fix: Fix delete_attachment.php AuditLogModel calls

- Add session status check - Remove broken AuditLogModel call without $conn in CSRF check - Fix AuditLogModel instantiation with proper $conn parameter - Fix log() call to pass array instead of JSON string for details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 17:00:54 -05:00
parent 10d5075f2d
commit ebf318f8af
1 changed files with 30 additions and 16 deletions
--- a/api/delete_attachment.php
+++ b/api/delete_attachment.php
@@ -5,11 +5,19 @@
 * Handles deletion of ticket attachments
 */

-// Apply rate limiting
+// Capture errors for debugging
+ini_set('display_errors', 0);
+error_reporting(E_ALL);
+
+// Apply rate limiting (also starts session)
 require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
 RateLimitMiddleware::apply('api');

-session_start();
+// Ensure session is started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
 require_once dirname(__DIR__) . '/config/config.php';
 require_once dirname(__DIR__) . '/helpers/ResponseHelper.php';
 require_once dirname(__DIR__) . '/models/AttachmentModel.php';
@@ -37,8 +45,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 // Verify CSRF token
 $csrfToken = $input['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
 if (!CsrfMiddleware::validateToken($csrfToken)) {
-    $auditLog = new AuditLogModel();
-    $auditLog->logCsrfFailure($_SESSION['user']['user_id'] ?? null, 'delete_attachment');
    ResponseHelper::forbidden('Invalid CSRF token');
 }

@@ -81,19 +87,27 @@ try {
    }

    // Log the deletion
-    $auditLog = new AuditLogModel();
-    $auditLog->log(
-        $_SESSION['user']['user_id'],
-        'attachment_delete',
-        'ticket_attachments',
-        $attachmentId,
-        json_encode([
-            'ticket_id' => $attachment['ticket_id'],
-            'filename' => $attachment['original_filename'],
-            'size' => $attachment['file_size']
-        ]),
-        null
+    $conn = new mysqli(
+        $GLOBALS['config']['DB_HOST'],
+        $GLOBALS['config']['DB_USER'],
+        $GLOBALS['config']['DB_PASS'],
+        $GLOBALS['config']['DB_NAME']
    );
+    if (!$conn->connect_error) {
+        $auditLog = new AuditLogModel($conn);
+        $auditLog->log(
+            $_SESSION['user']['user_id'],
+            'attachment_delete',
+            'ticket_attachments',
+            (string)$attachmentId,
+            [
+                'ticket_id' => $attachment['ticket_id'],
+                'filename' => $attachment['original_filename'],
+                'size' => $attachment['file_size']
+            ]
+        );
+        $conn->close();
+    }

    ResponseHelper::success([], 'Attachment deleted successfully');