LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix loose comparisons in authorization checks

Browse Source 
- TicketModel.php: fix bind_param "sssi"→"issi" for ticketId in addComment()
- TicketModel.php: use strict (int) cast === for confidential ticket access check
- update_ticket.php: use strict (int) cast !== for creator/assignee auth check
- AttachmentModel.php: use strict (int) cast === for upload ownership check

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-03-28 22:35:48 -04:00
parent cfbef029cb
commit d33f761a55
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
models/AttachmentModel.php
+1 -1
View File
@@ -131,7 +131,7 @@ class AttachmentModel {
}
$attachment = $this->getAttachment($attachmentId);
return $attachment && $attachment['uploaded_by'] == $userId;
return $attachment && (int)$attachment['uploaded_by'] === (int)$userId;
}
/**