From bc8f79cdf92fd8be6da416e9bca6a4a08aa37582 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Tue, 2 Apr 2024 00:36:55 +0100
Subject: [PATCH] Adjust bad SQL query that allowed contacts to see ticket
 subjects (but not content) for other contacts

---
 portal/ticket_view_all.php | 4 ++--
 portal/tickets.php         | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php
index 6322f78b..b7d03a19 100644
--- a/portal/ticket_view_all.php
+++ b/portal/ticket_view_all.php
@@ -13,8 +13,8 @@ if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
 }
 
 // Ticket status from GET
-if (!isset($_GET['status'])) {
-    // If nothing is set, assume we only want to see open tickets
+if (!isset($_GET['status']) || ($_GET['status']) == 'Open') {
+    // Default to showing open
     $status = 'Open';
     $ticket_status_snippet = "ticket_closed_at IS NULL";
 } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
diff --git a/portal/tickets.php b/portal/tickets.php
index 1c9ebdeb..f06cd2cf 100644
--- a/portal/tickets.php
+++ b/portal/tickets.php
@@ -10,8 +10,8 @@ require_once "inc_portal.php";
 
 
 // Ticket status from GET
-if (!isset($_GET['status'])) {
-    // If nothing is set, assume we only want to see open tickets
+if (!isset($_GET['status']) || ($_GET['status']) == 'Open') {
+    // Default to showing open
     $status = 'Open';
     $ticket_status_snippet = "ticket_closed_at IS NULL";
 } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {