maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

deny access to tickets not owned by current user, thx to chbi

Browse Source 
Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
This commit is contained in:
Michael Kaufmann
2018-06-19 21:46:11 +02:00
parent 06ef81cc5b
commit aa881560cc
2 changed files with 273 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
customer_tickets.php
View File

@@ -238,7 +238,11 @@ if ($page == 'overview') {
} }
} elseif ($action == 'answer' && $id != 0) { } elseif ($action == 'answer' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
try {
$replyticket = ticket::getInstanceOf($userinfo, -1); $replyticket = ticket::getInstanceOf($userinfo, -1);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false); $replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
@@ -272,7 +276,11 @@ if ($page == 'overview') {
} }
} else { } else {
$ticket_replies = ''; $ticket_replies = '';
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$dt = date("d.m.Y H:i\h", $mainticket->Get('dt')); $dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
$status = ticket::getStatusText($lng, $mainticket->Get('status')); $status = ticket::getStatusText($lng, $mainticket->Get('status'));
@@ -351,7 +359,11 @@ if ($page == 'overview') {
} elseif ($action == 'close' && $id != 0) { } elseif ($action == 'close' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$now = time(); $now = time();
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true); $mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '3', true, true); $mainticket->Set('status', '3', true, true);
@@ -359,7 +371,11 @@ if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
} }
} elseif ($action == 'reopen' && $id != 0) { } elseif ($action == 'reopen' && $id != 0) {
@@ -377,7 +393,11 @@ if ($page == 'overview') {
} }
$now = time(); $now = time();
try {
$mainticket = ticket::getInstanceOf($userinfo, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
} catch(Exception $e) {
standard_error($e->getMessage());
}
$mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true); $mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '0', true, true); $mainticket->Set('status', '0', true, true);

317
lib/classes/ticket/class.ticket.php
View File

@@ -19,40 +19,47 @@
* *
* Support Tickets - Tickets-Class * Support Tickets - Tickets-Class
*/ */
class ticket
class ticket { {
/** /**
* Userinfo * Userinfo
*
* @var array * @var array
*/ */
private $userinfo = array(); private $userinfo = array();
/** /**
* Ticket ID * Ticket ID
* @var tid *
* @var int
*/ */
private $tid = - 1; private $tid = - 1;
/** /**
* Ticket Data Array * Ticket Data Array
* @var t_data *
* @var array
*/ */
private $t_data = array(); private $t_data = array();
/** /**
* Ticket-Object-Array * Ticket-Object-Array
* @var tickets *
* @var ticket
*/ */
static private $tickets = array(); private static $tickets = array();
/** /**
* Class constructor. * Class constructor.
* *
* @param array userinfo * @param
* @param int ticket id * array userinfo
* @param
* int ticket id
*/ */
private function __construct($userinfo, $tid = - 1) { private function __construct($userinfo, $tid = - 1)
{
$this->userinfo = $userinfo; $this->userinfo = $userinfo;
$this->tid = $tid; $this->tid = $tid;
@@ -66,21 +73,24 @@ class ticket {
/** /**
* Singleton ftw ;-) * Singleton ftw ;-)
* *
* @param array userinfo * @param
* @param int ticket id * array userinfo
* @param
* int ticket id
*/ */
static public function getInstanceOf($_usernfo, $_tid) { static public function getInstanceOf($_usernfo, $_tid)
if (!isset(self::$tickets[$_tid])) { {
self::$tickets[$_tid] = new ticket($_usernfo, $_tid); if (! isset(self::$tickets[$_tid . '-' . $_usernfo['userid']])) {
self::$tickets[$_tid . '-' . $_usernfo['userid']] = new ticket($_usernfo, $_tid);
} }
return self::$tickets[$_tid]; return self::$tickets[$_tid . '-' . $_usernfo['userid']];
} }
/** /**
* Initialize data-array * Initialize data-array
*/ */
private function initData() { private function initData()
{
$this->Set('customer', 0, true, true); $this->Set('customer', 0, true, true);
$this->Set('admin', 1, true, true); $this->Set('admin', 1, true, true);
$this->Set('subject', '', true, true); $this->Set('subject', '', true, true);
@@ -100,15 +110,32 @@ class ticket {
/** /**
* Read ticket data from database. * Read ticket data from database.
