diff --git a/api/assign_ticket.php b/api/assign_ticket.php
index 351da55..0bd59d4 100644
--- a/api/assign_ticket.php
+++ b/api/assign_ticket.php
@@ -12,10 +12,10 @@ if (!is_array($data)) {
exit;
}
-$ticketId = isset($data['ticket_id']) ? (int)$data['ticket_id'] : null;
+$ticketId = isset($data['ticket_id']) ? (int)$data['ticket_id'] : 0;
$assignedTo = $data['assigned_to'] ?? null;
-if (!$ticketId) {
+if ($ticketId <= 0) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Ticket ID required']);
exit;
@@ -34,7 +34,7 @@ if (!$ticket || !$ticketModel->canUserAccessTicket($ticket, $currentUser)) {
}
// Authorization: only admins or the ticket creator/assignee can reassign
-if (!$isAdmin && $ticket['created_by'] !== $userId && $ticket['assigned_to'] !== $userId) {
+if (!$isAdmin && (int)$ticket['created_by'] !== (int)$userId && (int)$ticket['assigned_to'] !== (int)$userId) {
http_response_code(403);
echo json_encode(['success' => false, 'error' => 'Permission denied']);
exit;
@@ -51,6 +51,7 @@ if ($assignedTo === null || $assignedTo === '') {
$assignedTo = (int)$assignedTo;
$targetUser = $userModel->getUserById($assignedTo);
if (!$targetUser) {
+ http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Invalid user ID']);
exit;
}
diff --git a/api/export_tickets.php b/api/export_tickets.php
index 0e33b8e..68e19c7 100644
--- a/api/export_tickets.php
+++ b/api/export_tickets.php
@@ -21,7 +21,7 @@ try {
require_once dirname(__DIR__) . '/models/TicketModel.php';
// Check authentication via session
- session_start();
+ if (session_status() === PHP_SESSION_NONE) { session_start(); }
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
header('Content-Type: application/json');
http_response_code(401);
diff --git a/assets/js/ticket.js b/assets/js/ticket.js
index efb6b27..81d4e3c 100644
--- a/assets/js/ticket.js
+++ b/assets/js/ticket.js
@@ -512,7 +512,7 @@ function renderDependencies(dependencies) {
${lt.escHtml(dep.title)}
${lt.escHtml(dep.status)}
-
+
`;
});
diff --git a/models/CommentModel.php b/models/CommentModel.php
index b38e0ca..e0ae669 100644
--- a/models/CommentModel.php
+++ b/models/CommentModel.php
@@ -126,7 +126,7 @@ class CommentModel {
private function buildCommentThread($comment, &$allComments) {
$comment['replies'] = [];
foreach ($allComments as $c) {
- if ($c['parent_comment_id'] == $comment['comment_id']
+ if ((int)$c['parent_comment_id'] === (int)$comment['comment_id']
&& isset($allComments[$c['comment_id']])) {
$comment['replies'][] = $this->buildCommentThread($c, $allComments);
}
diff --git a/models/UserModel.php b/models/UserModel.php
index 0b34865..80a5bfb 100644
--- a/models/UserModel.php
+++ b/models/UserModel.php
@@ -227,7 +227,7 @@ class UserModel {
* @return bool True if user is admin
*/
public function isAdmin(array $user): bool {
- return isset($user['is_admin']) && $user['is_admin'] == 1;
+ return isset($user['is_admin']) && (int)$user['is_admin'] === 1;
}
/**
diff --git a/views/TicketView.php b/views/TicketView.php
index a58d08e..c7a0d87 100644
--- a/views/TicketView.php
+++ b/views/TicketView.php
@@ -151,7 +151,7 @@ include __DIR__ . '/layout_header.php';
@@ -183,7 +183,7 @@ include __DIR__ . '/layout_header.php';
@@ -361,7 +361,7 @@ include __DIR__ . '/layout_header.php';
function renderComment(array $comment, ?int $currentUserId, bool $isAdmin, int $depth = 0): void {
$displayName = $comment['display_name_formatted'] ?? $comment['user_name'] ?? 'Unknown User';
$commentId = (int)$comment['comment_id'];
- $isOwner = ($comment['user_id'] == $currentUserId);
+ $isOwner = ((int)$comment['user_id'] === (int)$currentUserId);
$canModify = $isOwner || $isAdmin;
$markdownEnabled = (bool)($comment['markdown_enabled'] ?? false);
$threadDepth = (int)($comment['thread_depth'] ?? $depth);