From c0b7a269053cd3620ae2ea3a42aeed3b2a53fd68 Mon Sep 17 00:00:00 2001 From: wrongecho Date: Wed, 28 Jan 2026 14:48:41 +0000 Subject: [PATCH 1/2] API bugfixes before release: - apiEncryptLoginEntry should be apiEncryptCredentialEntry - Client scoping uses = instead of LIKE in tickets resolve.php --- api/v1/credentials/credential_model.php | 4 ++-- api/v1/tickets/resolve.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/v1/credentials/credential_model.php b/api/v1/credentials/credential_model.php index 0693c37e..ac2faf5f 100644 --- a/api/v1/credentials/credential_model.php +++ b/api/v1/credentials/credential_model.php @@ -42,7 +42,7 @@ if (isset($_POST['credential_uri_2'])) { if (isset($_POST['credential_username'])) { $username = $_POST['credential_username']; - $username = apiEncryptLoginEntry($username, $api_key_decrypt_hash, $api_key_decrypt_password); + $username = apiEncryptCredentialEntry($username, $api_key_decrypt_hash, $api_key_decrypt_password); } elseif (isset($credential_row) && isset($credential_row['credential_username'])) { $username = $credential_row['credential_username']; } else { @@ -51,7 +51,7 @@ if (isset($_POST['credential_username'])) { if (isset($_POST['credential_password'])) { $password = $_POST['credential_password']; - $password = apiEncryptLoginEntry($password, $api_key_decrypt_hash, $api_key_decrypt_password); + $password = apiEncryptCredentialEntry($password, $api_key_decrypt_hash, $api_key_decrypt_password); $password_changed = true; } elseif (isset($credential_row) && isset($credential_row['credential_password'])) { $password = $credential_row['credential_password']; diff --git a/api/v1/tickets/resolve.php b/api/v1/tickets/resolve.php index 1079bbce..f8d5c34c 100644 --- a/api/v1/tickets/resolve.php +++ b/api/v1/tickets/resolve.php @@ -15,7 +15,7 @@ $update_count = false; if (!empty($ticket_id)) { - $ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_resolved_at IS NULL AND ticket_client_id = $client_id LIMIT 1")); + $ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_resolved_at IS NULL AND ticket_client_id LIKE '$client_id' LIMIT 1")); // Grab what we need, not using the model $ticket_id = intval($ticket_row['ticket_id']); // Override so things fail if this is bad From e1a93035fdd918fd1cdf536d0696310cc2fd5413 Mon Sep 17 00:00:00 2001 From: wrongecho Date: Wed, 28 Jan 2026 14:57:28 +0000 Subject: [PATCH 2/2] Undo client scoping uses = instead of LIKE in tickets resolve.php --- see forum thread 2667 --- api/v1/tickets/resolve.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v1/tickets/resolve.php b/api/v1/tickets/resolve.php index f8d5c34c..1079bbce 100644 --- a/api/v1/tickets/resolve.php +++ b/api/v1/tickets/resolve.php @@ -15,7 +15,7 @@ $update_count = false; if (!empty($ticket_id)) { - $ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_resolved_at IS NULL AND ticket_client_id LIKE '$client_id' LIMIT 1")); + $ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_resolved_at IS NULL AND ticket_client_id = $client_id LIMIT 1")); // Grab what we need, not using the model $ticket_id = intval($ticket_row['ticket_id']); // Override so things fail if this is bad