diff --git a/include/class.orm.php b/include/class.orm.php
index 627338c4c1f48cc21036f1227bd26e709210a670..31084569e7e8f06356f370b4df49bd38a96c465e 100644
--- a/include/class.orm.php
+++ b/include/class.orm.php
@@ -1637,7 +1637,7 @@ class MySqlCompiler extends SqlCompiler {
      * (string) token to be placed into the compiled SQL statement. For
      * MySQL, this is always the string '?'.
      */
-    function input(&$what, $slot=false) {
+    function input($what, $slot=false) {
         if ($what instanceof QuerySet) {
             $q = $what->getQuery(array('nosort'=>true));
             $this->params = array_merge($q->params);
@@ -2066,7 +2066,12 @@ class MysqlExecutor {
     }
 
     function __toString() {
-        return $this->sql;
+        $self = $this;
+        $x = 0;
+        return preg_replace_callback('/\?/', function($m) use ($self, &$x) {
+            $p = $self->params[$x++];
+            return db_real_escape($p, is_string($p));
+        }, $this->sql);
     }
 }
 
diff --git a/include/class.pagenate.php b/include/class.pagenate.php
index 361d21f89855a4982661ffdf6421bbeae360a203..acec4fb6cacbe6fb6b69d81c4267fcfa2369c507 100644
--- a/include/class.pagenate.php
+++ b/include/class.pagenate.php
@@ -127,5 +127,9 @@ class PageNate {
         return $html;
     }
 
+    function paginate(QuerySet $qs) {
+        return $qs->limit($this->getLimit())->offset($this->getStart());
+    }
+
 }
 ?>
diff --git a/include/class.staff.php b/include/class.staff.php
index e5b2f7d22e1dfded4b4edd674c277d7c70dc4fa0..c2c344544944682fe25c579ea235bfd44e6892ba 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -366,7 +366,7 @@ implements AuthenticatedUser {
     }
 
     function showAssignedTickets() {
-        return $this->group->show_assigned_tickets;
+        return $this->show_assigned_tickets;
     }
 
     function getTeams() {
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index a1154dbcb564e7bd8161ad1a5ed3eb1fbfb21da4..478d99c9cb19f5c1bc4be4585ebcf3745bc612c2 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -42,7 +42,10 @@ default:
 case 'open':
     $status='open';
     $results_type=__('Open Tickets');
-    $tickets->filter(array('isanswered'=>0));
+    if (!$cfg->showAnsweredTickets())
+        $tickets->filter(array('isanswered'=>0));
+    if (!$cfg || !($cfg->showAssignedTickets() || $thisstaff->showAssignedTickets()))
+        $tickets->filter(array('staff_id'=>0));
     break;
 }
 
@@ -78,6 +81,7 @@ $tickets->select_related('lock', 'dept', 'staff', 'user', 'user__default_email',
 $pagelimit=($_GET['limit'] && is_numeric($_GET['limit']))?$_GET['limit']:PAGE_LIMIT;
 $page=($_GET['p'] && is_numeric($_GET['p']))?$_GET['p']:1;
 $pageNav=new Pagenate($tickets->count(), $page,$pagelimit);
+$tickets = $pageNav->paginate($tickets);
 
 TicketForm::ensureDynamicDataView();