$order_list = array('code', 'subject', 'last_replier', 'replies', 'priority_id', 'last_update', 'department_id', 'status'); $orderby = in_array($params[2], $order_list) ? $params[2] : 'last_update'; $sortby = $params[3] == 'asc' ? 'asc' : 'desc'; if ($input->p['do'] == 'update') { if (verifyToken('tickets', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (!is_array($input->p['ticket_id'])) { $error_msg = $LANG['NO_SELECT_TICKET']; } else { foreach ($input->p['ticket_id'] as $k) { if (is_numeric($k)) { $ticketid = $db->real_escape_string($k); if ($input->p['remove'] == 1) { $db->delete(TABLE_PREFIX . "tickets", "id='{$ticketid}'"); $db->delete(TABLE_PREFIX . "tickets_messages", "ticket_id='{$ticketid}'"); removeAttachment($ticketid, 'tickets'); } else { if (array_key_exists($input->p['department'], $departments)) { $db->query("UPDATE " . TABLE_PREFIX . "tickets SET department_id='" . $db->real_escape_string($input->p['department']) . "' WHERE id='{$ticketid}'"); } if (array_key_exists($input->p['status'], $statuscolor)) { $db->query("UPDATE " . TABLE_PREFIX . "tickets SET status='" . $db->real_escape_string($input->p['status']) . "' WHERE id='{$ticketid}'"); } if (array_key_exists($input->p['priority'], $priority)) { $db->query("UPDATE " . TABLE_PREFIX . "tickets SET priority_id='" . $db->real_escape_string($input->p['priority']) . "' WHERE id='{$ticketid}'"); } } } } header('location: ' . getUrl($controller, $action, array('page', $page, $orderby, $sortby), $getvar)); exit;
$page = !is_numeric($params[2]) ? 1 : $params[2]; } else { $page = 1; } if ($input->p['do'] == 'update') { if (verifyToken('knowledgebase', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (!is_array($input->p['kb_id'])) { $error_msg = $LANG['NO_SELECT_ARTICLE']; } else { foreach ($input->p['kb_id'] as $k) { if (is_numeric($k)) { $kb_id = $db->real_escape_string($k); if ($input->p['remove'] == 1) { $db->delete(TABLE_PREFIX . "articles", "id='{$kb_id}'"); removeAttachment($kb_id, 'articles'); } else { if (array_key_exists($input->p['kb_category'], $kb_category)) { $db->query("UPDATE " . TABLE_PREFIX . "articles SET category='" . $db->real_escape_string($input->p['kb_category']) . "' WHERE id='{$kb_id}'"); } } } } header('location: ' . getUrl($controller, $action, array('page', $page, $orderby, $sortby), $getvar)); exit; } } $order_list = array('title', 'author', 'date', 'category', 'views'); $orderby = in_array($params[3], $order_list) ? $params[3] : 'id'; $sortby = $params[4] == 'asc' ? 'asc' : 'desc'; $max_results = $settings['page_size'];
if ($attachment['total'] == 0) { $filename = CONTROLLERS . 'home_controller.php'; $action = '404notfound'; include $filename; exit; } else { header("Content-disposition: attachment; filename=" . $attachment['name']); header("Content-type: " . $attachment['filetype']); readfile(UPLOAD_DIR . 'tickets/' . $attachment['enc']); exit; } } } elseif ($params[2] == 'remove_attachment') { $attachment = $db->fetchRow("SELECT id, COUNT(id) AS total FROM " . TABLE_PREFIX . "attachments WHERE id=" . $db->real_escape_string($params[3]) . " AND ticket_id=" . $params[1] . " AND msg_id=" . $params[4]); if ($attachment['total'] != 0) { removeAttachment($attachment['id'], 'ticket'); } header('location:' . getUrl($controller, $action, array('view', $ticket['id'], 'AttachmentRemoved'))); exit; } elseif ($params[2] == 'getKB') { if (is_numeric($params[3])) { $kb = $db->fetchOne("SELECT content FROM " . TABLE_PREFIX . "articles WHERE id=" . $db->real_escape_string($params[3])); $kb = html_entity_decode(strip_tags($kb)); $kb = urldecode($kb); echo $kb; } exit; } $canned_q = $db->query("SELECT id, title, message FROM " . TABLE_PREFIX . "canned_response ORDER BY position ASC"); while ($r = $db->fetch_array($canned_q)) { $r['message'] = html_entity_decode($r['message']);