Browse Source

#255 Update code for 2.6.3

merge-requests/2/head
Mike Koch 7 years ago
parent
commit
139853e0d4
  1. 6
      admin/admin_reply_ticket.php
  2. 4
      admin/admin_ticket.php
  3. 4
      admin/index.php
  4. 12
      admin/mail.php
  5. 5
      admin/manage_canned.php
  6. 21
      admin/profile.php
  7. 43
      change_status.php
  8. 92
      inc/admin_functions.inc.php
  9. 6
      inc/common.inc.php
  10. 15
      inc/knowledgebase_functions.inc.php
  11. 26
      inc/posting_functions.inc.php
  12. 6
      language/en/text.php
  13. 29
      submit_ticket.php
  14. 6
      ticket.php

6
admin/admin_reply_ticket.php

@ -288,6 +288,12 @@ elseif ($submit_as_customer)
$customerReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsCustomerReplyStatus` = 1 LIMIT 1');
$customerReplyStatus = hesk_dbFetchAssoc($customerReplyStatusRs);
$new_status = $customerReplyStatus['ID'];
if ($ticket['status'] != $new_status)
{
$revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang['wait_reply'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
}
// -> Default: submit as "Replied by staff"
else

4
admin/admin_ticket.php

@ -2110,8 +2110,12 @@ function hesk_printCanned()
return true;
}
myMsg = myMsg.replace(/%%HESK_ID%%/g, '<?php echo hesk_jsString($ticket['id']); ?>');
myMsg = myMsg.replace(/%%HESK_TRACKID%%/g, '<?php echo hesk_jsString($ticket['trackid']); ?>');
myMsg = myMsg.replace(/%%HESK_TRACK_ID%%/g, '<?php echo hesk_jsString($ticket['trackid']); ?>');
myMsg = myMsg.replace(/%%HESK_NAME%%/g, '<?php echo hesk_jsString($ticket['name']); ?>');
myMsg = myMsg.replace(/%%HESK_EMAIL%%/g, '<?php echo hesk_jsString($ticket['email']); ?>');
myMsg = myMsg.replace(/%%HESK_OWNER%%/g, '<?php echo hesk_jsString( isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : ''); ?>');
myMsg = myMsg.replace(/%%HESK_custom1%%/g, '<?php echo hesk_jsString($ticket['custom1']); ?>');
myMsg = myMsg.replace(/%%HESK_custom2%%/g, '<?php echo hesk_jsString($ticket['custom2']); ?>');
myMsg = myMsg.replace(/%%HESK_custom3%%/g, '<?php echo hesk_jsString($ticket['custom3']); ?>');

4
admin/index.php

@ -217,6 +217,10 @@ function do_login()
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);

12
admin/mail.php

@ -328,6 +328,12 @@ function mail_send()
/* Message */
$_SESSION['mail']['message'] = hesk_input( hesk_POST('message') ) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
// Attach signature to the message?
if ( ! empty($_POST['signature']))
{
$_SESSION['mail']['message'] .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
}
/* Any errors? */
if (strlen($hesk_error_buffer))
{
@ -711,6 +717,12 @@ function show_new_form()
echo stripslashes($_SESSION['mail']['message']);
}
?></textarea>
<div class="checkbox">
<label>
<input type="checkbox" name="signature" value="1" checked>
<?php echo $hesklang['attach_sign']; ?>
</label> (<a href="profile.php"><?php echo $hesklang['profile_settings']; ?></a>)
</div>
</div>
</div>
<div class="form-group">

5
admin/manage_canned.php

@ -278,8 +278,11 @@ myField.value += myValue;
}
?></textarea>
<?php echo $hesklang['insert_special']; ?>:
<a href="javascript:void(0)" onclick="hesk_insertTag('HESK_ID')"><?php echo $hesklang['seqid']; ?></a> |
<a href="javascript:void(0)" onclick="hesk_insertTag('HESK_TRACK_ID')"><?php echo $hesklang['trackID']; ?></a> |
<a href="javascript:void(0)" onclick="hesk_insertTag('HESK_NAME')"><?php echo $hesklang['name']; ?></a> |
<a href="javascript:void(0)" onclick="hesk_insertTag('HESK_EMAIL')"><?php echo $hesklang['email']; ?></a>
<a href="javascript:void(0)" onclick="hesk_insertTag('HESK_EMAIL')"><?php echo $hesklang['email']; ?></a> |
<a href="javascript:void(0)" onclick="hesk_insertTag('HESK_OWNER')"><?php echo $hesklang['owner']; ?></a>
<?php
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{

