diff --git a/.gitignore b/.gitignore
index 769f689f..05965a6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -268,6 +268,5 @@ language/index.htm
print_sec_img.php
rate.php
readme.html
-reply_ticket.php
robots.txt
.idea/
diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index a62f9665..3f1916d0 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -539,7 +539,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+ $message = nl2br($message);
+}
+else
+{
+ $hesk_error_buffer[] = $hesklang['enter_message'];
+}
+
+/* Attachments */
+if ($hesk_settings['attachments']['use'])
+{
+ require(HESK_PATH . 'inc/attachments.inc.php');
+ $attachments = array();
+ for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
+ {
+ $att = hesk_uploadFile($i);
+ if ($att !== false && !empty($att))
+ {
+ $attachments[$i] = $att;
+ }
+ }
+}
+$myattachments='';
+
+/* Any errors? */
+if (count($hesk_error_buffer)!=0)
+{
+ $_SESSION['ticket_message'] = hesk_POST('message');
+
+ // If this was a reply after re-opening a ticket, force the form at the top
+ if ( hesk_POST('reopen') == 1)
+ {
+ $_SESSION['force_form_top'] = true;
+ }
+
+ // Remove any successfully uploaded attachments
+ if ($hesk_settings['attachments']['use'])
+ {
+ hesk_removeAttachments($attachments);
+ }
+
+ $tmp = '';
+ foreach ($hesk_error_buffer as $error)
+ {
+ $tmp .= "
$error\n";
+ }
+ $hesk_error_buffer = $tmp;
+
+ $hesk_error_buffer = $hesklang['pcer'].'
';
+ hesk_process_messages($hesk_error_buffer,'ticket.php?track='.$trackingID.$hesk_settings['e_param'].'&Refresh='.rand(10000,99999));
+}
+
+/* Connect to database */
+hesk_dbConnect();
+
+/* Get details about the original ticket */
+$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='{$trackingID}' LIMIT 1");
+if (hesk_dbNumRows($res) != 1)
+{
+ hesk_error($hesklang['ticket_not_found']);
+}
+$ticket = hesk_dbFetchAssoc($res);
+
+/* If we require e-mail to view tickets check if it matches the one in database */
+hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
+
+/* Ticket locked? */
+if ($ticket['locked'])
+{
+ hesk_process_messages($hesklang['tislock2'],'ticket.php?track='.$trackingID.$hesk_settings['e_param'].'&Refresh='.rand(10000,99999));
+ exit();
+}
+
+/* Insert attachments */
+if ($hesk_settings['attachments']['use'] && !empty($attachments))
+{
+ foreach ($attachments as $myatt)
+ {
+ hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
+ $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
+ }
+}
+
+// If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.
+$customerReplyStatusQuery = 'SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsCustomerReplyStatus` = 1';
+$defaultNewTicketStatusQuery = 'SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsNewTicketStatus` = 1';
+$newStatus = hesk_dbQuery($customerReplyStatusQuery)->fetch_assoc();
+$defaultNewTicketStatus = hesk_dbQuery($defaultNewTicketStatusQuery)->fetch_assoc();
+
+$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
+
+/* Update ticket as necessary */
+$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
+
+// Insert reply into database
+hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ({$ticket['id']},'".hesk_dbEscape($ticket['name'])."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."')");
+
+
+/*** Need to notify any staff? ***/
+
+// --> Prepare reply message
+
+// 1. Generate the array with ticket info that can be used in emails
+$info = array(
+'email' => $ticket['email'],
+'category' => $ticket['category'],
+'priority' => $ticket['priority'],
+'owner' => $ticket['owner'],
+'trackid' => $ticket['trackid'],
+'status' => $ticket['status'],
+'name' => $ticket['name'],
+'lastreplier' => $ticket['name'],
+'subject' => $ticket['subject'],
+'message' => stripslashes($message),
+'attachments' => $myattachments,
+'dt' => hesk_date($ticket['dt']),
+'lastchange' => hesk_date($ticket['lastchange']),
+);
+
+// 2. Add custom fields to the array
+foreach ($hesk_settings['custom_fields'] as $k => $v)
+{
+ $info[$k] = $v['use'] ? $ticket[$k] : '';
+}
+
+// 3. Make sure all values are properly formatted for email
+$ticket = hesk_ticketToPlain($info, 1, 0);
+
+// --> If ticket is assigned just notify the owner
+if ($ticket['owner'])
+{
+ hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
+}
+// --> No owner assigned, find and notify appropriate staff
+else
+{
+ hesk_notifyStaff('new_reply_by_customer',"`notify_reply_unassigned`='1'");
+}
+
+/* Clear unneeded session variables */
+hesk_cleanSessionVars('ticket_message');
+
+/* Show the ticket and the success message */
+hesk_process_messages($hesklang['reply_submitted_success'],'ticket.php?track='.$trackingID.$hesk_settings['e_param'].'&Refresh='.rand(10000,99999),'SUCCESS');
+exit();
+?>