diff --git a/admin_ticket_status.php b/admin_ticket_status.php index 6c687a0e..8b98dcff 100644 --- a/admin_ticket_status.php +++ b/admin_ticket_status.php @@ -1,7 +1,7 @@ Active"; } else { - $ticket_status_display = "
Disabled
"; + $ticket_status_display = "
Inactive
"; } ?> @@ -97,7 +97,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - 5 ) { ?>
- diff --git a/ajax/ajax_custom_ticket_status_edit.php b/ajax/ajax_custom_ticket_status_edit.php index 121b115a..c9a3ad16 100644 --- a/ajax/ajax_custom_ticket_status_edit.php +++ b/ajax/ajax_custom_ticket_status_edit.php @@ -8,6 +8,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_ $row = mysqli_fetch_array($sql); $ticket_status_name = nullable_htmlentities($row['ticket_status_name']); $ticket_status_color = nullable_htmlentities($row['ticket_status_color']); +$ticket_status_order = intval($row['ticket_status_order']); $ticket_status_active = intval($row['ticket_status_active']); // Generate the HTML form content using output buffering. @@ -30,7 +31,7 @@ ob_start();
- + > @@ -44,6 +45,16 @@ ob_start(); +
+ +
+
+ +
+ +
+
+
@@ -52,7 +63,7 @@ ob_start();
diff --git a/post/admin/admin_ticket_status.php b/post/admin/admin_ticket_status.php index dce68dc1..861a8940 100644 --- a/post/admin/admin_ticket_status.php +++ b/post/admin/admin_ticket_status.php @@ -25,9 +25,10 @@ if (isset($_POST['edit_ticket_status'])) { $ticket_status_id = intval($_POST['ticket_status_id']); $name = sanitizeInput($_POST['name']); $color = sanitizeInput($_POST['color']); + $order = intval($_POST['order']); $status = intval($_POST['status']); - mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id"); + mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_order = $order, ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id"); // Logging logAction("Ticket Status", "Edit", "$session_name edited custom ticket status $name", 0, $ticket_status_id); @@ -40,8 +41,14 @@ if (isset($_POST['edit_ticket_status'])) { if (isset($_GET['delete_ticket_status'])) { + validateCSRFToken($_GET['csrf_token']); + $ticket_status_id = intval($_GET['delete_ticket_status']); + if ($ticket_status_id <= 5) { + exit("Can't delete built-in statuses"); + } + // Get ticket status name for logging and notification $sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id"); $row = mysqli_fetch_array($sql); diff --git a/ticket.php b/ticket.php index 7f6fbcb5..8fb6c13c 100644 --- a/ticket.php +++ b/ticket.php @@ -676,7 +676,7 @@ if (isset($_GET['ticket_id'])) { if ($task_count !== $completed_task_count) { $status_snippet = "AND ticket_status_id != 4"; } - $sql_ticket_status = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id != 1 AND ticket_status_id != 5 AND ticket_status_active = 1 $status_snippet"); + $sql_ticket_status = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id != 1 AND ticket_status_id != 5 AND ticket_status_active = 1 $status_snippet ORDER BY ticket_status_order"); while ($row = mysqli_fetch_array($sql_ticket_status)) { $ticket_status_id_select = intval($row['ticket_status_id']); $ticket_status_name_select = nullable_htmlentities($row['ticket_status_name']); ?> diff --git a/tickets.php b/tickets.php index 91a0b428..a677beab 100644 --- a/tickets.php +++ b/tickets.php @@ -368,7 +368,7 @@ $sql_categories = mysqli_query(