Merge remote-tracking branch 'origin/master' into new-staff-page

.gitignore

@@ -157,6 +157,7 @@ inc/calendar/tcal.php
 inc/database.inc.php
 inc/database_mysqli.inc.php
 inc/footer.inc.php
+inc/htmlpurifier
 inc/index.htm
 inc/mail/email_parser.php
 inc/mail/hesk_pipe.php

admin/admin_main.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/admin_reply_ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/admin_settings.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -1650,7 +1650,7 @@ if (defined('HESK_DEMO')) {
                                     }
                                 }
                                 ?>
-                                <select>
+							</select>
                         </div>
                     </div>
                     <div class="form-group">
@@ -2746,7 +2746,7 @@ if (defined('HESK_DEMO')) {
                                 <textarea name="s_email_providers" class="form-control"
                                           placeholder="<?php echo htmlspecialchars($hesklang['epro']); ?>" id="d1"
                                           rows="5"
-                                          cols="40"/><?php echo implode("\n", $hesk_settings['email_providers']); ?></textarea>
+                                          cols="40"><?php echo implode("\n", $hesk_settings['email_providers']); ?></textarea>
                             </div>
                         </div>
                         <table border="0" width="100%">
@@ -2786,7 +2786,7 @@ if (defined('HESK_DEMO')) {
                                         } ?>/> <?php echo $hesklang['enn']; ?></label>
                                 </div>
                                 <textarea name="s_notify_spam_tags" rows="5" cols="40"
-                                          class="form-control"/><?php echo hesk_htmlspecialchars(implode("\n", $hesk_settings['notify_spam_tags'])); ?></textarea>
+                                          class="form-control"><?php echo hesk_htmlspecialchars(implode("\n", $hesk_settings['notify_spam_tags'])); ?></textarea>
                             </div>
                         </div>
                     </div>

admin/admin_settings_save.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/admin_submit_ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/admin_ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/banned_emails.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/banned_ips.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/change_status.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/delete_tickets.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/edit_note.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/edit_post.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/export.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -324,8 +324,13 @@ if (isset($_GET['w'])) {
 
     // Do we have the export directory?
     if (is_dir($export_dir) || (@mkdir($export_dir, 0777) && is_writable($export_dir))) {
+		// Is there an index.htm file?
+		if (!file_exists($export_dir.'index.htm')) {
+			@file_put_contents($export_dir.'index.htm', '');
+		}
+	
         // Cleanup old files
-        $files = glob($export_dir . '*', GLOB_NOSORT);
+        $files = preg_grep('/index\.htm$/', glob($export_dir.'*', GLOB_NOSORT), PREG_GREP_INVERT);
         if (is_array($files) && count($files)) {
             foreach ($files as $file) {
                 hesk_unlink($file, 86400);

admin/find_tickets.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/index.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -294,7 +294,7 @@ function print_login()
     <div>
     <div class="panel panel-default form-signin">
         <div class="panel-heading">
-            <h4><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['admin_login']; ?></a></h4>
+            <h4><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['admin_login']; ?></h4>
         </div>
         <div class="panel-body">
             <form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">

admin/knowledgebase_private.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -571,7 +571,7 @@ function show_subnav($hide='', $catid=1)
     echo $link['newa'];
     echo $link['newc'];
     ?>
-	<i class="fa fa-pencil" style="color:orange;font-size:16px"></i></a> <input type="hidden" name="a" value="edit_article" /><?php echo $hesklang['aid']; ?>: <input type="text" name="id" size="3" <?php if ($artid) echo 'value="' . $artid . '"'; ?> /> <input type="submit" value="<?php echo $hesklang['edit']; ?>" class="btn btn-default btn-xs" />
+	<i class="fa fa-pencil" style="color:orange;font-size:16px"></i> <input type="hidden" name="a" value="edit_article" /><?php echo $hesklang['aid']; ?>: <input type="text" name="id" size="3" <?php if ($artid) echo 'value="' . $artid . '"'; ?> /> <input type="submit" value="<?php echo $hesklang['edit']; ?>" class="btn btn-default btn-xs" />
 	</form>
     </div>
 

admin/lock.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -95,11 +95,10 @@ if (empty($_GET['locked'])) {
 /* Update database */
 $statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1';
 $statusRs = hesk_dbQuery($statusSql);
-$statusRow = hesk_dbFetchAssoc($statusSql);
+$statusRow = hesk_dbFetchAssoc($statusRs);
 $statusId = $statusRow['ID'];
 
