| '.$langs->trans("TicketCreateThirdPartyWithContactIfNotExist").' | ';
print '';
if (empty(getDolGlobalInt('TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST'))) {
@@ -342,6 +344,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->textwithpicto('', $langs->trans("TicketCreateThirdPartyWithContactIfNotExistHelp"), 1, 'help');
print ' | ';
print '
';
+ */
/*if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
{
diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php
index 2e1773ddfa7..48c9dfe31a9 100644
--- a/htdocs/core/class/html.formticket.class.php
+++ b/htdocs/core/class/html.formticket.class.php
@@ -145,7 +145,7 @@ class FormTicket
* @param int $withdolfichehead With dol_get_fiche_head() and dol_get_fiche_end()
* @param string $mode Mode ('create' or 'edit')
* @param int $public 1=If we show the form for the public interface
- * @param Contact|null $with_contact [=NULL] Contact to link to this ticket if exists
+ * @param Contact|null $with_contact [=NULL] Contact to link to this ticket if it exists
* @param string $action [=''] Action in card
* @return void
*/
@@ -450,7 +450,7 @@ class FormTicket
if (count($cate_arbo)) {
// Categories
print '| '.$langs->trans("Categories").' | ';
- print img_picto('', 'category').$form->multiselectarray('categories', $cate_arbo, GETPOST('categories', 'array'), '', 0, 'quatrevingtpercent widthcentpercentminusx', 0, 0);
+ print img_picto('', 'category', 'class="pictofixedwidth"').$form->multiselectarray('categories', $cate_arbo, GETPOST('categories', 'array'), '', 0, 'quatrevingtpercent widthcentpercentminusx', 0, 0);
print " |
";
}
}
diff --git a/htdocs/public/ticket/ajax/ajax.php b/htdocs/public/ticket/ajax/ajax.php
index 2b637ce3647..8ae653643b8 100644
--- a/htdocs/public/ticket/ajax/ajax.php
+++ b/htdocs/public/ticket/ajax/ajax.php
@@ -19,6 +19,9 @@
/**
* \file htdocs/public/ticket/ajax/ajax.php
* \brief Ajax component for Ticket.
+ *
+ * This ajax component is called only by the create ticket public page. And only if TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST is set.
+ * This option TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST has been removed because it is a security hole.
*/
if (!defined('NOTOKENRENEWAL')) {
@@ -54,6 +57,10 @@ $action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int');
$email = GETPOST('email', 'alphanohtml');
+if (empty($conf->global->TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST)) {
+ httponly_accessforbidden('Option TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST of module ticket is not enabled');
+}
+
/*
* View
@@ -71,9 +78,18 @@ if ($action == 'getContacts') {
require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php';
$ticket = new Ticket($db);
- $contacts = $ticket->searchContactByEmail($email);
- if (is_array($contacts)) {
- $return['contacts'] = $contacts;
+ $arrayofcontacts = $ticket->searchContactByEmail($email);
+ if (is_array($arrayofcontacts)) {
+ $arrayofminimalcontacts = array();
+ foreach ($arrayofcontacts as $tmpval) {
+ $tmpresult = new stdClass();
+ $tmpresult->id = $tmpval->id;
+ $tmpresult->firstname = $tmpval->firstname;
+ $tmpresult->lastname = $tmpval->lastname;
+ $arrayofminimalcontacts[] = $tmpresult;
+ }
+
+ $return['contacts'] = $arrayofminimalcontacts;
} else {
$return['error'] = $ticket->errorsToString();
}
diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php
index f65b6f07a33..284f2ee63b8 100644
--- a/htdocs/ticket/class/ticket.class.php
+++ b/htdocs/ticket/class/ticket.class.php
@@ -1872,10 +1872,10 @@ class Ticket extends CommonObject
$res = $this->db->query($sql);
if ($res) {
- while ($rec = $this->db->fetch_array($res)) {
+ while ($rec = $this->db->fetch_object($res)) {
include_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
$contactstatic = new Contact($this->db);
- $contactstatic->fetch($rec['rowid']);
+ $contactstatic->fetch($rec->rowid);
$contacts[] = $contactstatic;
}