maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

deny access to tickets not owned by current user, thx to chbi

Browse Source 
Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
This commit is contained in:
Michael Kaufmann
2018-06-19 21:46:11 +02:00
parent 06ef81cc5b
commit aa881560cc
2 changed files with 273 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
customer_tickets.php
View File

@@ -238,7 +238,11 @@ if ($page == 'overview') {
}
} elseif ($action == 'answer' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$replyticket = ticket::getInstanceOf($userinfo, -1);
try {
$replyticket = ticket::getInstanceOf($userinfo, -1);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
@@ -272,7 +276,11 @@ if ($page == 'overview') {
}
} else {
$ticket_replies = '';
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
$status = ticket::getStatusText($lng, $mainticket->Get('status'));
@@ -351,7 +359,11 @@ if ($page == 'overview') {
} elseif ($action == 'close' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '3', true, true);
@@ -359,7 +371,11 @@ if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
} elseif ($action == 'reopen' && $id != 0) {
@@ -377,7 +393,11 @@ if ($page == 'overview') {
}
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '0', true, true);