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$statusId}',`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 
 /* Back to ticket page and show a success message */
-hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
-?>
+hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');

admin/mail.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/manage_canned.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/manage_categories.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/manage_knowledgebase.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -1112,6 +1112,11 @@ function save_article()
 	    }
         
 	    $content = hesk_getHTML( hesk_POST('content') );
+		
+		// Clean the HTML code
+		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+		$purifier = new HTMLPurifier();
+		$content = $purifier->purify($content);
     }
 	else
     {
@@ -1969,6 +1974,11 @@ function new_article()
 	    }
 
         $content = hesk_getHTML( hesk_POST('content') );
+		
+		// Clean the HTML code
+		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+		$purifier = new HTMLPurifier();
+		$content = $purifier->purify($content);
     }
 	else
     {
@@ -2211,7 +2221,7 @@ function show_treeMenu() {
 	<i class="fa fa-plus icon-link green"></i> = <?php echo $hesklang['kb_p_art2']; ?><br />
 	<i class="fa fa-caret-right blue" style="font-size:18px"></i> = <?php echo $hesklang['kb_p_cat2']; ?><br />
 	<i class="fa fa-gear icon-link gray"></i> = <?php echo $hesklang['kb_p_man2']; ?><br />
-    <img src="../img/blank.gif" width="1" height="16" alt="" style="padding:1px" class="optionWhiteNbOFF" />(<span class="kb_published">1</span>, <span class="kb_private">2</span>, <span class="kb_draft">3</span>) = <?php echo $hesklang['xyz']; ?></span><br />
+    <img src="../img/blank.gif" width="1" height="16" alt="" style="padding:1px" class="optionWhiteNbOFF" />(<span class="kb_published">1</span>, <span class="kb_private">2</span>, <span class="kb_draft">3</span>) = <?php echo $hesklang['xyz']; ?><br />
     <?php
 }
 

admin/manage_permission_templates.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/manage_ticket_templates.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/manage_users.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/new_ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/options.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/password.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/profile.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/reports.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

admin/service_messages.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -292,9 +292,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
             <div class="panel panel-default">
                 <div class="panel-heading">
-                    <h4><a name="new_article"></a><?php echo $hesklang['new_sm']; ?> <a href="javascript:void(0)"
-                                                                                        onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"><i
-                                class="fa fa-question-circle settingsquestionmark"></i></a></h4>
+                    <h4><a name="new_article"></a><?php echo hesk_SESSION('edit_sm') ? $hesklang['edit_sm'] : $hesklang['new_sm']; ?></h4>
                 </div>
                 <div class="panel-body">
                     <form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
@@ -486,11 +484,15 @@ function save_sm()
     $icon = hesk_POST('icon');
     $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
     $message = hesk_getHTML(hesk_POST('message'));
+	
+	// Clean the HTML code
+	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+	$purifier = new HTMLPurifier();
+	$message = $purifier->purify($message);
 
     // Any errors?
     if (count($hesk_error_buffer)) {
         $_SESSION['edit_sm'] = true;
-        $hesklang['new_sm'] = $hesklang['edit_sm'];
 
         $_SESSION['new_sm'] = array(
             'id' => $id,
@@ -515,7 +517,6 @@ function save_sm()
     if (isset($_POST['sm_preview'])) {
         $_SESSION['preview_sm'] = true;
         $_SESSION['edit_sm'] = true;
-        $hesklang['new_sm'] = $hesklang['edit_sm'];
 
         $_SESSION['new_sm'] = array(
             'id' => $id,
@@ -563,8 +564,6 @@ function edit_sm()
     $_SESSION['new_sm'] = $sm;
     $_SESSION['edit_sm'] = true;
 
-    $hesklang['new_sm'] = $hesklang['edit_sm'];
-
 } // End edit_sm()
 
 
@@ -654,6 +653,11 @@ function new_sm()
     $icon = hesk_POST('icon');
     $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
     $message = hesk_getHTML(hesk_POST('message'));
+	
+	// Clean the HTML code
+	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+	$purifier = new HTMLPurifier();
+	$message = $purifier->purify($message);
 
