Skip to content
Permalink
Browse files

deny access to tickets not owned by current user, thx to chbi

Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
  • Loading branch information...
d00p committed Jun 19, 2018
1 parent 06ef81c commit aa881560cc996c38cbf8c20ee62854e27f72c73c
Showing with 273 additions and 246 deletions.
  1. +25 −5 customer_tickets.php
  2. +248 −241 lib/classes/ticket/class.ticket.php
@@ -238,7 +238,11 @@
}
} elseif ($action == 'answer' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$replyticket = ticket::getInstanceOf($userinfo, -1);
try {
$replyticket = ticket::getInstanceOf($userinfo, -1);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
@@ -272,7 +276,11 @@
}
} else {
$ticket_replies = '';
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
$status = ticket::getStatusText($lng, $mainticket->Get('status'));
@@ -351,15 +359,23 @@
} elseif ($action == 'close' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
} elseif ($action == 'reopen' && $id != 0) {
@@ -377,7 +393,11 @@
}
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '0', true, true);

0 comments on commit aa88156

Please sign in to comment.
You can’t perform that action at this time.