From 099ae78a0cb8f5bb6f7fb9485ef7bcd531246a9e Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Wed, 11 Dec 2013 12:05:22 -0600
Subject: [PATCH] forms: Fix advanced search on fields with a `name`

Previously, advanced search was bugged in such a way that the advanced
search on a field without a `name` value would result in a hit of all the
tickets.

Fixes osTicket/osTicket-1.8#288
---
 include/ajax.tickets.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index aa4d99129..b795aafc7 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -211,13 +211,13 @@ class TicketsAjaxAPI extends AjaxController {
              'WHERE entry.object_type="T" GROUP BY entry.object_id)';
         $vals = array();
         foreach (TicketForm::getInstance()->getFields() as $f) {
-            if ($f->get('name') && isset($req[$f->getFormName()])
+            if (isset($req[$f->getFormName()])
                     && ($val = $req[$f->getFormName()])) {
-                $name = $f->get('name');
-                $vals[] = "MAX(IF(field.name = '$name', ans.value_id, NULL)) as `{$name}_id`";
-                $vals[] = "MAX(IF(field.name = '$name', ans.value, NULL)) as `$name`";
-                $where .= " AND (dyn.`{$name}_id` = ".db_input($val)
-                    . " OR dyn.`$name` LIKE '%".db_real_escape($val)."%')";
+                $id = $f->get('id');
+                $vals[] = "MAX(IF(field.id = '$id', ans.value_id, NULL)) as `f_{$id}_id`";
+                $vals[] = "MAX(IF(field.id = '$id', ans.value, NULL)) as `f_$id`";
+                $where .= " AND (dyn.`f_{$id}_id` = ".db_input($val)
+                    . " OR dyn.`f_$id` LIKE '%".db_real_escape($val)."%')";
             }
         }
         if ($vals)
-- 
GitLab