Some changes to admin/admin_reply

2016-10-03 20:44:42 -04:00 · 2016-10-03 20:44:42 -04:00 · 8e0236b2b4
commit 8e0236b2b4
parent ccb8931157
2 changed files with 20 additions and 7 deletions
--- a/admin/admin_main.php
+++ b/admin/admin_main.php
@ -51,6 +51,7 @@ hesk_isLoggedIn();
 define('CALENDAR', 1);
 define('MAIN_PAGE', 1);
 define('PAGE_TITLE', 'ADMIN_HOME');
 define('AUTO_RELOAD', 1);
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
@ -58,7 +59,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 /* Reset default settings? */
 if (isset($_GET['reset']) && hesk_token_check()) {
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
    $_SESSION['default_list'] = '';
 } /* Get default settings */
 else {
@ -81,6 +82,12 @@ else {
            </div>
        </div>
        <div class="box-body">
            <label>
                <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
                <?php $hesklang['arp']; ?>
                <span id="timer"></span>
            </label>
            <script type="text/javascript">heskCheckReloading();</script>
            <?php
            /* Print tickets? */
            if (hesk_checkPermission('can_view_tickets', 0)) {
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@ -74,6 +74,11 @@ if (hesk_dbNumRows($result) != 1) {
 $ticket = hesk_dbFetchAssoc($result);
 $trackingID = $ticket['trackid'];
 // Do we require owner before allowing to reply?
 if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
    hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
 }
 $hesk_error_buffer = array();
 // Get the message
@ -87,7 +92,7 @@ if (strlen($message)) {
    // Save message for later and ignore the rest?
    if (isset($_POST['save_reply'])) {
        // Delete any existing drafts from this owner for this ticket
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
        // Save the message draft
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
@ -237,6 +242,7 @@ $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk
 // Get new ticket status
 $sql_status = '';
 $change_status = true;
 // -> If locked, keep it resolved
 if ($ticket['locked']) {
    $new_status = $lockedTicketStatus['ID'];
@ -248,7 +254,7 @@ if ($ticket['locked']) {
        $newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
        $newStatus = hesk_dbFetchAssoc($newStatusRs);
-        if ($newStatus['IsClosed']) {
+        if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
            $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
            $sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
@ -257,7 +263,7 @@ if ($ticket['locked']) {
                $sql_status .= " , `locked`='1' ";
            }
        } else {
-            // Ticket isn't being closed, just add the history to the sql query
+            // Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
            $revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
            $sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
        }
@ -310,12 +316,12 @@ $sql .= " , `replies`=`replies`+1 ";
 $sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
 // End and execute the query
-$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
+$sql .= " WHERE `id`='{$replyto}'";
 hesk_dbQuery($sql);
 unset($sql);
 /* Update number of replies in the users table */
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
 // --> Prepare reply message
@ -357,7 +363,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
 }
 // Delete any existing drafts from this owner for this ticket
-hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
 /* Set reply submitted message */
 $_SESSION['HESK_SUCCESS'] = TRUE;