*/ */
private function readData() { private function readData()
{
if (isset($this->tid) && $this->tid != - 1) {
if (isset($this->tid) if ($this->userinfo['customerid'] > 0) {
&& $this->tid != - 1
) {
$_ticket_stmt = Database::prepare(' $_ticket_stmt = Database::prepare('
SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid AND `customerid` = :cid');
$tdata = array(
'tid' => $this->tid,
'cid' => $this->userinfo['customerid']
); );
$_ticket = Database::pexecute_first($_ticket_stmt, array('tid' => $this->tid)); } else {
$_ticket_stmt = Database::prepare('
SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' . ($this->userinfo['customers_see_all'] ? '' : ' AND `adminid` = :adminid'));
$tdata = array(
'tid' => $this->tid
);
if ($this->userinfo['customers_see_all'] != '1') {
$tdata['adminid'] = $this->userinfo['adminid'];
}
}
$_ticket = Database::pexecute_first($_ticket_stmt, $tdata);
if ($_ticket == false) {
throw new Exception("Invalid ticket id");
}
$this->Set('customer', $_ticket['customerid'], true, false); $this->Set('customer', $_ticket['customerid'], true, false);
$this->Set('admin', $_ticket['adminid'], true, false); $this->Set('admin', $_ticket['adminid'], true, false);
@@ -130,8 +157,8 @@ class ticket {
/** /**
* Insert data to database * Insert data to database
*/ */
public function Insert() { public function Insert()
{
$ins_stmt = Database::prepare(" $ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TICKETS . "` SET INSERT INTO `" . TABLE_PANEL_TICKETS . "` SET
`customerid` = :customerid, `customerid` = :customerid,
@@ -146,8 +173,7 @@ class ticket {
`status` = :status, `status` = :status,
`lastreplier` = :lastreplier, `lastreplier` = :lastreplier,
`by` = :by, `by` = :by,
`answerto` = :answerto" `answerto` = :answerto");
);
$ins_data = array( $ins_data = array(
'customerid' => $this->Get('customer'), 'customerid' => $this->Get('customer'),
'adminid' => $this->Get('admin'), 'adminid' => $this->Get('admin'),
@@ -171,7 +197,8 @@ class ticket {
/** /**
* Update data in database * Update data in database
*/ */
public function Update() { public function Update()
{
// Update "main" ticket // Update "main" ticket
$upd_stmt = Database::prepare(' $upd_stmt = Database::prepare('
@@ -180,8 +207,7 @@ class ticket {
`lastchange` = :lastchange, `lastchange` = :lastchange,
`status` = :status, `status` = :status,
`lastreplier` = :lastreplier `lastreplier` = :lastreplier
WHERE `id` = :tid' WHERE `id` = :tid');
);
$upd_data = array( $upd_data = array(
'priority' => $this->Get('priority'), 'priority' => $this->Get('priority'),
'lastchange' => $this->Get('lastchange'), 'lastchange' => $this->Get('lastchange'),
@@ -196,38 +222,44 @@ class ticket {
/** /**
* Moves a ticket to the archive * Moves a ticket to the archive
*/ */
public function Archive() { public function Archive()
{
// Update "main" ticket // Update "main" ticket
$upd_stmt = Database::prepare(' $upd_stmt = Database::prepare('
UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid');
); Database::pexecute($upd_stmt, array(
Database::pexecute($upd_stmt, array('tid' => $this->tid)); 'tid' => $this->tid
));
// Update "answers" to ticket // Update "answers" to ticket
$upd_stmt = Database::prepare(' $upd_stmt = Database::prepare('
UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid');
); Database::pexecute($upd_stmt, array(
Database::pexecute($upd_stmt, array('tid' => $this->tid)); 'tid' => $this->tid
));
return true; return true;
} }
/** /**
* Remove ticket from database * Remove ticket from database
*/ */
public function Delete() { public function Delete()
{
// Delete "main" ticket // Delete "main" ticket
$del_stmt = Database::prepare(' $del_stmt = Database::prepare('
DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid');
); Database::pexecute($del_stmt, array(
Database::pexecute($del_stmt, array('tid' => $this->tid)); 'tid' => $this->tid
));
// Delete "answers" to ticket" // Delete "answers" to ticket"
$del_stmt = Database::prepare(' $del_stmt = Database::prepare('
DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid' DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid');
); Database::pexecute($del_stmt, array(
Database::pexecute($del_stmt, array('tid' => $this->tid)); 'tid' => $this->tid
));
return true; return true;
} }
@@ -243,9 +275,10 @@ class ticket {
// Get e-mail message for customer // Get e-mail message for customer
$usr_stmt = Database::prepare(' $usr_stmt = Database::prepare('
SELECT `name`, `firstname`, `company`, `email` SELECT `name`, `firstname`, `company`, `email`
FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid' FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid');
); $usr = Database::pexecute_first($usr_stmt, array(
$usr = Database::pexecute_first($usr_stmt, array('customerid' => $customerid)); 'customerid' => $customerid
));
$replace_arr = array( $replace_arr = array(
'FIRSTNAME' => $usr['firstname'], 'FIRSTNAME' => $usr['firstname'],
@@ -268,8 +301,7 @@ class ticket {
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
AND `templategroup`= 'mails' AND `varname`= :tplsubject" AND `templategroup`= 'mails' AND `varname`= :tplsubject");
);
$result = Database::pexecute_first($result_stmt, $tpl_seldata); $result = Database::pexecute_first($result_stmt, $tpl_seldata);
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr)); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr));
@@ -280,8 +312,7 @@ class ticket {
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
AND `templategroup`= 'mails' AND `varname`= :tplmailbody" AND `templategroup`= 'mails' AND `varname`= :tplmailbody");
);
$result = Database::pexecute_first($result_stmt, $tpl_seldata); $result = Database::pexecute_first($result_stmt, $tpl_seldata);
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr)); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr));
@@ -303,19 +334,21 @@ class ticket {
} }
if ($_mailerror) { if ($_mailerror) {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class')); $rstlog = FroxlorLogger::getInstanceOf(array(
'loginname' => 'ticket_class'
));
$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg); $rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $usr['email']); standard_error('errorsendingmail', $usr['email']);
} }
$mail->ClearAddresses(); $mail->ClearAddresses();
} else { } else {
$admin_stmt = Database::prepare(" $admin_stmt = Database::prepare("
SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `adminid` = :adminid" WHERE `adminid` = :adminid");
); $admin = Database::pexecute_first($admin_stmt, array(
$admin = Database::pexecute_first($admin_stmt, array('adminid' => $this->userinfo['adminid'])); 'adminid' => $this->userinfo['adminid']
));
$_mailerror = false; $_mailerror = false;
try { try {
$mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name')); $mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name'));
@@ -333,7 +366,9 @@ class ticket {
} }
if ($_mailerror) { if ($_mailerror) {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class')); $rstlog = FroxlorLogger::getInstanceOf(array(
'loginname' => 'ticket_class'
));
$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg); $rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $admin['email']); standard_error('errorsendingmail', $admin['email']);
} }
@@ -345,11 +380,9 @@ class ticket {
/** /**
* Add a support-categories * Add a support-categories
*/ */
static public function addCategory($_category = null, $_admin = 1, $_order = 1) { static public function addCategory($_category = null, $_admin = 1, $_order = 1)
{
if ($_category != null if ($_category != null && $_category != '') {
&& $_category != ''
) {
if ($_order < 1) { if ($_order < 1) {
$_order = 1; $_order = 1;
} }
@@ -358,8 +391,7 @@ class ticket {
INSERT INTO `" . TABLE_PANEL_TICKET_CATS . "` SET INSERT INTO `" . TABLE_PANEL_TICKET_CATS . "` SET
`name` = :name, `name` = :name,
`adminid` = :adminid, `adminid` = :adminid,
`logicalorder` = :lo" `logicalorder` = :lo");
);
$ins_data = array( $ins_data = array(
'name' => $_category, 'name' => $_category,
'adminid' => $_admin, 'adminid' => $_admin,
@@ -374,12 +406,9 @@ class ticket {
/** /**
* Edit a support-categories * Edit a support-categories
*/ */
static public function editCategory($_category = null, $_id = 0, $_order = 1) { static public function editCategory($_category = null, $_id = 0, $_order = 1)
{
if ($_category != null if ($_category != null && $_category != '' && $_id != 0) {
&& $_category != ''
&& $_id != 0
) {
if ($_order < 1) { if ($_order < 1) {
$_order = 1; $_order = 1;
} }
@@ -390,7 +419,11 @@ class ticket {
`logicalorder` = :lo `logicalorder` = :lo
WHERE `id` = :id WHERE `id` = :id
"); ");
Database::pexecute($upd_stmt, array('name' => $_category, 'lo' => $_order, 'id' => $_id)); Database::pexecute($upd_stmt, array(
'name' => $_category,
'lo' => $_order,
'id' => $_id
));
return true; return true;
} }
return false; return false;
@@ -399,21 +432,23 @@ class ticket {
/** /**
* Delete a support-categories * Delete a support-categories