21
admin/profile.php

@ -239,12 +239,12 @@ function update_profile() {
}
else
{
$v = hesk_Pass2Hash($newpass);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079')
$newpass_hash = hesk_Pass2Hash($newpass);
if ($newpass_hash == '499d74967b28a841c98bb4baaabaad699ff3c079')
{
define('WARN_PASSWORD',true);
}
$sql_pass = ',`pass`=\''.$v.'\'';
$sql_pass = ',`pass`=\''.$newpass_hash.'\'';
}
}
}
@ -314,6 +314,21 @@ function update_profile() {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
// Do we need a new session_verify tag?
if ( strlen($sql_username) && strlen($sql_pass) )
{
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], $newpass_hash);
}
elseif ( strlen($sql_pass) )
{
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $newpass_hash);
}
elseif ( strlen($sql_username) )
{
$res = hesk_dbQuery('SELECT `pass` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res) );
}
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v)
{

43
change_status.php

@ -53,12 +53,18 @@ $trackingID = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]
// Get new status
$status = intval( hesk_GET('s', 0) );
$oldStatus = $status;
$locked = 0;
// Connect to database
hesk_dbConnect();
// Get the close status. It'll be used later on
$statusRes = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsClosedByClient` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$closedStatus = $statusRow['ID'];
if ($status == 3) // Closed
{
// Is customer closing tickets enabled?
@ -66,11 +72,7 @@ if ($status == 3) // Closed
{
hesk_error($hesklang['attempt']);
}
//-- They want to close the ticket, so get the status that is the default for client-side closes
$statusRow = hesk_dbFetchAssoc(hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsClosedByClient` = 1'));
$status = $statusRow['ID'];
$status = $closedStatus;
$action = $hesklang['closed'];
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['customer']);
@ -90,6 +92,11 @@ elseif ($status == 2) // Opened
hesk_error($hesklang['attempt']);
}
//-- They want to close the ticket, so get the status that is the default for client-side closes
$statusRes = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$status = $statusRow['ID'];
$action = $hesklang['opened'];
$revision = sprintf($hesklang['thist4'],hesk_date(),$hesklang['customer']);
@ -110,6 +117,30 @@ hesk_dbConnect();
// Verify email address match if needed
hesk_verifyEmailMatch($trackingID);
// Lets make status assignment a bit smarter when reopening tickets
if ($oldStatus == 2)
{
// Get number of replies and last replier (customer or staff)
$ticket = hesk_dbFetchAssoc( hesk_dbQuery( "SELECT `staffreplies`, `lastreplier` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1") );
// If ticket has no staff replies set the status to "New"
if ($ticket['staffreplies'] < 1)
{
$statusRes = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsNewTicketStatus` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$status = $statusRow['ID'];
}
// If last reply was by customer set status to "Waiting reply from staff"
elseif ($ticket['lastreplier'] == 0)
{
$statusRes = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsCustomerReplyStatus` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$status = $statusRow['ID'];
}
// If nothing matches: last reply was from staff, keep status "Waiting reply from customer"
}
// Modify values in the database
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND `locked` != '1' LIMIT 1");
@ -120,7 +151,7 @@ if (hesk_dbAffectedRows() != 1)
}
// Show success message
if ($status == 2)
if ($status != $closedStatus)
{
hesk_process_messages($hesklang['wrepo'],'ticket.php?track='.$trackingID.$hesk_settings['e_param'].'&Refresh='.rand(10000,99999),'NOTICE');
}

92
inc/admin_functions.inc.php

@ -368,6 +368,34 @@ function hesk_getHTML($in)
} // END hesk_getHTML()
function hesk_activeSessionValidate($username, $password_hash, $tag)
{
// Salt and hash need to be separated by a |
if ( ! strpos($tag, '|') )
{
return false;
}
// Get two parts of the tag
list($salt, $hash) = explode('|', $tag, 2);
// Make sure the hash matches existing username and password
if ($hash == sha1($salt . $username . $password_hash) )
{
return true;
}
return false;
} // hesk_activeSessionValidate
function hesk_activeSessionCreateTag($username, $password_hash)
{
$salt = uniqid(mt_rand(), true);
return $salt . '|' . sha1($salt . $username . $password_hash);
} // END hesk_activeSessionCreateTag()
function hesk_autoLogin($noredirect=0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
@ -422,6 +450,10 @@ function hesk_autoLogin($noredirect=0)
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
@ -494,7 +526,7 @@ function hesk_isLoggedIn()
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&amp;','&',$referer);
if (empty($_SESSION['id']))
if ( empty($_SESSION['id']) || empty($_SESSION['session_verify']) )
{
if ($hesk_settings['autologin'] && hesk_autoLogin(1) )
{
@ -508,6 +540,7 @@ function hesk_isLoggedIn()
return true;
}
hesk_session_stop();
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
@ -516,32 +549,41 @@ function hesk_isLoggedIn()
{
hesk_session_regenerate_id();
// Need to update permissions?
if ( empty($_SESSION['isadmin']) )
// Let's make sure access data is up-to-date
$res = hesk_dbQuery( "SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1" );
// Exit if user not found
if (hesk_dbNumRows($res) != 1)
{
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$me = hesk_dbFetchAssoc($res);
foreach ($me as $k => $v)
{
$_SESSION[$k]=$v;
}
hesk_session_stop();
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
// Get allowed categories
if (empty($_SESSION['isadmin']) )
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
}
else
{
hesk_session_stop();
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
}
// Fetch results from database
$me = hesk_dbFetchAssoc($res);
// Verify this session is still valid
if ( ! hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify']) )
{
hesk_session_stop();
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
// Update session variables as needed
if ($me['isadmin'] == 1)
{
$_SESSION['isadmin'] = 1;
}
else
{
$_SESSION['isadmin'] = 0;
$_SESSION['categories'] = explode(',', $me['categories']);
$_SESSION['heskprivileges'] = $me['heskprivileges'];
}
// Users online
if ($hesk_settings['online'])

