AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adjust bad SQL query that allowed contacts to see ticket subjects (but not content) for other contacts

This commit is contained in:
Marcus Hill 2024-04-02 00:30:25 +01:00
parent da2fee7fc6
commit 2f473c6a03
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
portal/ticket_view_all.php
View File

@ -16,10 +16,10 @@ if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 5";
$ticket_status_snippet = "ticket_closed_at IS NULL";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 5";
$ticket_status_snippet = "ticket_closed_at IS NOT NULL";
} else {
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";

4
portal/tickets.php
View File

@ -13,10 +13,10 @@ require_once "inc_portal.php";
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 5 AND ticket_status != 'Closed'";
$ticket_status_snippet = "ticket_closed_at IS NULL";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 5 OR ticket_status = 'Closed'";
$ticket_status_snippet = "ticket_closed_at IS NOT NULL";
} else {
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";