Update common

merge-requests/28/head
Mike Koch 8 years ago
parent 34cf3106d0
commit 76ea4caaa9

@ -38,7 +38,12 @@ if (!defined('IN_SCRIPT')) {
// Set correct Content-Type header
if (!defined('NO_HTTP_HEADER')) {
header('Content-Type: text/html; charset=utf-8');
header('X-Frame-Options: SAMEORIGIN');
// Don't allow HESK to be loaded in a frame on third party domains
if ($hesk_settings['x_frame_opt'])
{
header('X-Frame-Options: SAMEORIGIN');
}
}
// Set backslash options
@ -56,12 +61,47 @@ if (!defined('ENT_XHTML')) {
define('ENT_XHTML', 0);
}
// Is this is a SSL connection?
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
define('HESK_SSL', true);
// Use https-only cookies
@ini_set('session.cookie_secure', 1);
} else {
// Force redirect?
if ($hesk_settings['force_ssl']) {
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
define('HESK_SSL', false);
}
// Prevents javascript XSS attacks aimed to steal the session ID
@ini_set('session.cookie_httponly', 1);
// **PREVENTING SESSION FIXATION**
// Session ID cannot be passed through URLs
@ini_set('session.use_only_cookies', 1);
// Load language file
hesk_getLanguage();
/*** FUNCTIONS ***/
function hesk_setcookie($name, $value, $expire=0, $path=""){
if (HESK_SSL) {
setcookie($name, $value, $expire, $path, "", true, true);
} else {
setcookie($name, $value, $expire, $path, "", false, true);
}
return true;
} // END hesk_setcookie()
function hesk_service_message($sm)
{
$faIcon = $sm['icon'];
@ -145,6 +185,11 @@ function hesk_clean_utf8($in)
function hesk_load_database_functions()
{
// Already loaded?
if (function_exists('hesk_dbQuery')) {
return true;
}
// Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) {
require(HESK_PATH . 'inc/database_mysqli.inc.php');
@ -204,7 +249,11 @@ function hesk_utf8_urldecode($in)
function hesk_SESSION($in, $default = '')
{
return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
if (is_array($in)) {
return isset($_SESSION[$in[0]][$in[1]]) && ! is_array(isset($_SESSION[$in[0]][$in[1]])) ? $_SESSION[$in[0]][$in[1]] : $default;
} else {
return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
}
} // END hesk_SESSION();
@ -327,7 +376,7 @@ function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $e
/* Email doesn't match, clean cookies and error out */
if ($error) {
setcookie('hesk_myemail', '');
hesk_setcookie('hesk_myemail', '');
hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
} else {
return false;
@ -1105,7 +1154,7 @@ function hesk_getLanguage()
}
/* Remember and set the selected language */
setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
hesk_setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
return hesk_returnLanguage();
} // END hesk_getLanguage()
@ -1113,10 +1162,45 @@ function hesk_getLanguage()
function hesk_returnLanguage()
{
global $hesk_settings, $hesklang;
require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php');
$customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
if (file_exists($customLanguagePath)) {
include($customLanguagePath);
// Variable that will be set to true if a language file was loaded
$language_loaded = false;
// Load requested language file
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
}
// Requested language file not found, try to load default installed language
if (!$language_loaded && $hesk_settings['language'] != HESK_DEFAULT_LANGUAGE) {
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][HESK_DEFAULT_LANGUAGE]['folder'] . '/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
$hesk_settings['language'] = HESK_DEFAULT_LANGUAGE;
}
}
// Requested language file not found, can we at least load English?
if (!$language_loaded && $hesk_settings['language'] != 'English' && HESK_DEFAULT_LANGUAGE != 'English') {
$language_file = HESK_PATH . 'language/en/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
$hesk_settings['language'] = 'English';
}
}
// If a language is still not loaded, give up
if (!$language_loaded) {
die('Count not load a valid language file.');
}
// Load a custom text file if available
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
if (file_exists($language_file)) {
require($language_file);
}
return true;
} // END hesk_returnLanguage()

Loading…
Cancel
Save