diff --git a/database_updates.php b/database_updates.php
index c4b75721..8d7d2d7c 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -1691,7 +1691,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
// Add new ticket_statuses table
mysqli_query($mysqli, "CREATE TABLE `ticket_statuses` (
- `ticket_status_id` INT(11) NOT NULL AUTO_INCREMENT,
+ `ticket_status_id` INT(11) NOT NULL AUTO_INCREMENT,
`ticket_status_name` VARCHAR(200) NOT NULL,
`ticket_status_color` VARCHAR(200) NOT NULL,
`ticket_status_active` TINYINT(1) NOT NULL DEFAULT '1',
diff --git a/portal/portal_functions.php b/portal/portal_functions.php
index 25f3886c..af4783ae 100644
--- a/portal/portal_functions.php
+++ b/portal/portal_functions.php
@@ -11,7 +11,7 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
{
// Access the global variables
- global $mysqli, $session_contact_id, $session_contact_primary, $session_contact_is_technical_contact, $session_client_id;
+ global $mysqli, $session_contact_id, $session_contact_primary, $session_contact_is_technical_contact, $session_client_id, $config_ticket_status_id_closed;
// Setup
if ($expected_ticket_state == "Closed") {
diff --git a/portal/ticket.php b/portal/ticket.php
index cee3b2f6..84891a8b 100644
--- a/portal/ticket.php
+++ b/portal/ticket.php
@@ -32,7 +32,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
$ticket_number = intval($ticket_row['ticket_number']);
- $ticket_status = nullable_htmlentities($ticket_row['ticket_status']);
+ $ticket_status = sanitizeInput(getTicketStatusName($ticket_row['ticket_status']));
$ticket_priority = nullable_htmlentities($ticket_row['ticket_priority']);
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
$ticket_details = $purifier->purify($ticket_row['ticket_details']);
@@ -56,7 +56,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
Ticket
+ if ($ticket_status !== $config_ticket_status_id_closed AND $ticket_status !== "Closed") { ?>
Close ticket
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
Priority:
-
+
Assigned to:
diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php
index 5eea42d1..f22f5c5f 100644
--- a/portal/ticket_view_all.php
+++ b/portal/ticket_view_all.php
@@ -61,7 +61,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
- $ticket_status = nullable_htmlentities($row['ticket_status']);
+ $ticket_status = sanitizeInput(getTicketStatusName($row['ticket_status']));
$ticket_contact_name = nullable_htmlentities($row['contact_name']);
echo "";
diff --git a/portal/tickets.php b/portal/tickets.php
index ebd2696e..940cb358 100644
--- a/portal/tickets.php
+++ b/portal/tickets.php
@@ -13,13 +13,13 @@ require_once "inc_portal.php";
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
- $ticket_status_snippet = "ticket_status != 'Closed'";
+ $ticket_status_snippet = "ticket_status != $config_ticket_status_id_closed AND ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') {
$status = 'Open';
- $ticket_status_snippet = "ticket_status != 'Closed'";
+ $ticket_status_snippet = "ticket_status != $config_ticket_status_id_closed AND ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
- $ticket_status_snippet = "ticket_status = 'Closed'";
+ $ticket_status_snippet = "ticket_status = $config_ticket_status_id_closed OR ticket_status = 'Closed'";
} else {
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";
@@ -28,12 +28,12 @@ if (!isset($_GET['status'])) {
$contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_contact_id = $session_contact_id AND ticket_client_id = $session_client_id ORDER BY ticket_id DESC");
//Get Total tickets closed
-$sql_total_tickets_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_closed FROM tickets WHERE ticket_status = 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
+$sql_total_tickets_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_closed FROM tickets WHERE ticket_status = $config_ticket_status_id_closed OR ticket_status = 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
$row = mysqli_fetch_array($sql_total_tickets_closed);
$total_tickets_closed = intval($row['total_tickets_closed']);
//Get Total tickets open
-$sql_total_tickets_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_open FROM tickets WHERE ticket_status != 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
+$sql_total_tickets_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_open FROM tickets WHERE ticket_status != $config_ticket_status_id_closed AND ticket_status != 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
$row = mysqli_fetch_array($sql_total_tickets_open);
$total_tickets_open = intval($row['total_tickets_open']);
@@ -65,7 +65,7 @@ $total_tickets = intval($row['total_tickets']);
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
- $ticket_status = nullable_htmlentities($row['ticket_status']);
+ $ticket_status = sanitizeInput(getTicketStatusName($row['ticket_status']));
?>