LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'development'

Browse Source
This commit is contained in:
Jared Vititoe
2026-04-11 13:31:34 -04:00
parent b841037130 47b70b0ee8
commit a62123236d
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/assign_ticket.php
+3 -2
View File
@@ -14,14 +14,15 @@ if (!is_array($data)) {
exit; exit;
} }
$ticketId = isset($data['ticket_id']) ? (int)$data['ticket_id'] : 0; $ticketIdRaw = isset($data['ticket_id']) ? trim((string)$data['ticket_id']) : '';
$assignedTo = $data['assigned_to'] ?? null; $assignedTo = $data['assigned_to'] ?? null;
if ($ticketId <= 0) { if (!ctype_digit($ticketIdRaw) || (int)$ticketIdRaw <= 0) {
http_response_code(400); http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Ticket ID required']); echo json_encode(['success' => false, 'error' => 'Ticket ID required']);
exit; exit;
} }
$ticketId = $ticketIdRaw;
$ticketModel = new TicketModel($conn); $ticketModel = new TicketModel($conn);
$auditLogModel = new AuditLogModel($conn); $auditLogModel = new AuditLogModel($conn);
api/delete_attachment.php
+2 -2
View File
@@ -67,7 +67,7 @@ try {
// Verify user can access the parent ticket // Verify user can access the parent ticket
$ticketModel = new TicketModel(Database::getConnection()); $ticketModel = new TicketModel(Database::getConnection());
$ticket = $ticketModel->getTicketById((int)$attachment['ticket_id']); $ticket = $ticketModel->getTicketById($attachment['ticket_id']);
if (!$ticket || !$ticketModel->canUserAccessTicket($ticket, $_SESSION['user'])) { if (!$ticket || !$ticketModel->canUserAccessTicket($ticket, $_SESSION['user'])) {
ResponseHelper::notFound('Attachment not found'); ResponseHelper::notFound('Attachment not found');
} }
@@ -80,7 +80,7 @@ try {
// Delete the file — use realpath() to prevent path traversal // Delete the file — use realpath() to prevent path traversal
$uploadDir = realpath($GLOBALS['config']['UPLOAD_DIR'] ?? dirname(__DIR__) . '/uploads'); $uploadDir = realpath($GLOBALS['config']['UPLOAD_DIR'] ?? dirname(__DIR__) . '/uploads');
$filePath = $uploadDir . '/' . (int)$attachment['ticket_id'] . '/' . $attachment['filename']; $filePath = $uploadDir . '/' . $attachment['ticket_id'] . '/' . $attachment['filename'];
$realPath = realpath($filePath); $realPath = realpath($filePath);
if ($realPath !== false) { if ($realPath !== false) {