diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php index 56093119..0e010879 100644 --- a/include/ajax.tickets.php +++ b/include/ajax.tickets.php @@ -124,16 +124,18 @@ function search() { } //Assignee - if($_REQUEST['assignee'] && strcasecmp($_REQUEST['status'], 'closed')) { + if(isset($_REQUEST['assignee']) && strcasecmp($_REQUEST['status'], 'closed')) { $id=preg_replace("/[^0-9]/", "", $_REQUEST['assignee']); $assignee = $_REQUEST['assignee']; - $where.= ' AND ( '; + $where.= ' AND ( ( ticket.status="open" '; if($assignee[0]=='t') - $where.=' (ticket.team_id='.db_input($id). ' AND ticket.status="open") '; + $where.=' AND ticket.team_id='.db_input($id); elseif($assignee[0]=='s') - $where.=' (ticket.staff_id='.db_input($id). ' AND ticket.status="open") '; - else - $where.=' (ticket.staff_id='.db_input($id). ' AND ticket.status="open") '; + $where.=' AND ticket.staff_id='.db_input($id); + elseif(is_numeric($id)) + $where.=' AND ticket.staff_id='.db_input($id); + + $where.=')'; if($_REQUEST['staffId'] && !$_REQUEST['status']) //Assigned TO + Closed By $where.= ' OR (ticket.staff_id='.db_input($_REQUEST['staffId']). ' AND ticket.status="closed") '; diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php index 64cd52cc..0d14cf4a 100644 --- a/include/staff/tickets.inc.php +++ b/include/staff/tickets.inc.php @@ -50,7 +50,7 @@ break; default: if(!$search) - $status='open'; + $_REQUEST['status']=$status='open'; } $qwhere =''; @@ -144,19 +144,21 @@ } //Assignee - if($_REQUEST['assignee'] && strcasecmp($_REQUEST['status'], 'closed')) { + if(isset($_REQUEST['assignee']) && strcasecmp($_REQUEST['status'], 'closed')) { $id=preg_replace("/[^0-9]/", "", $_REQUEST['assignee']); $assignee = $_REQUEST['assignee']; $qstr.='&assignee='.urlencode($_REQUEST['assignee']); - $qwhere.= ' AND ( '; + $qwhere.= ' AND ( + ( ticket.status="open" '; if($assignee[0]=='t') - $qwhere.=' (ticket.team_id='.db_input($id). ' AND ticket.status="open") '; + $qwhere.=' AND ticket.team_id='.db_input($id); elseif($assignee[0]=='s') - $qwhere.=' (ticket.staff_id='.db_input($id). ' AND ticket.status="open") '; - else - $qwhere.=' (ticket.staff_id='.db_input($id). ' AND ticket.status="open") '; + $qwhere.=' AND ticket.staff_id='.db_input($id); + elseif(is_numeric($id)) + $qwhere.=' AND ticket.staff_id='.db_input($id); + $qwhere.=' ) '; if($_REQUEST['staffId'] && !$_REQUEST['status']) { //Assigned TO + Closed By $qwhere.= ' OR (ticket.staff_id='.db_input($_REQUEST['staffId']). ' AND ticket.status="closed") '; @@ -579,7 +581,9 @@
+ $name)