} else { $mine_selected = ''; $all_selected = 'selected'; } if ($_REQUEST['fun'] == '' || $_REQUEST['fun'] == 'home' || $_REQUEST['fun'] == 'search') { // This is an archaic parameter list $match_condition = isset($_REQUEST['search_match']) ? $_REQUEST['search_match'] : ''; $where = getTicketSearchQuery(); $params = array(array('id' => "{$customerid}", 'sessionid' => "{$sessionid}", 'user_name' => "{$username}", 'onlymine' => $onlymine, 'where' => "{$where}", 'match' => "{$match_condition}")); $result = $client->call('get_tickets_list', $params, $Server_Path, $Server_Path); include "TicketsList.php"; } elseif ($_REQUEST['fun'] == 'newticket') { include "NewTicket.php"; } elseif ($_REQUEST['fun'] == 'updatecomment' || $_REQUEST['fun'] == 'close_ticket' || $_REQUEST['fun'] == 'uploadfile') { if ($_REQUEST['fun'] == 'updatecomment') { UpdateComment(); } if ($_REQUEST['fun'] == 'close_ticket') { $ticketid = $_REQUEST['ticketid']; $res = Close_Ticket($ticketid); } if ($_REQUEST['fun'] == 'uploadfile') { $upload_status = AddAttachment(); if ($upload_status != '') { echo $upload_status; exit(0); } } ?> <script> var ticketid = <?php
function OnUpdate() { if (!isset($_POST["hash"])) { return False; } if (isset($_REQUEST["user"]) && isset($_POST["favorite"])) { UpdateFavorite($_POST["hash"], $_REQUEST["user"], $_POST["favorite"] === "true"); } // This part is under permissions constraints. //================================================== if (isset($_POST["vendor"])) { if (!CanModifyFile($_POST["hash"])) { return False; } UpdateVendor($_POST["hash"], $_POST["vendor"]); } if (isset($_POST["comment"])) { if (!CanModifyFile($_POST["hash"])) { return False; } UpdateComment($_POST["hash"], $_POST["comment"]); } if (isset($_POST["tags"])) { if (!CanModifyFile($_POST["hash"])) { return False; } UpdateTags($_POST["hash"], $_POST["tags"]); } return True; }