Skip to content
Permalink
Browse files Browse the repository at this point in the history
deny access to tickets not owned by current user, thx to chbi
Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
  • Loading branch information
d00p committed Jun 19, 2018
1 parent 06ef81c commit aa88156
Show file tree
Hide file tree
Showing 2 changed files with 273 additions and 246 deletions.
30 changes: 25 additions & 5 deletions customer_tickets.php
Expand Up @@ -238,7 +238,11 @@
}
} elseif ($action == 'answer' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$replyticket = ticket::getInstanceOf($userinfo, -1);
try {
$replyticket = ticket::getInstanceOf($userinfo, -1);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
Expand Down Expand Up @@ -272,7 +276,11 @@
}
} else {
$ticket_replies = '';
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
$status = ticket::getStatusText($lng, $mainticket->Get('status'));

Expand Down Expand Up @@ -351,15 +359,23 @@
} elseif ($action == 'close' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
} elseif ($action == 'reopen' && $id != 0) {
Expand All @@ -377,7 +393,11 @@
}

$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '0', true, true);
Expand Down

0 comments on commit aa88156

Please sign in to comment.