*/ */
static public function deleteCategory($_id = 0) { static public function deleteCategory($_id = 0)
{
if ($_id != 0) { if ($_id != 0) {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
SELECT COUNT(`id`) as `numtickets` FROM `" . TABLE_PANEL_TICKETS . "` SELECT COUNT(`id`) as `numtickets` FROM `" . TABLE_PANEL_TICKETS . "`
WHERE `category` = :cat" WHERE `category` = :cat");
); $result = Database::pexecute_first($result_stmt, array(
$result = Database::pexecute_first($result_stmt, array('cat' => $_id)); 'cat' => $_id
));
if ($result['numtickets'] == "0") { if ($result['numtickets'] == "0") {
$del_stmt = Database::prepare(" $del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id" DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id");
); Database::pexecute($del_stmt, array(
Database::pexecute($del_stmt, array('id' => $_id)); 'id' => $_id
));
return true; return true;
} else { } else {
return false; return false;
@@ -426,13 +461,14 @@ class ticket {
/** /**
* Return a support-category-name * Return a support-category-name
*/ */
static public function getCategoryName($_id = 0) { static public function getCategoryName($_id = 0)
{
if ($_id != 0) { if ($_id != 0) {
$stmt = Database::prepare(" $stmt = Database::prepare("
SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id" SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id");
); $category = Database::pexecute_first($stmt, array(
$category = Database::pexecute_first($stmt, array('id' => $_id)); 'id' => $_id
));
return $category['name']; return $category['name'];
} }
return null; return null;
@@ -441,12 +477,13 @@ class ticket {
/** /**
* get the highest order number * get the highest order number
* *
* @param object $_uid admin-id (optional) * @param object $_uid
* admin-id (optional)
* *
* @return int highest order number * @return int highest order number
*/ */
static public function getHighestOrderNumber($_uid = 0) { static public function getHighestOrderNumber($_uid = 0)
{
$where = ''; $where = '';
$sel_data = array(); $sel_data = array();
if ($_uid > 0) { if ($_uid > 0) {
@@ -462,8 +499,8 @@ class ticket {
/** /**
* returns the last x archived tickets * returns the last x archived tickets
*/ */
static public function getLastArchived($_num = 10, $_admin = 1) { static public function getLastArchived($_num = 10, $_admin = 1)
{
if ($_num > 0) { if ($_num > 0) {
$archived = array(); $archived = array();
@@ -477,9 +514,10 @@ class ticket {
FROM `" . TABLE_PANEL_TICKETS . "` `main` FROM `" . TABLE_PANEL_TICKETS . "` `main`
WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1' WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1'
AND `main`.`adminid` = :adminid AND `main`.`adminid` = :adminid
ORDER BY `main`.`lastchange` DESC LIMIT 0, ".(int)$_num ORDER BY `main`.`lastchange` DESC LIMIT 0, " . (int) $_num);
); Database::pexecute($result_stmt, array(
Database::pexecute($result_stmt, array('adminid' => $_admin)); 'adminid' => $_admin
));
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -523,86 +561,56 @@ class ticket {
WHERE `sub`.`answerto` = `main`.`id` WHERE `sub`.`answerto` = `main`.`id`
) as `ticket_answers` ) as `ticket_answers`
FROM `" . TABLE_PANEL_TICKETS . "` `main` FROM `" . TABLE_PANEL_TICKETS . "` `main`
WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin" WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin";
;
$search_params['admin'] = $admin; $search_params['admin'] = $admin;
if ($subject != NULL if ($subject != NULL && $subject != '') {
&& $subject != ''
) {
$query .= " AND `main`.`subject` LIKE :subject"; $query .= " AND `main`.`subject` LIKE :subject";
$search_params['subject'] = "%" . $subject . "%"; $search_params['subject'] = "%" . $subject . "%";
} }
if ($priority != null if ($priority != null && isset($priority[0]) && $priority[0] != '') {
&& isset($priority[0])
&& $priority[0] != ''
) {
if (isset($priority[1]) if (isset($priority[1]) && $priority[1] != '') {
&& $priority[1] != ''
) {
if (isset($priority[2]) if (isset($priority[2]) && $priority[2] != '') {
&& $priority[2] != ''
) {
$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '2' OR `main`.`priority` = '3')"; $query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '2' OR `main`.`priority` = '3')";
} else { } else {
$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '1')"; $query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '1')";
} }
} elseif (isset($priority[2]) && $priority[2] != '') {
} elseif (isset($priority[2])
