfo = data.last_tracked_at ?
`<p class="mb-2"><strong>Zuletzt aktualisiert:</strong> ${escapeTrackingHtml(data.last_tracked_at)}</p>` : '';
var trackingNumberEscaped = escapeTrackingHtml(data.tracking_number);
var trackingNumberUrlEncoded = encodeURIComponent(data.tracking_number ?? '');
var html = `
<div class="row">
<div class="col-md-6">
<h5 class="text-primary mb-3">
<i class="fas fa-hashtag"></i>
${data.tracking_number}
${trackingNumberEscaped}
</h5>
<p class="mb-2"><strong>Status:</strong> ${statusBadge}</p>
${trackingStatusInfo}
@ -239,7 +256,7 @@ $(document).ready(function() {
<p class="text-muted small">
Die Informationen werden regelmäßig aktualisiert.
Für detaillierte Tracking-Informationen besuchen Sie die
<a href="https://www.dhl.de/de/privatkunden/pakete-empfangen/verfolgen.html?lang=de&idc=${data.tracking_number}"
<a href="https://www.dhl.de/de/privatkunden/pakete-empfangen/verfolgen.html?lang=de&idc=${trackingNumberUrlEncoded}"
target="_blank" class="text-primary">
DHL Website <i class="fas fa-external-link-alt"></i>
</a>
@ -248,7 +265,7 @@ $(document).ready(function() {
</div>
</div>
`;
$('#tracking-content').html(html);
$('#tracking-results').show();
@ -267,7 +284,9 @@ $(document).ready(function() {
// Show error message
function showError(message) {
$('#error-message .alert p').html(message);
// Use .text() instead of .html() so error strings from the server
// can never inject HTML.
$('#error-message .alert p').text(message);
$('#error-message').show();
// Smooth scroll to error
@ -290,7 +309,7 @@ $(document).ready(function() {
function getStatusBadge(status) {
var badgeClass = '';
var text = status;
switch(status) {
case 'pending':
badgeClass = 'badge-warning';
@ -320,8 +339,11 @@ $(document).ready(function() {
default:
badgeClass = 'badge-light';
}
return `<span class="badge ${badgeClass}">${text}</span>`;
// Both the fallback `text` (raw status) and the class are escaped so
// unmapped DHL status codes can never inject HTML or break out of the
// class attribute.
return `<span class="badge ${escapeTrackingHtml(badgeClass)}">${escapeTrackingHtml(text)}</span>`;
}
// Get status icon