     // Any errors?
     if (count($hesk_error_buffer)) {

admin/show_tickets.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

build.php

@@ -1,4 +1,4 @@
 <?php
 
 // Define the current build
-define('MODS_FOR_HESK_BUILD', 30);
+define('MODS_FOR_HESK_BUILD', 31);

change_status.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

download_attachment.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

hesk_javascript.js

@@ -1,6 +1,6 @@
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/admin_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -386,13 +386,16 @@ function hesk_autoLogin($noredirect = 0)
 
     /* Login cookies exist, now lets limit brute force attempts */
     hesk_limitBfAttempts();
+	
+	// Admin login URL
+	$url = $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/index.php?a=login&notice=1';
 
     /* Check username */
     $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
     if (hesk_dbNumRows($result) != 1) {
         setcookie('hesk_username', '');
         setcookie('hesk_p', '');
-        header('Location: index.php?a=login&notice=1');
+        header('Location: '.$url);
         exit();
     }
 
@@ -402,7 +405,7 @@ function hesk_autoLogin($noredirect = 0)
     if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
         setcookie('hesk_username', '');
         setcookie('hesk_p', '');
-        header('Location: index.php?a=login&notice=1');
+        header('Location: '.$url);
         exit();
     }
 
@@ -485,6 +488,9 @@ function hesk_isLoggedIn()
 
     $referer = hesk_input($_SERVER['REQUEST_URI']);
     $referer = str_replace('&amp;', '&', $referer);
+	
+	// Admin login URL
+	$url = $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/index.php?a=login&notice=1&goto='.urlencode($referer);
 
     if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
         if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
@@ -498,7 +504,6 @@ function hesk_isLoggedIn()
         }
 
         hesk_session_stop();
-        $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
         header('Location: ' . $url);
         exit();
     } else {
@@ -510,7 +515,6 @@ function hesk_isLoggedIn()
         // Exit if user not found
         if (hesk_dbNumRows($res) != 1) {
             hesk_session_stop();
-            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
             header('Location: ' . $url);
             exit();
         }
@@ -521,7 +525,6 @@ function hesk_isLoggedIn()
         // Verify this session is still valid
         if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
             hesk_session_stop();
-            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
             header('Location: ' . $url);
             exit();
         }
@@ -582,8 +585,11 @@ function hesk_verifyGoto()
         'admin_ticket.php' => '',
         'archive.php' => '',
         'assign_owner.php' => '',
+		'banned_emails.php' => '',
+		'banned_ips.php' => '',
         'change_status.php' => '',
         'edit_post.php' => '',
+		'email_templates.php' => '',
         'export.php' => '',
         'find_tickets.php' => '',
         'generate_spam_question.php' => '',
@@ -593,10 +599,12 @@ function hesk_verifyGoto()
         'manage_canned.php' => '',
         'manage_categories.php' => '',
         'manage_knowledgebase.php' => '',
+		'manage_ticket_templates.php' => '',
         'manage_users.php' => '',
         'new_ticket.php' => '',
         'profile.php' => '',
         'reports.php' => '',
+		'service_messages.php' => '',
         'show_tickets.php' => '',
     );
 

inc/attachments.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/common.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -38,6 +38,7 @@ if (!defined('IN_SCRIPT')) {
 // Set correct Content-Type header
 if (!defined('NO_HTTP_HEADER')) {
     header('Content-Type: text/html; charset=utf-8');
+	header('X-Frame-Options: SAMEORIGIN');
 }
 
 // Set backslash options
@@ -461,17 +462,23 @@ function hesk_autoAssignTicket($ticket_category)
 } // END hesk_autoAssignTicket()
 
 
-function hesk_cleanID($field = 'track')
+function hesk_cleanID($field = 'track', $in=false)
 {
-    if ( isset($_SESSION[$field]) ) {
-        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_SESSION[$field])), 0, 12);
+	$id = '';
+	
+	if ($in !== false){
+		$id = $in;
+	} elseif (isset($_SESSION[$field])) {
+		$id = $_SESSION[$field];
     } elseif ( isset($_GET[$field]) && ! is_array($_GET[$field]) ) {
-        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_GET[$field])), 0, 12);
+        $id = $_GET[$field];
     } elseif (isset($_POST[$field]) && !is_array($_POST[$field])) {
-        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_POST[$field])), 0, 12);
+		$id = $_POST[$field];
     } else {
         return false;
     }
+	
+	return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($id)), 0, 12);
 
