Adjust bad SQL query that allowed contacts to see ticket subjects (bu…

…t not content) for other contacts
itflow-org · Apr 1, 2024 · 2f473c6 · 2f473c6
1 parent da2fee7
commit 2f473c6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php
@@ -16,10 +16,10 @@
 if (!isset($_GET['status'])) {
     // If nothing is set, assume we only want to see open tickets
     $status = 'Open';
-    $ticket_status_snippet = "ticket_status != 5";
+    $ticket_status_snippet = "ticket_closed_at IS NULL";
 } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
     $status = 'Closed';
-    $ticket_status_snippet = "ticket_status = 5";
+    $ticket_status_snippet = "ticket_closed_at IS NOT NULL";
 } else {
     $status = '%';
     $ticket_status_snippet = "ticket_status LIKE '%'";

diff --git a/portal/tickets.php b/portal/tickets.php
@@ -13,10 +13,10 @@
 if (!isset($_GET['status'])) {
     // If nothing is set, assume we only want to see open tickets
     $status = 'Open';
-    $ticket_status_snippet = "ticket_status != 5 AND ticket_status != 'Closed'";
+    $ticket_status_snippet = "ticket_closed_at IS NULL";
 } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
     $status = 'Closed';
-    $ticket_status_snippet = "ticket_status = 5 OR ticket_status = 'Closed'";
+    $ticket_status_snippet = "ticket_closed_at IS NOT NULL";
 } else {
     $status = '%';
     $ticket_status_snippet = "ticket_status LIKE '%'";