Browse Source

#88 Remove attachments to notes feature

merge-requests/2/head
Mike Koch 7 years ago
parent
commit
e56bde8e2d
  1. 1
      .gitignore
  2. 134
      admin/admin_ticket.php
  3. 174
      download_attachment.php
  4. 13
      install/updateTo1-7-0.php
  5. 19
      install/updateTo2-0-0.php
  6. 2
      language/en/text.php

1
.gitignore

@ -11,6 +11,7 @@ docs/docs_style.css
docs/index.html
docs/quick-guide.html
docs/step-by-step-guide.html
download_attachment.php
file_limits.php
footer.txt
header.txt

134
admin/admin_ticket.php

@ -39,7 +39,6 @@ define('HESK_PATH','../');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/posting_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -239,31 +238,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
{
/* Add note to database */
$msg = nl2br(hesk_makeURL($msg));
hesk_dbInsertID();
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."')");
$noteId = hesk_dbInsertID();
/* Upload attachments to database */
if ($hesk_settings['attachments']['use'])
{
require(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
{
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att))
{
$attachments[$i] = $att;
}
}
}
if ($hesk_settings['attachments']['use'] && !empty($attachments))
{
foreach ($attachments as $myatt)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`note_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($noteId)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
}
}
/* Notify assigned staff that a note has been added if needed */
@ -427,45 +402,6 @@ if (isset($_GET['delatt']) && hesk_token_check())
hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Delete note attachment option */
if (isset($_GET['delete-note-att']) && hesk_token_check()) {
if ( ! $can_delete || ! $can_edit)
{
hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$att_id = intval( hesk_GET('delete-note-att') ) or hesk_error($hesklang['inv_att_id']);
$reply = intval( hesk_GET('reply', 0) );
if ($reply < 1)
{
$reply = 0;
}
/* Get attachment info */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$att = hesk_dbFetchAssoc($res);
/* Is note ID valid for this attachment? */
if (!isset($_GET['note_id']) || $att['note_id'] != $_GET['note_id'])
{
hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
/* Delete file from server */
hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']);
/* Delete attachment from database */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'");
hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
if (isset($_POST['note_message'])) {
$n = $_POST['note_id'];
if ($can_del_notes)
@ -911,31 +847,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
<?php }?>
<p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
<div class="row" style="margin-top: 23px;">
<div class="col-md-7">
<p id="note-<?php echo $note['id']; ?>-p"><?php echo $note['message']; ?></p>
<form style="display: none" id="note-<?php echo $note['id']; ?>-form" role="form" method="post"
action="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;token=<?php hesk_token_echo(); ?>">
<textarea style="margin-bottom: 5px;" class="form-control" id="note-<?php echo $note['id']; ?>-textarea" name="note_message"><?php echo $note['message']; ?></textarea>
<input type="hidden" name="note_id" value="<?php echo $note['id']; ?>">
<button style="margin-bottom: 5px;" class="btn btn-success btn-sm" type="submit"><i class="fa fa-check"></i> <?php echo $hesklang['save']; ?></button>
<a style="margin-bottom: 5px;" class="btn btn-danger btn-sm" href="javascript:void(0)" onclick="toggleNote(<?php echo $note['id']; ?>, false)">
<i class="fa fa-times"></i> <?php echo $hesklang['cancel']; ?>
</a>
</form>
</div>
<div class="col-md-4">
<?php
$noteAttachmentRS = hesk_dbQuery("SELECT `att_id`, `real_name`, `note_id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `note_id` = ".intval($note['id']));
while ($noteAttachment = hesk_dbFetchAssoc($noteAttachmentRS)) {
echo '<a href="admin_ticket.php?delete-note-att='.$noteAttachment['att_id'].'&amp;note_id='.$noteAttachment['note_id'].'&amp;track='.$trackingID.'&amp;'.$tmp.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times" style="color: #FF0000"></i></a>
<a href="../download_attachment.php?att_id='.$noteAttachment['att_id'].'&amp;note='.$noteAttachment['note_id'].'"><i class="fa fa-paperclip"></i></a>
<a href="../download_attachment.php?att_id='.$noteAttachment['att_id'].'&amp;note='.$noteAttachment['note_id'].'">'.$noteAttachment['real_name'].'</a><br />';
} ?>
</div>
</div>
<p id="note-<?php echo $note['id']; ?>-p"><?php echo $note['message']; ?></p>
<form style="display: none" id="note-<?php echo $note['id']; ?>-form" role="form" method="post"
action="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;token=<?php hesk_token_echo(); ?>">
<textarea style="margin-bottom: 5px;" class="form-control" id="note-<?php echo $note['id']; ?>-textarea" name="note_message"><?php echo $note['message']; ?></textarea>
<input type="hidden" name="note_id" value="<?php echo $note['id']; ?>">
<button style="margin-bottom: 5px;" class="btn btn-success btn-sm" type="submit"><i class="fa fa-check"></i> <?php echo $hesklang['save']; ?></button>
<a style="margin-bottom: 5px;" class="btn btn-danger btn-sm" href="javascript:void(0)" onclick="toggleNote(<?php echo $note['id']; ?>, false)">
<i class="fa fa-times"></i> <?php echo $hesklang['cancel']; ?>
</a>
</form>
<?php if ($note['number_of_edits'] > 0) { ?>
<p><i><?php echo sprintf($hesklang['note_last_edit'], hesk_date($note['edit_date'])); echo ' | '.sprintf($hesklang['total_number_of_edits'], $note['number_of_edits']); ?></i></p>
<?php } ?>
@ -946,6 +867,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-12">
<b><i><?php echo $hesklang['notes']; ?>: </i></b>
<?php
if ($can_reply)
{
@ -956,35 +878,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div id="notesform" style="display:none">
<form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;" enctype="multipart/form-data">
<div class="row" style="margin-bottom: 10px;">
<div class="col-md-7">
<h5><?php echo $hesklang['message']; ?></h5>
<div class="footerWithBorder" style="margin-bottom: 10px;"></div>
<textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea>
</div>
<div class="col-md-5">
<h5><?php echo $hesklang['attachments']; ?></h5>
<div class="footerWithBorder" style="margin-bottom: 10px;"></div>
<span style="display: none" id="number-of-file-dialogs">2</span>
<div id="files-for-notes">
<?php for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
{
echo '<input type="file" name="attachment['.$i.']" size="50" /><br />';
}
echo '<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>';
?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<i><?php echo $hesklang['nhid']; ?></i>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
</div>
</div>
<form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;">
<textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea><br />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<i><?php echo $hesklang['nhid']; ?></i>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
</form>
</div>
</div>

