Hey all,

I did a search on the forum and didn't find anything but I found a flaw in the system.

the overdue ticket emails only accept %ticket and %staff (i believe). problem is that the scp/tickets.php only searches the MySQL ID not the ticket ID which the system fails to find and then takes the user to the general list and not the clicked ticket itself.
The other issue is the error message of Unknown Ticket ID#{###} is not shown either because the user is just taken to another page anyway.

now, I can easily fix this myself but don't know if the osticket team have already identified the problem and corrected/ing it or if I should modify the way the ticket system works.. ie not use ID of mysql database as it's been using (baaad practice, should be ticket number only).
The other solution is to check both the mysql ID and the ticket_ID fields...which i don't like really.

has anyone identified this problem and is there already a fix for it???

AARGH!!! couldn't wait and the problem was annoying me..

made changes to scp/tickets.php as below.. bad way but it's only for now to minimize changing original code.

if(($tid=$_REQUEST['tid']?$_REQUEST['tid']:null) && is_numeric($tid)) {
$id = Ticket::getIdByExtId($tid);
$_REQUEST['id']=$id;
}

//LOCKDOWN...See if the id provided is actually valid and if the user has access.
if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['ticket_id']) && is_numeric($id)) {
$deptID=0;
$ticket= new Ticket($id);
if(!$ticket or !$ticket->getDeptId())


OH!!! Also had to change th Overdue ticket email template from ?id= to ?tid=