From ac13377fc47a06fc985fe2de1eff87c3312c9934 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Sat, 22 Mar 2014 21:43:49 -0500
Subject: [PATCH] Guests cannot see related tickets
---
include/class.auth.php | 1 +
include/class.client.php | 9 +++++++++
include/class.nav.php | 2 +-
include/client/header.inc.php | 3 ++-
tickets.php | 4 ++++
5 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/class.auth.php b/include/class.auth.php
index 563a79b19..1cd2c584f 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -793,6 +793,7 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
if (!$user || strcmp($this->getAuthKey($user), $authkey))
return null;
+ $user->flagGuest();
return $user;
}
diff --git a/include/class.client.php b/include/class.client.php
index 14533f9bb..910be9b4b 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -18,6 +18,7 @@ abstract class TicketUser {
static private $token_regex = '/^(?P<type>\w{1})(?P<algo>\d+)x(?P<hash>.*)$/i';
protected $user;
+ protected $_guest = false;
function __construct($user) {
$this->user = $user;
@@ -137,6 +138,14 @@ abstract class TicketUser {
&& $this->user->getId() == $this->getTicket()->getOwnerId());
}
+ function flagGuest() {
+ $this->_guest = true;
+ }
+
+ function isGuest() {
+ return $this->_guest;
+ }
+
abstract function getTicketId();
abstract function getTicket();
}
diff --git a/include/class.nav.php b/include/class.nav.php
index d2798cece..4cdd222fc 100644
--- a/include/class.nav.php
+++ b/include/class.nav.php
@@ -282,7 +282,7 @@ class UserNav {
$navs['new']=array('desc'=>'Open New Ticket','href'=>'open.php','title'=>'');
if($user && $user->isValid()) {
- if($cfg && $cfg->showRelatedTickets()) {
+ if(!$user->isGuest() && $cfg && $cfg->showRelatedTickets()) {
$navs['tickets']=array('desc'=>sprintf('Tickets (%d)',$user->getNumTickets()),
'href'=>'tickets.php',
'title'=>'Show all tickets');
diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index 1fe599486..707c50241 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -43,7 +43,8 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
style="height: 5em"></a>
<p>
<?php
- if($thisclient && is_object($thisclient) && $thisclient->isValid()) {
+ if ($thisclient && is_object($thisclient) && $thisclient->isValid()
+ && !$thisclient->isGuest()) {
echo Format::htmlchars($thisclient->getName()).' |';
?>
<a href="<?php echo ROOT_PATH; ?>account.php">Profile</a> |
diff --git a/tickets.php b/tickets.php
index 01d8b799c..158011983 100644
--- a/tickets.php
+++ b/tickets.php
@@ -16,6 +16,10 @@
**********************************************************************/
require('secure.inc.php');
if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again.
+
+if ($thisclient->isGuest())
+ $_REQUEST['id'] = $thisclient->getTicketId();
+
require_once(INCLUDE_DIR.'class.ticket.php');
require_once(INCLUDE_DIR.'class.json.php');
$ticket=null;
--
GitLab