6
inc/common.inc.php

@ -1259,7 +1259,7 @@ function hesk_makeURL($text, $class = '', $shortenLinks = true)
// matches a xxxx://aaaaa.bbb.cccc. ...
$text = preg_replace_callback(
'#(^|[\n\t (>.])([a-z][a-z\d+]*:/{2}(?:(?:[a-z0-9\-._~!$&\'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[a-z0-9\-._~!$&\'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&\'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&\'(*+,;=:@/?|]+|%[\dA-F]{2})*)?)#i',
'#(^|[\n\t (>.])(' . "[a-z][a-z\d+]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?" . ')#iu',
create_function(
"\$matches",
"return make_clickable_callback(MAGIC_URL_FULL, \$matches[1], \$matches[2], '', '$class', '$shortenLinks');"
@ -1269,7 +1269,7 @@ function hesk_makeURL($text, $class = '', $shortenLinks = true)
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
$text = preg_replace_callback(
'#(^|[\n\t (>.])(www\.(?:[a-z0-9\-._~!$&\'(*+,;=:@|]+|%[\dA-F]{2})+(?::\d*)?(?:/(?:[a-z0-9\-._~!$&\'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&\'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&\'(*+,;=:@/?|]+|%[\dA-F]{2})*)?)#i',
'#(^|[\n\t (>])(' . "www\.(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?" . ')#iu',
create_function(
"\$matches",
"return make_clickable_callback(MAGIC_URL_WWW, \$matches[1], \$matches[2], '', '$class', '$shortenLinks');"
@ -1279,7 +1279,7 @@ function hesk_makeURL($text, $class = '', $shortenLinks = true)
// matches an email address
$text = preg_replace_callback(
'/(^|[\n\t (>])(' . '(?:(?:(?:[^@,"\[\]\x5c\x00-\x20\x7f-\xff\.]|\x5c(?=[@,"\[\]\x5c\x00-\x20\x7f-\xff]))(?:[^@,"\[\]\x5c\x00-\x20\x7f-\xff\.]|(?<=\x5c)[@,"\[\]\x5c\x00-\x20\x7f-\xff]|\x5c(?=[@,"\[\]\x5c\x00-\x20\x7f-\xff])|\.(?=[^\.])){1,62}(?:[^@,"\[\]\x5c\x00-\x20\x7f-\xff\.]|(?<=\x5c)[@,"\[\]\x5c\x00-\x20\x7f-\xff])|[^@,"\[\]\x5c\x00-\x20\x7f-\xff\.]{1,2})|"(?:[^"]|(?<=\x5c)"){1,62}")@(?:(?!.{64})(?:[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]\.?|[a-zA-Z0-9]\.?)+\.(?:xn--[a-zA-Z0-9]+|[a-zA-Z]{2,6})|\[(?:[0-1]?\d?\d|2[0-4]\d|25[0-5])(?:\.(?:[0-1]?\d?\d|2[0-4]\d|25[0-5])){3}\])' . ')/iu',
'/(^|[\n\t (>])(' . '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+)@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)' . ')/iu',
create_function(
"\$matches",
"return make_clickable_callback(MAGIC_URL_EMAIL, \$matches[1], \$matches[2], '', '$class', '$shortenLinks');"

15
inc/knowledgebase_functions.inc.php

@ -270,13 +270,20 @@ function hesk_kbSearchLarge($admin = '')
{
global $hesk_settings, $hesklang;
if ($hesk_settings['kb_search'] != 2)
{
$action = 'knowledgebase.php';
if ($admin)
{
if ( ! $hesk_settings['kb_search'])
{
return '';
}
$action = 'knowledgebase_private.php';
}
elseif ($hesk_settings['kb_search'] != 2)
{
return '';
}
$action = $admin ? 'knowledgebase_private.php' : 'knowledgebase.php';
?>
<div style="text-align:center">

