function purgeticket($msg, $id = null) { global $db, $auth; // check id validity if (empty($id) || !isTicketId($id)) { return array('httpBadRequest', 'bad parameters'); } // fetch the ticket id $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false || isTicketExpired($DATA)) { return array('httpNotFound', 'not found'); } // check for permissions if (!$auth["admin"] && $DATA["user_id"] != $auth["id"]) { return array('httpUnauthorized', 'not authorized'); } // actually purge the ticket ticketPurge($DATA, false); return array(false, false); }
function isGrantId($str) { return isTicketId($str); }
$sql = "UPDATE ticket SET " . join(", ", $tmp) . " WHERE id = " . $db->quote($id); if ($db->exec($sql) != 1) { return false; } // fetch defaults $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); $DATA['pass'] = empty($_POST["pass"]) ? NULL : $_POST["pass"]; // trigger update hooks onTicketUpdate($DATA); return $DATA; } // fetch the ticket id and check for permissions $DATA = false; $id =& $_REQUEST['id']; if (empty($id) || !isTicketId($id)) { $id = false; } else { $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false || isTicketExpired($DATA) || !$auth["admin"] && $DATA["user_id"] != $auth["id"]) { $DATA = false; } } // handle update if ($DATA) { if (validateParams($ticketEditParams, $_POST)) { // if update succeeds, return to listings if (handleUpdate($id)) { $DATA = false; }
require_once "pages.php"; require_once "ticketfuncs.php"; require_once "{$style}/include/style.php"; $act = "tlista"; $ref = pageLinkAct(); pageHeader(); if (isset($_REQUEST["purge"]) && !empty($_REQUEST["sel"])) { $list = array(); $sel =& $_REQUEST["sel"]; if (!is_array($sel)) { $sel = array($sel); } // purge immediately foreach ($sel as $id) { if (!isTicketId($id)) { continue; } $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false) { continue; } // actually purge the ticket $list[] = htmlEntUTF8(ticketStr($DATA)); ticketPurge($DATA, false); } if (count($list)) { infoMessage(T_("Purged"), $list); } }
<?php // download a ticket require_once "ticketfuncs.php"; // fetch the ticket id if (!isset($_SERVER["PATH_INFO"])) { logError("missing PATH_INFO, cannot continue"); httpBadRequest(); } $id = false; if (preg_match("/^\\/([^\\/]+)/", $_SERVER["PATH_INFO"], $tmp)) { $id = $tmp[1]; } if ($id === false || !isTicketId($id)) { logError("invalid ticket id/request"); httpNotFound(); } // try to fetch the id $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false || isTicketExpired($DATA)) { if ($DATA === false) { logEvent("unknown ticket requested"); } else { logTicketEvent($DATA, "expired ticket requested"); } httpNotFound(); } // check for password if (hasPassHash($DATA) && !isset($_SESSION['t'][$id])) { logTicketEvent($DATA, "missing credentials", LOG_ERR);