diff --git a/admin/edit_post.php b/admin/edit_post.php
index 7e0f36a0..9385c09c 100644
--- a/admin/edit_post.php
+++ b/admin/edit_post.php
@@ -56,6 +56,10 @@ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['n
$is_reply = 0;
$tmpvar = array();
+if (!isset($_SESSION['iserror'])) {
+ $_SESSION['iserror'] = array();
+}
+
/* Get ticket info */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
@@ -111,13 +115,29 @@ if (isset($_POST['save'])) {
$tmpvar['html'] = hesk_POST('html');
- hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
+ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'");
} else {
$tmpvar['language'] = hesk_POST('customerLanguage');
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
- $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
+
+ if ($hesk_settings['require_email']) {
+ $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+ } else {
+ $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+ // Not required, but must be valid if it is entered
+ if ($tmpvar['email'] == '') {
+ if (strlen(hesk_POST('email'))) {
+ $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+ }
+ }
+ }
+
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
- $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
+ $tmpvar['message'] = hesk_input( hesk_POST('message') );
+ if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+ $hesk_error_buffer[] = $hesklang['enter_message'];
+ }
$tmpvar['html'] = hesk_POST('html');
// Demo mode
@@ -125,6 +145,74 @@ if (isset($_POST['save'])) {
$tmpvar['email'] = 'hidden@demo.com';
}
+ // Custom fields
+ foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+ if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
+ if ($v['type'] == 'checkbox') {
+ $tmpvar[$k]='';
+
+ if (isset($_POST[$k]) && is_array($_POST[$k])) {
+ foreach ($_POST[$k] as $myCB) {
+ $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
';;
+ }
+ $tmpvar[$k]=substr($tmpvar[$k],0,-6);
+ } else {
+ if ($v['req'] == 2) {
+ $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+ }
+ $_POST[$k] = '';
+ }
+ } elseif ($v['type'] == 'date') {
+ $tmpvar[$k] = hesk_POST($k);
+ $_SESSION["as_$k"] = '';
+
+ if (preg_match("/^[0-9]{2}\/[0-9]{2}\/[0-9]{4}$/", $tmpvar[$k])) {
+ $date = strtotime($tmpvar[$k] . ' t00:00:00');
+ $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+ $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
+
+ $_SESSION["as_$k"] = $tmpvar[$k];
+
+ if ($dmin && $dmin > $date) {
+ $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+ } elseif ($dmax && $dmax < $date) {
+ $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+ } else {
+ $tmpvar[$k] = $date;
+ }
+ } else {
+ if ($v['req'] == 2) {
+ $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+ }
+ }
+ } elseif ($v['type'] == 'email') {
+ $tmp = $hesk_settings['multi_eml'];
+ $hesk_settings['multi_eml'] = $v['value']['multiple'];
+ $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+ $hesk_settings['multi_eml'] = $tmp;
+
+ if ($tmpvar[$k] != '') {
+ $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
+ } else {
+ $_SESSION["as_$k"] = '';
+
+ if ($v['req'] == 2) {
+ $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+ }
+ }
+ } elseif ($v['req'] == 2) {
+ $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+ if ($tmpvar[$k] == '') {
+ $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+ }
+ } else {
+ $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
+ }
+ } else {
+ $tmpvar[$k] = '';
+ }
+ }
+
if (count($hesk_error_buffer)) {
$myerror = '