26
inc/posting_functions.inc.php

@ -176,18 +176,34 @@ function hesk_newTicket($ticket, $isVerified = true)
function hesk_cleanFileName($filename)
{
$filename = str_replace( array( '%20', '+' ), '-', $filename );
$parts = pathinfo($filename);
if ( isset($parts['filename']) )
{
$filename = $parts['filename'];
}
// PHP < 5.2 needs special care
elseif ( version_compare(PHP_VERSION, '5.2','<') )
{
$filename = rtrim( str_ireplace($parts['extension'], '', $filename), '.');
}
else
{
$filename = '';
}
$filename = str_replace( array( '%20', '+' ), '-', $filename );
$filename = preg_replace('/[\s-]+/', '-', $filename);
$filename = remove_accents($filename);
$filename = preg_replace('/[^A-Za-z0-9\.\-_]/','', $filename);
$filename = trim($filename, '.-_');
$filename = trim($filename, '-_');
if ( strlen($filename) < 1 )
if ( strlen($filename) < 1 || strpos($filename, '.') === 0 )
{
$filename = mt_rand(10000,99999);
$filename = mt_rand(10000,99999) . $filename;
}
return $filename;
return $filename . '.' . $parts['extension'];
} // END hesk_cleanFileName()

6
language/en/text.php

@ -2,7 +2,7 @@
/*
* Language file for Help Desk Software HESK (www.hesk.com)
* Language: ENGLISH
* Version: 2.6.1
* Version: 2.6.3
* Author: Klemen Stirn (http://www.hesk.com)
*
* !!! This file must be saved in UTF-8 encoding without byte order mark (BOM) !!!
@ -865,7 +865,7 @@ $hesklang['nhid']='Notes are hidden from customers!';
$hesklang['delt']='Delete this post';
$hesklang['edtt']='Edit post';
$hesklang['edt1']='Post modified';
$hesklang['edt2']='Changes to the selecting post have been saved';
$hesklang['edt2']='Changes to the selected post have been saved';
$hesklang['dele']='Delete this ticket';
$hesklang['repd']='Post deleted';
$hesklang['repl']='Selected post has been deleted';
@ -1098,7 +1098,7 @@ $hesklang['nwts']='A new ticket is submitted with owner:';
$hesklang['ncrt']='Client responds to a ticket with owner:';
$hesklang['ntam']='A ticket is assigned to me';
$hesklang['npms']='A private message is sent to me';
$hesklang['support_remove']='A lot of time and effort went into developing HESK. Support HESK, buy a license that will also remove the credits links <i>Powered by Help Desk Software HESK</i> from your helpdesk';
$hesklang['support_remove']='A lot of time and effort went into developing HESK. Support HESK by purchasing a license that will remove the credits links <i>Powered by Help Desk Software HESK</i> from your helpdesk';
$hesklang['ycvtao']='You are not allowed to view tickets assigned to others';
$hesklang['password_not_valid']='Password must be at least 5 chars long';
$hesklang['lkbs']='Loading knowledgebase suggestions...';

29
submit_ticket.php

@ -188,15 +188,30 @@ $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_er
if ($hesk_settings['confirm_email'])
{
$tmpvar['email2'] = hesk_input( hesk_POST('email2') ) or $hesk_error_buffer['email2']=$hesklang['confemail2'];
$tmpvar['email2'] = hesk_validateEmail( hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2']=$hesklang['confemail2'];
if (strlen($tmpvar['email2']) && ( strtolower($tmpvar['email']) != strtolower($tmpvar['email2']) ))
// Anything entered as email confirmation?
if ( strlen($tmpvar['email2']) )
{
$tmpvar['email2'] = '';
$_POST['email2'] = '';
$_SESSION['c_email2'] = '';
$_SESSION['isnotice'][] = 'email';
$hesk_error_buffer['email2']=$hesklang['confemaile'];
// Do we have multiple emails?
if ($hesk_settings['multi_eml'] && count( array_diff( explode(',', strtolower($tmpvar['email']) ), explode(',', strtolower($tmpvar['email2']) ) ) ) == 0)
{
$_SESSION['c_email2'] = $_POST['email2'];
}
// Single email address match
elseif ( ! $hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2']) )
{
$_SESSION['c_email2'] = $_POST['email2'];
}
else
{
// Invalid match
$tmpvar['email2'] = '';
$_POST['email2'] = '';
$_SESSION['c_email2'] = '';
$_SESSION['isnotice'][] = 'email';
$hesk_error_buffer['email2']=$hesklang['confemaile'];
}
}
else
{

6
ticket.php

@ -178,6 +178,12 @@ else
$ticket['repliername'] = $ticket['name'];
}
// If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown'])
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `ip` = '".hesk_dbEscape($_SERVER['REMOTE_ADDR'])."' WHERE `id`=".intval($ticket['id'])." LIMIT 1");
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");

Loading…
Cancel
Save