 } // END hesk_cleanID()
 

inc/email_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/header.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/headerAdmin.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/knowledgebase_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/pipe_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/posting_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/print_tickets.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/profile_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/show_admin_nav.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/show_search_form.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/status_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

inc/ticket_list.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

index.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

install/install.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************

install/install_functions.inc.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -37,8 +37,8 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 
 // We will be installing this HESK version:
 define('HESK_NEW_VERSION','2.6.7');
-define('MODS_FOR_HESK_NEW_VERSION','2.6.3');
-define('REQUIRE_PHP_VERSION','5.0.0');
+define('MODS_FOR_HESK_NEW_VERSION','2.6.4');
+define('REQUIRE_PHP_VERSION','5.3.0');
 define('REQUIRE_MYSQL_VERSION','5.0.7');
 
 // Other required files and settings

install/mods-for-hesk/ajax/install-database-ajax.php

@@ -66,6 +66,8 @@ if ($version == 2) {
     execute262Scripts();
 } elseif ($version == 30) {
     execute263Scripts();
+} elseif ($version == 31) {
+    execute264Scripts();
 } else {
     $response = 'The version "' . $version . '" was not recognized. Check the value submitted and try again.';
     print $response;

install/mods-for-hesk/installModsForHesk.php

@@ -39,6 +39,7 @@ $buildToVersionMap = array(
     28 => '2.6.1',
     29 => '2.6.2',
     30 => '2.6.3',
+    31 => '2.6.4',
 );
 
 function echoInitialVersionRows($version, $build_to_version_map)

install/mods-for-hesk/js/version-scripts.js

@@ -86,6 +86,9 @@ function processUpdates(startingVersion) {
     } else if (startingVersion < 30) {
         startVersionUpgrade('263');
         executeUpdate(30, '263', '2.6.3');
+    } else if (startingVersion < 31) {
+        startVersionUpgrade('264');
+        executeUpdate(31, '264', '2.6.4');
     } else {
         installationFinished();
     }

install/mods-for-hesk/modsForHesk.php

@@ -117,6 +117,7 @@ hesk_dbConnect();
                                     <div class="col-md-8">
                                         <select name="current-version" class="form-control">
                                             <optgroup label="Mods for HESK 2">
+                                                <option value="30">2.6.3</option>
                                                 <option value="29">2.6.2</option>
                                                 <option value="28">2.6.1</option>
                                                 <option value="27">2.6.0</option>

install/mods-for-hesk/sql/installSql.php

@@ -814,6 +814,14 @@ function execute263Scripts() {
     updateVersion('2.6.3');
 }
 
+// Version 2.6.4
+function execute264Scripts() {
+    global $hesk_settings;
+    hesk_dbConnect();
+
+    updateVersion('2.6.4');
+}
+
 function execute270Scripts() {
     global $hesk_settings;
     hesk_dbConnect();

knowledgebase.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

print.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

reply_ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

submit_ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

suggest_articles.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

suggest_email.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************

ticket.php

@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -79,7 +79,7 @@ if ( isset($_GET['track']) || isset($_GET['e']) || isset($_GET['f']) || isset($_
 $is_form = hesk_SESSION('t_form');
 
 /* Get the tracking ID */
-$trackingID = hesk_SESSION('t_track');
+$trackingID = hesk_cleanID('', hesk_SESSION('t_track'));
 
 /* Email required to view ticket? */
 $my_email = hesk_getCustomerEmail(1, 't_email');
@@ -275,11 +275,14 @@ if (!$show['show']) {
                         $status = hesk_dbFetchAssoc($statusRS);
                         $isClosable = $status['Closable'] == 'yes' || $status['Closable'] == 'conly';
                         $random = rand(10000, 99999);
-                        if ($ticket['isClosed'] == true && $ticket['locked'] != 1 && $hesk_settings['custopen']) {
-                            echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=2&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['open_action'] . '">' . $hesklang['open_action'] . '</a>';
-                        } elseif ($hesk_settings['custclose'] && $isClosable) {
-                            echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
-                        } ?></p>
+                        if (!$ticket['locked']) {
+                            if ($ticket['isClosed'] == true && $hesk_settings['custopen']) {
+                                echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=2&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['open_action'] . '">' . $hesklang['open_action'] . '</a>';
+                            } elseif ($hesk_settings['custclose'] && $isClosable) {
+                                echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
+                            }
+                        }
+                        ?></p>
                 </div>
             </div>
             <div class="row medLowPriority">