From db960b2c2624727d437dce7239100862b31e1bf4 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Wed, 12 Oct 2016 13:26:28 -0400
Subject: [PATCH] Update lock and mail

---
 admin/lock.php |  3 ++-
 admin/mail.php | 10 +++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/admin/lock.php b/admin/lock.php
index 9ba669a2..d4b07be6 100644
--- a/admin/lock.php
+++ b/admin/lock.php
@@ -46,6 +46,7 @@ $modsForHesk_settings = mfh_getSettings();
 hesk_checkPermission('can_view_tickets');
 hesk_checkPermission('can_reply_tickets');
 hesk_checkPermission('can_edit_tickets');
+hesk_checkPermission('can_resolve');
 
 /* A security check */
 hesk_token_check();
@@ -98,7 +99,7 @@ $statusRs = hesk_dbQuery($statusSql);
 $statusRow = hesk_dbFetchAssoc($statusRs);
 $statusId = $statusRow['ID'];
 
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
 /* Back to ticket page and show a success message */
 hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
\ No newline at end of file
diff --git a/admin/mail.php b/admin/mail.php
index f3a5ac7c..2a5d183e 100644
--- a/admin/mail.php
+++ b/admin/mail.php
@@ -211,10 +211,10 @@ function mail_delete()
     if ($ids) {
         foreach ($ids as $id) {
             /* If both correspondents deleted the mail remove it from database, otherwise mark as deleted by this user */
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0 LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0");
 
             if (hesk_dbAffectedRows() != 1) {
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0 LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0");
             }
         }
 
@@ -236,7 +236,7 @@ function mail_mark_unread()
 
     if ($ids) {
         foreach ($ids as $id) {
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
         }
 
         hesk_process_messages($hesklang['smmu'], 'NOREDIRECT', 'SUCCESS');
@@ -257,7 +257,7 @@ function mail_mark_read()
 
     if ($ids) {
         foreach ($ids as $id) {
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
         }
 
         hesk_process_messages($hesklang['smmr'], 'NOREDIRECT', 'SUCCESS');
@@ -421,7 +421,7 @@ function show_message()
 	        /* Mark as read */
 	        if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read'])
 	        {
-				$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."' LIMIT 1");
+				hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."'");
 	        }
 
 	        $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id='.$pm[$hesk_settings['mailtmp']['other']].'">'.$admins[$pm[$hesk_settings['mailtmp']['other']]].'</a>' : (($pm['from'] == 9999) ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);