AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adjust bad SQL query that allowed contacts to see ticket subjects (but not content) for other contacts

This commit is contained in:
Marcus Hill 2024-04-02 00:36:55 +01:00
parent 2f473c6a03
commit bc8f79cdf9
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
portal/ticket_view_all.php
View File

@ -13,8 +13,8 @@ if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
}
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
if (!isset($_GET['status']) || ($_GET['status']) == 'Open') {
// Default to showing open
$status = 'Open';
$ticket_status_snippet = "ticket_closed_at IS NULL";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {

4
portal/tickets.php
View File

@ -10,8 +10,8 @@ require_once "inc_portal.php";
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
if (!isset($_GET['status']) || ($_GET['status']) == 'Open') {
// Default to showing open
$status = 'Open';
$ticket_status_snippet = "ticket_closed_at IS NULL";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {