AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust bad SQL query that allowed contacts to see ticket subjects (but not content) for other contacts

Browse Source
This commit is contained in:
Marcus Hill
2024-04-02 00:30:25 +01:00
parent da2fee7fc6
commit 2f473c6a03
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
portal/tickets.php
View File

@@ -13,10 +13,10 @@ require_once "inc_portal.php";
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 5 AND ticket_status != 'Closed'";
$ticket_status_snippet = "ticket_closed_at IS NULL";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 5 OR ticket_status = 'Closed'";
$ticket_status_snippet = "ticket_closed_at IS NOT NULL";
} else {
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";