&& $priority[2] != ''
) {
$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '3')"; $query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '3')";
} else { } else {
$query .= " AND `main`.`priority` = '1'"; $query .= " AND `main`.`priority` = '1'";
} }
} elseif ($priority != null && isset($priority[1]) && $priority[1] != '') {
} elseif($priority != null if (isset($priority[2]) && $priority[2] != '') {
&& isset($priority[1])
&& $priority[1] != ''
) {
if (isset($priority[2])
&& $priority[2] != ''
) {
$query .= " AND (`main`.`priority` = '2' OR `main`.`priority` = '3')"; $query .= " AND (`main`.`priority` = '2' OR `main`.`priority` = '3')";
} else { } else {
$query .= " AND `main`.`priority` = '2'"; $query .= " AND `main`.`priority` = '2'";
} }
} elseif ($priority != null) { } elseif ($priority != null) {
if (isset($priority[3]) if (isset($priority[3]) && $priority[3] != '') {
&& $priority[3] != ''
) {
$query .= " AND `main`.`priority` = '3'"; $query .= " AND `main`.`priority` = '3'";
} }
} }
if ($fromdate != null if ($fromdate != null && $fromdate > 0) {
&& $fromdate > 0
) {
$query .= " AND `main`.`lastchange` > :fromdate"; $query .= " AND `main`.`lastchange` > :fromdate";
$search_params['fromdate'] = strtotime($fromdate); $search_params['fromdate'] = strtotime($fromdate);
} }
if ($todate != null if ($todate != null && $todate > 0) {
&& $todate > 0
) {
$query .= " AND `main`.`lastchange` < :todate"; $query .= " AND `main`.`lastchange` < :todate";
$search_params['todate'] = strtotime($todate); $search_params['todate'] = strtotime($todate);
} }
if ($message != null if ($message != null && $message != '') {
&& $message != ''
) {
$query .= " AND `main`.`message` LIKE :message"; $query .= " AND `main`.`message` LIKE :message";
$search_params['message'] = "%" . $message . "%"; $search_params['message'] = "%" . $message . "%";
} }
@@ -638,7 +646,10 @@ class ticket {
} }
} }
return array('0' => $query, '1' => $search_params); return array(
'0' => $query,
'1' => $search_params
);
} }
/** /**
@@ -646,8 +657,7 @@ class ticket {
*/ */
static public function getStatusText($_lng, $_status = 0) static public function getStatusText($_lng, $_status = 0)
{ {
switch($_status) switch ($_status) {
{
case 0: case 0:
return $_lng['ticket']['open']; return $_lng['ticket']['open'];
break; break;
@@ -668,8 +678,7 @@ class ticket {
*/ */
static public function getPriorityText($_lng, $_priority = 0) static public function getPriorityText($_lng, $_priority = 0)
{ {
switch($_priority) switch ($_priority) {
{
case 1: case 1:
return $_lng['ticket']['high']; return $_lng['ticket']['high'];
break; break;
@@ -706,17 +715,19 @@ class ticket {
/** /**
* function customerHasTickets * function customerHasTickets
* *
* @param int customer-id * @param
* int customer-id
* *
* @return array/bool array of ticket-ids if customer has any, else false * @return array/bool array of ticket-ids if customer has any, else false
*/ */
static public function customerHasTickets($_cid = 0) { static public function customerHasTickets($_cid = 0)
{
if ($_cid != 0) { if ($_cid != 0) {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid" SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid");
); Database::pexecute($result_stmt, array(
Database::pexecute($result_stmt, array('cid' => $_cid)); 'cid' => $_cid
));
$tickets = array(); $tickets = array();
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -732,8 +743,8 @@ class ticket {
/** /**
* Get a data-var * Get a data-var
*/ */
public function Get($_var = '', $_vartrusted = false) { public function Get($_var = '', $_vartrusted = false)
{
if ($_var != '') { if ($_var != '') {
if (! $_vartrusted) { if (! $_vartrusted) {
$_var = htmlspecialchars($_var); $_var = htmlspecialchars($_var);
@@ -758,11 +769,9 @@ class ticket {
/** /**
* Set a data-var * Set a data-var
*/ */
public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) { public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false)
{
if ($_var != '' if ($_var != '' && $_value != '') {
&& $_value != ''
) {
if (! $_vartrusted) { if (! $_vartrusted) {
$_var = strip_tags($_var); $_var = strip_tags($_var);
} }
@@ -771,9 +780,7 @@ class ticket {
$_value = strip_tags($_value, '<br />'); $_value = strip_tags($_value, '<br />');
} }
if (strtolower($_var) == 'message' if (strtolower($_var) == 'message' || strtolower($_var) == 'subject') {
|| strtolower($_var) == 'subject'
) {
$_value = $this->convertLatin1ToHtml($_value); $_value = $this->convertLatin1ToHtml($_value);
} }