174
download_attachment.php

@ -1,174 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.3 from 16th March 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','./');
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
hesk_load_database_functions();
hesk_session_start();
// Knowledgebase attachments
if ( isset($_GET['kb_att']) )
{
// Attachment ID
$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is this person allowed access to this attachment?
$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
ON `t2`.`catid` = `t1`.`id`
WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
LIMIT 1");
// If no attachment found, throw an error
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (no_art)');
}
$row = hesk_dbFetchAssoc($res);
// Private or draft article or category?
if ($row['cat_type'] || $row['art_type'])
{
if ( empty($_SESSION['id']) )
{
// This is a staff-only attachment
hesk_error($hesklang['attpri']);
}
elseif ($row['art_type'] == 2)
{
// Need permission to manage KB to access draft attachments
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_checkPermission('can_man_kb');
}
}
}
// Ticket attachments
else
{
// Attachmend ID and ticket tracking ID
$att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
$type = '';
if (isset($_GET['track'])) {
$tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");
$type = 'ticket';
} elseif (isset($_GET['note'])) {
$tic_id = intval($_GET['note']) || die ("$hesklang[int_error]: $hesklang[no_noteID]");
$type = 'note';
}
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is ticket/note ID valid for this attachment?
if ($type == 'ticket' && $file['ticket_id'] != $tic_id)
{
hesk_error($hesklang['trackID_not_found']);
} elseif ($type == 'note' && $file['note_id'] != $tic_id)
{
hesk_error($hesklang['note_id_not_found']);
}
// Verify email address match if needed
if ( empty($_SESSION['id']) )
{
hesk_verifyEmailMatch($tic_id);
}
}
// Path of the file on the server
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];
// Perhaps the file has been deleted?
if ( ! file_exists($realpath))
{
hesk_error($hesklang['attdel']);
}
// Send the file as an attachment to prevent malicious code from executing
header("Pragma: "); # To fix a bug in IE when running https
header("Cache-Control: "); # To fix a bug in IE when running https
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $file['size']);
header('Content-Disposition: attachment; filename=' . $file['real_name']);
// For larger files use chunks, smaller ones can be read all at once
$chunksize = 1048576; // = 1024 * 1024 (1 Mb)
if ($file['size'] > $chunksize)
{
$handle = fopen($realpath, 'rb');
$buffer = '';
while ( ! feof($handle))
{
set_time_limit(300);
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
}
fclose($handle);
}
else
{
readfile($realpath);
}
exit();
?>

13
install/updateTo1-7-0.php

@ -90,16 +90,11 @@ if (!file_put_contents(HESK_PATH.'modsForHesk_settings.inc.php', $file))
<code>//-- Set this to 1 to enable email verification for new customers
$modsForHesk_settings[\'customer_email_verification_required\'] = 0;</code>
<br><br>
<p>Now you can delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>';
<p>After you have done this, <a href="updateTo2-0-0.php">click this link to continue installation</a></p>';
}
if ($updateSuccess) {
?>
<h1>Installation / Update complete!</h1>
<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
<?php } ?>
header('Location: updateTo2-0-0.php');
} ?>

19
install/updateTo2-0-0.php

@ -0,0 +1,19 @@
<?php
define('IN_SCRIPT',1);
define('HESK_PATH','../');
require(HESK_PATH . 'install/install_functions.inc.php');
require(HESK_PATH . 'hesk_settings.inc.php');
$updateSuccess = true;
hesk_dbConnect();
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` DROP COLUMN `note_id`");
if ($updateSuccess) {
?>
<h1>Installation / Update complete!</h1>
<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
<?php } ?>

2
language/en/text.php

@ -61,8 +61,6 @@ $hesklang['note_last_edit'] = 'Note last edited on: %s'; // %s: timestamp of las
$hesklang['total_number_of_edits'] = 'Total number of edits: %s'; // %s: total number of edits
$hesklang['add_row'] = 'Add row';
$hesklang['addnote'] = 'Add note';
$hesklang['no_noteID'] = 'No Note ID';
$hesklang['note_id_not_found'] = 'Note ID not found';
$hesklang['mods_for_hesk'] = 'Mods for HESK';
$hesklang['err_modsForHesk_settings'] = 'Can\'t open file <b>modsForHesk_settings.inc.php</b> for writing. Please CHMOD this file to 666 (rw-rw-rw-)';
$hesklang['mods_for_hesk_version'] = 'Mods for HESK Version';

Loading…
Cancel
Save