From 2f473c6a033a99b2c1043ff3944223a4f73d0d64 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Tue, 2 Apr 2024 00:30:25 +0100 Subject: [PATCH 1/2] Adjust bad SQL query that allowed contacts to see ticket subjects (but not content) for other contacts --- portal/ticket_view_all.php | 4 ++-- portal/tickets.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php index 8abefd094..6322f78b1 100644 --- a/portal/ticket_view_all.php +++ b/portal/ticket_view_all.php @@ -16,10 +16,10 @@ if (!isset($_GET['status'])) { // If nothing is set, assume we only want to see open tickets $status = 'Open'; - $ticket_status_snippet = "ticket_status != 5"; + $ticket_status_snippet = "ticket_closed_at IS NULL"; } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') { $status = 'Closed'; - $ticket_status_snippet = "ticket_status = 5"; + $ticket_status_snippet = "ticket_closed_at IS NOT NULL"; } else { $status = '%'; $ticket_status_snippet = "ticket_status LIKE '%'"; diff --git a/portal/tickets.php b/portal/tickets.php index 523d54354..1c9ebdebd 100644 --- a/portal/tickets.php +++ b/portal/tickets.php @@ -13,10 +13,10 @@ if (!isset($_GET['status'])) { // If nothing is set, assume we only want to see open tickets $status = 'Open'; - $ticket_status_snippet = "ticket_status != 5 AND ticket_status != 'Closed'"; + $ticket_status_snippet = "ticket_closed_at IS NULL"; } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') { $status = 'Closed'; - $ticket_status_snippet = "ticket_status = 5 OR ticket_status = 'Closed'"; + $ticket_status_snippet = "ticket_closed_at IS NOT NULL"; } else { $status = '%'; $ticket_status_snippet = "ticket_status LIKE '%'"; From bc8f79cdf92fd8be6da416e9bca6a4a08aa37582 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Tue, 2 Apr 2024 00:36:55 +0100 Subject: [PATCH 2/2] Adjust bad SQL query that allowed contacts to see ticket subjects (but not content) for other contacts --- portal/ticket_view_all.php | 4 ++-- portal/tickets.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php index 6322f78b1..b7d03a191 100644 --- a/portal/ticket_view_all.php +++ b/portal/ticket_view_all.php @@ -13,8 +13,8 @@ } // Ticket status from GET -if (!isset($_GET['status'])) { - // If nothing is set, assume we only want to see open tickets +if (!isset($_GET['status']) || ($_GET['status']) == 'Open') { + // Default to showing open $status = 'Open'; $ticket_status_snippet = "ticket_closed_at IS NULL"; } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') { diff --git a/portal/tickets.php b/portal/tickets.php index 1c9ebdebd..f06cd2cfb 100644 --- a/portal/tickets.php +++ b/portal/tickets.php @@ -10,8 +10,8 @@ // Ticket status from GET -if (!isset($_GET['status'])) { - // If nothing is set, assume we only want to see open tickets +if (!isset($_GET['status']) || ($_GET['status']) == 'Open') { + // Default to showing open $status = 'Open'; $ticket_status_snippet = "ticket_closed_at IS NULL"; } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {