LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bulk operation dropping tickets with leading-zero IDs, add query null-check

Browse Source 
bulk_operation.php: ticket ID validation was converting IDs to int then back
to string, so '000123456' became '123456' which never matched the DB VARCHAR
key, silently rejecting ~11% of tickets from bulk operations. Now validates
with ctype_digit() to preserve leading zeros.

TicketModel::getTicketsByIds(): changed intval() to strval() and bind type
'i' to 's' so VARCHAR ticket_id columns are queried consistently as strings.

DashboardController::getCategoriesAndTypes(): added null check on query
result before calling fetch_assoc() to prevent TypeError if query fails.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-04-10 22:29:14 -04:00
parent e9a033d4ef
commit d443caf059
3 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/bulk_operation.php
+3 -3
View File
@@ -49,10 +49,10 @@ if (!$operationType || empty($ticketIds)) {
exit; exit;
} }
// Validate ticket IDs are positive integers // Validate ticket IDs: must be non-empty numeric strings (allows leading zeros)
$ticketIds = array_values(array_filter(array_map(function($id) { $ticketIds = array_values(array_filter(array_map(function($id) {
$int = (int)$id; $s = trim((string)$id);
return ($int > 0 && (string)$int === (string)$id) ? $int : null; return (ctype_digit($s) && (int)$s > 0) ? $s : null;
}, $ticketIds))); }, $ticketIds)));
if (empty($ticketIds)) { if (empty($ticketIds)) {
echo json_encode(['success' => false, 'error' => 'No valid ticket IDs provided']); echo json_encode(['success' => false, 'error' => 'No valid ticket IDs provided']);
controllers/DashboardController.php
+4
View File
@@ -186,6 +186,10 @@ class DashboardController {
$categories = []; $categories = [];
$types = []; $types = [];
if (!$result) {
return ['categories' => $categories, 'types' => $types];
}
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
if ($row['field'] === 'category' && !in_array($row['value'], $categories, true)) { if ($row['field'] === 'category' && !in_array($row['value'], $categories, true)) {
$categories[] = $row['value']; $categories[] = $row['value'];
models/TicketModel.php
+3 -3
View File
@@ -558,8 +558,8 @@ class TicketModel {
return []; return [];
} }
// Sanitize ticket IDs // Sanitize ticket IDs: cast to string to preserve leading zeros
$ticketIds = array_map('intval', $ticketIds); $ticketIds = array_map('strval', $ticketIds);
// Create placeholders for IN clause // Create placeholders for IN clause
$placeholders = str_repeat('?,', count($ticketIds) - 1) . '?'; $placeholders = str_repeat('?,', count($ticketIds) - 1) . '?';
@@ -578,7 +578,7 @@ class TicketModel {
WHERE t.ticket_id IN ($placeholders)"; WHERE t.ticket_id IN ($placeholders)";
$stmt = $this->conn->prepare($sql); $stmt = $this->conn->prepare($sql);
$types = str_repeat('i', count($ticketIds)); $types = str_repeat('s', count($ticketIds));
$stmt->bind_param($types, ...$ticketIds); $stmt->bind_param($types, ...$ticketIds);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();