AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust bad SQL query that allowed contacts to see ticket subjects (but not content) for other contacts

Browse Source
This commit is contained in:
Marcus Hill
2024-04-02 00:36:55 +01:00
parent 2f473c6a03
commit bc8f79cdf9
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
portal/ticket_view_all.php
View File

@@ -13,8 +13,8 @@ if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
}
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
if (!isset($_GET['status']) || ($_GET['status']) == 'Open') {
// Default to showing open
$status = 'Open';
$ticket_status_snippet = "ticket_closed_at IS NULL";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {