Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch '544-hesk-2-7-3-update' into '3-0-6'

Browse Source 
Resolve "Update to HESK 2.7.3"

See merge request !53
This commit is contained in:
Mike Koch 2017-04-11 01:34:11 +00:00
commit e4c8d5b653
25 changed files with 372 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/admin_main.php
View File

@ -116,7 +116,7 @@ else {
F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P 29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
C9wPic7DQp9DQo=', "\112"); C9wPjxociAvPic7DQp9DQo=', "\112");
/* Clean unneeded session variables */ /* Clean unneeded session variables */
hesk_cleanSessionVars('hide'); hesk_cleanSessionVars('hide');

6
admin/admin_settings_save.php
View File

@ -758,6 +758,12 @@ if (!$pop3_OK) {
$tmp[] = '<span style="color:red; font-weight:bold">' . $hesklang['pop3e'] . ':</span> ' . $pop3_error . '<br /><br /><a href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay(\'pop3log\')">' . $hesklang['pop3log'] . '</a><div id="pop3log" style="display:none">&nbsp;<br /><textarea name="log" rows="10" cols="60">' . $pop3_log . '</textarea></div>'; $tmp[] = '<span style="color:red; font-weight:bold">' . $hesklang['pop3e'] . ':</span> ' . $pop3_error . '<br /><br /><a href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay(\'pop3log\')">' . $hesklang['pop3log'] . '</a><div id="pop3log" style="display:none">&nbsp;<br /><textarea name="log" rows="10" cols="60">' . $pop3_log . '</textarea></div>';
} }
// Clear the cache folder
hesk_purge_cache('kb');
hesk_purge_cache('cf');
hesk_purge_cache('export', 14400);
hesk_purge_cache('status');
// Show the settings page and display any notices or success // Show the settings page and display any notices or success
if (count($tmp)) { if (count($tmp)) {
$errors = implode('<br /><br />', $tmp); $errors = implode('<br /><br />', $tmp);

6
admin/admin_submit_ticket.php
View File

@ -123,9 +123,9 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v) {
$tmpvar[$k] = hesk_POST($k); $tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = ''; $_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) { if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00'); $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false; $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false; $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
$_SESSION["as_$k"] = $tmpvar[$k]; $_SESSION["as_$k"] = $tmpvar[$k];

2
admin/admin_ticket.php
View File

@ -1604,7 +1604,7 @@ function mfh_print_message() {
<br> <i class="fa fa-fw fa-globe" data-toggle="tooltip" title="<?php echo $hesklang['ip']; ?>"></i> <br> <i class="fa fa-fw fa-globe" data-toggle="tooltip" title="<?php echo $hesklang['ip']; ?>"></i>
<?php <?php
// Format IP for lookup // Format IP for lookup
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) { if ($ticket['ip'] == '' || $ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
echo $hesklang['unknown']; echo $hesklang['unknown'];
} else { } else {
echo '<a href="../ip_whois.php?ip=' . urlencode($ticket['ip']) . '">' . $ticket['ip'] . '</a>'; echo '<a href="../ip_whois.php?ip=' . urlencode($ticket['ip']) . '">' . $ticket['ip'] . '</a>';

2
admin/banned_emails.php
View File

@ -239,7 +239,7 @@ function ban_email()
hesk_token_check(); hesk_token_check();
// Get the email // Get the email
$email = strtolower(hesk_input(hesk_REQUEST('email'))); $email = hesk_emailCleanup(strtolower(hesk_input(hesk_REQUEST('email'))));
// Nothing entered? // Nothing entered?
if (!strlen($email)) { if (!strlen($email)) {

20
admin/custom_fields.php
View File

@ -732,7 +732,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$num_before = 0; $num_before = 0;
$num_after = 0; $num_after = 0;
foreach ($hesk_settings['custom_fields'] as $id => $cf) { foreach ($hesk_settings['custom_fields'] as $tmp_id => $cf) {
if ($cf['place']) { if ($cf['place']) {
$num_after++; $num_after++;
} else { } else {
@ -741,8 +741,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
} }
$k = 1; $k = 1;
foreach ($hesk_settings['custom_fields'] as $id => $cf) { foreach ($hesk_settings['custom_fields'] as $tmp_id => $cf) {
$id = intval(str_replace('custom', '', $id)); $tmp_id = intval(str_replace('custom', '', $tmp_id));
if ($hide_up) { if ($hide_up) {
$hide_up = false; $hide_up = false;
@ -771,7 +771,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$cf['category'] = count($cf['category']) ? $hesklang['cf_cat'] : $hesklang['cf_all']; $cf['category'] = count($cf['category']) ? $hesklang['cf_cat'] : $hesklang['cf_all'];
?> ?>
<tr> <tr>
<td><?php echo $id; ?></td> <td><?php echo $tmp_id; ?></td>
<td><?php echo $cf['name']; ?></td> <td><?php echo $cf['name']; ?></td>
<td><?php echo $cf['type']; ?></td> <td><?php echo $cf['type']; ?></td>
<td><?php echo $cf['use']; ?></td> <td><?php echo $cf['use']; ?></td>
@ -791,33 +791,33 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
} elseif ($k == 1 || $hide_up) { } elseif ($k == 1 || $hide_up) {
?> ?>
<i class="fa fa-fw icon-link">&nbsp;</i> <i class="fa fa-fw icon-link">&nbsp;</i>
<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>"> <a href="custom_fields.php?a=order_cf&amp;id=<?php echo $tmp_id; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-down fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_dn']; ?>"></i> <i class="fa fa-arrow-down fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_dn']; ?>"></i>
</a> </a>
<?php <?php
} elseif ($k == $hesk_settings['num_custom_fields'] || $k == $num_before) { } elseif ($k == $hesk_settings['num_custom_fields'] || $k == $num_before) {
?> ?>
<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>"> <a href="custom_fields.php?a=order_cf&amp;id=<?php echo $tmp_id; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-up fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i> <i class="fa fa-arrow-up fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i>
</a> </a>
<i class="fa fa-fw icon-link">&nbsp;</i> <i class="fa fa-fw icon-link">&nbsp;</i>
<?php <?php
} else { } else {
?> ?>
<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>"> <a href="custom_fields.php?a=order_cf&amp;id=<?php echo $tmp_id; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-up fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i> <i class="fa fa-arrow-up fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i>
</a> </a>
<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>"> <a href="custom_fields.php?a=order_cf&amp;id=<?php echo $tmp_id; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-down fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_dn']; ?>"></i> <i class="fa fa-arrow-down fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_dn']; ?>"></i>
</a> </a>
<?php <?php
} }
} }
?> ?>
<a href="custom_fields.php?a=edit_cf&amp;id=<?php echo $id; ?>"> <a href="custom_fields.php?a=edit_cf&amp;id=<?php echo $tmp_id; ?>">
<i class="fa fa-pencil fa-fw icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i> <i class="fa fa-pencil fa-fw icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i>
</a> </a>
<a href="custom_fields.php?a=remove_cf&amp;id=<?php echo $id; ?>&amp;token=<?php hesk_token_echo(); ?>" <a href="custom_fields.php?a=remove_cf&amp;id=<?php echo $tmp_id; ?>&amp;token=<?php hesk_token_echo(); ?>"
onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_cf']); ?>');"> onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_cf']); ?>');">
<i class="fa fa-times fa-fw icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i> <i class="fa fa-times fa-fw icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i>
</a> </a>

93
admin/edit_post.php
View File

@ -24,6 +24,8 @@ require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php'); require(HESK_PATH . 'inc/mail_functions.inc.php');
require(HESK_PATH . 'inc/custom_fields.inc.php'); require(HESK_PATH . 'inc/custom_fields.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
require(HESK_PATH . 'inc/posting_functions.inc.php');
require(HESK_PATH . 'inc/view_attachment_functions.inc.php');
hesk_session_start(); hesk_session_start();
hesk_dbConnect(); hesk_dbConnect();
@ -76,16 +78,51 @@ if (hesk_isREQUEST('reply')) {
$is_reply = 1; $is_reply = 1;
} }
// Count number of existing attachments for this post
$number_of_attachments = $is_reply ? hesk_countAttachments($reply['attachments']) : hesk_countAttachments($ticket['attachments']);
if (isset($_POST['save'])) { if (isset($_POST['save'])) {
/* A security check */ /* A security check */
hesk_token_check('POST'); hesk_token_check('POST');
$hesk_error_buffer = array(); $hesk_error_buffer = array();
// Add attachments?
if ($hesk_settings['attachments']['use'] && $number_of_attachments < $hesk_settings['attachments']['max_number']) {
require_once(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
$use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
if ($use_legacy_attachments) {
for ($i = $number_of_attachments + 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att)) {
$attachments[$i] = $att;
}
}
} else {
// The user used the new drag-and-drop system.
$temp_attachment_ids = hesk_POST_array('attachment-ids');
foreach ($temp_attachment_ids as $temp_attachment_id) {
// Simply get the temp info and move it to the attachments table
$temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
$attachments[] = $temp_attachment;
mfh_deleteTemporaryAttachment($temp_attachment_id);
}
}
}
if ($is_reply) { if ($is_reply) {
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
if (count($hesk_error_buffer)) { if (count($hesk_error_buffer)) {
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use'] && isset($attachments)) {
hesk_removeAttachments($attachments);
}
$myerror = '<ul>'; $myerror = '<ul>';
foreach ($hesk_error_buffer as $error) { foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>$error</li>\n"; $myerror .= "<li>$error</li>\n";
@ -101,7 +138,14 @@ if (isset($_POST['save'])) {
$tmpvar['html'] = hesk_POST('html'); $tmpvar['html'] = hesk_POST('html');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'"); if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."') WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'");
} else { } else {
$tmpvar['language'] = hesk_POST('customerLanguage'); $tmpvar['language'] = hesk_POST('customerLanguage');
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name']; $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
@ -161,9 +205,9 @@ if (isset($_POST['save'])) {
$_SESSION["as_$k"] = ''; $_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) { if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00'); $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false; $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false; $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
$_SESSION["as_$k"] = $tmpvar[$k]; $_SESSION["as_$k"] = $tmpvar[$k];
@ -208,6 +252,11 @@ if (isset($_POST['save'])) {
} }
if (count($hesk_error_buffer)) { if (count($hesk_error_buffer)) {
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use'] && isset($attachments)) {
hesk_removeAttachments($attachments);
}
$myerror = '<ul>'; $myerror = '<ul>';
foreach ($hesk_error_buffer as $error) { foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>$error</li>\n"; $myerror .= "<li>$error</li>\n";
@ -221,6 +270,13 @@ if (isset($_POST['save'])) {
$tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']);
} }
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
}
}
$custom_SQL = ''; $custom_SQL = '';
for ($i = 1; $i <= 50; $i++) { for ($i = 1; $i <= 50; $i++) {
$custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ','; $custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ',';
@ -232,6 +288,7 @@ if (isset($_POST['save'])) {
`email`='" . hesk_dbEscape($tmpvar['email']) . "', `email`='" . hesk_dbEscape($tmpvar['email']) . "',
`subject`='" . hesk_dbEscape($tmpvar['subject']) . "', `subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
`message`='" . hesk_dbEscape($tmpvar['message']) . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "',
`attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."'),
`language`='" . hesk_dbEscape($tmpvar['language']) . "', `language`='" . hesk_dbEscape($tmpvar['language']) . "',
`html`='" . hesk_dbEscape($tmpvar['html']) . "', `html`='" . hesk_dbEscape($tmpvar['html']) . "',
$custom_SQL $custom_SQL
@ -278,7 +335,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"'; $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
} }
?> ?>
<form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1" <?php echo $onsubmit; ?>> <form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1" enctype="multipart/form-data" <?php echo $onsubmit; ?>>
<?php <?php
/* If it's not a reply edit all the fields */ /* If it's not a reply edit all the fields */
if (!$is_reply) { if (!$is_reply) {
@ -542,6 +599,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="help-block with-errors" id="message-help-block"></div> <div class="help-block with-errors" id="message-help-block"></div>
</div> </div>
</div> </div>
<?php if ($hesk_settings['attachments']['use'] && $number_of_attachments < $hesk_settings['attachments']['max_number']) : ?>
<div class="form-group">
<label for="attachments" class="control-label col-sm-3"><?php echo $hesklang['attachments']; ?>:</label>
<div class="col-sm-9">
<?php build_dropzone_markup(true, 'filedrop', $number_of_attachments + 1); ?>
</div>
</div>
<?php
display_dropzone_field($hesk_settings['hesk_url'] . '/internal-api/ticket/upload-attachment.php',
'filedrop',
$hesk_settings['attachments']['max_number'] - $number_of_attachments);
endif; ?>
<div class="form-group"> <div class="form-group">
<input type="hidden" name="save" value="1"> <input type="hidden" name="save" value="1">
<input type="hidden" name="track" value="<?php echo $trackingID; ?>"> <input type="hidden" name="track" value="<?php echo $trackingID; ?>">
@ -598,4 +668,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div> </div>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();
function hesk_countAttachments($attachments_string) {
if ( ! strlen($attachments_string) || strpos($attachments_string, ',') === false) {
return 0;
}
$att = explode(',', substr($attachments_string, 0, -1));
return count($att);
} // END hesk_countAttachments()

12
admin/find_tickets.php
View File

@ -145,21 +145,21 @@ LEFT(`message`, 400) AS `message`,
$sql .= " ( `trackid` = '" . hesk_dbEscape($q) . "' OR `merged` LIKE '%#" . hesk_dbEscape($q) . "#%' ) "; $sql .= " ( `trackid` = '" . hesk_dbEscape($q) . "' OR `merged` LIKE '%#" . hesk_dbEscape($q) . "#%' ) ";
break; break;
case 'name': case 'name':
$sql .= "`name` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' "; $sql .= "`name` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
break; break;
case 'email': case 'email':
$sql .= "`email` LIKE '%" . hesk_dbEscape($q) . "%' "; $sql .= "`email` LIKE '%" . hesk_dbEscape($q) . "%' ";
break; break;
case 'subject': case 'subject':
$sql .= "`subject` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' "; $sql .= "`subject` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
break; break;
case 'message': case 'message':
$sql .= " ( `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' $sql .= " ( `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "'
OR OR
`id` IN ( `id` IN (
SELECT DISTINCT `replyto` SELECT DISTINCT `replyto`
FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies`
WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ) WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' )
) )
"; ";
break; break;
@ -170,12 +170,12 @@ LEFT(`message`, 400) AS `message`,
$sql .= "`id` IN ( $sql .= "`id` IN (
SELECT DISTINCT `ticket` SELECT DISTINCT `ticket`
FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes`
WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ) WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' )
"; ";
break; break;
default: default:
if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use']) { if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use']) {
$sql .= "`" . hesk_dbEscape($what) . "` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' "; $sql .= "`" . hesk_dbEscape($what) . "` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
} else { } else {
$hesk_error_buffer .= '<br />' . $hesklang['invalid_search']; $hesk_error_buffer .= '<br />' . $hesklang['invalid_search'];
} }

4
admin/index.php
View File

@ -69,7 +69,7 @@ function do_login()
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php'); require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
$_SERVER['REMOTE_ADDR'], hesk_getClientIP(),
hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_challenge_field', ''),
hesk_POST('recaptcha_response_field', '') hesk_POST('recaptcha_response_field', '')
); );
@ -88,7 +88,7 @@ function do_login()
// Was there a reCAPTCHA response? // Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) { if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response")); $resp = $reCaptcha->verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response"));
} }
if ($resp != null && $resp->success) { if ($resp != null && $resp->success) {

2
admin/knowledgebase_private.php
View File

@ -146,8 +146,6 @@ function hesk_kb_search($query)
{ {
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang;
define('HESK_NO_ROBOTS',1);
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit'])); $res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res); $num = hesk_dbNumRows($res);
$show_default_category = false; $show_default_category = false;

9
admin/manage_knowledgebase.php
View File

@ -1080,6 +1080,9 @@ function edit_category()
// Now delete the category // Now delete the category
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."'"); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."'");
// Clear KB cache
hesk_purge_cache('kb');
$_SESSION['hide'] = array( $_SESSION['hide'] = array(
//'treemenu' => 1, //'treemenu' => 1,
'new_article' => 1, 'new_article' => 1,
@ -1252,6 +1255,9 @@ function save_article()
// Update article order // Update article order
update_article_order($catid); update_article_order($catid);
// Clear KB cache
hesk_purge_cache('kb');
// Redirect to the correct page // Redirect to the correct page
switch ($from) { switch ($from) {
case 'draft': case 'draft':
@ -2174,6 +2180,9 @@ function remove_article()
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_draft`=`articles_draft`-1 WHERE `id`='{$catid}'"); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_draft`=`articles_draft`-1 WHERE `id`='{$catid}'");
} }
// Clear KB cache
hesk_purge_cache('kb');
// Redirect to the correct page // Redirect to the correct page
switch ($from) { switch ($from) {
case 'draft': case 'draft':

6
admin/password.php
View File

@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php'); require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
$_SERVER['REMOTE_ADDR'], hesk_getClientIP(),
hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_challenge_field', ''),
hesk_POST('recaptcha_response_field', '') hesk_POST('recaptcha_response_field', '')
); );
@ -70,7 +70,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Was there a reCAPTCHA response? // Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) { if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response")); $resp = $reCaptcha->verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response"));
} }
if ($resp != null && $resp->success) { if ($resp != null && $resp->success) {
@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
hesk_process_messages($hesklang['noace'], 'NOREDIRECT'); hesk_process_messages($hesklang['noace'], 'NOREDIRECT');
} else { } else {
$row = hesk_dbFetchAssoc($res); $row = hesk_dbFetchAssoc($res);
$hash = sha1(microtime() . $_SERVER['REMOTE_ADDR'] . mt_rand() . $row['id'] . $row['name'] . $row['pass']); $hash = sha1(microtime() . hesk_getClientIP() . mt_rand() . $row['id'] . $row['name'] . $row['pass']);
// Insert the verification hash into the database // Insert the verification hash into the database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` (`user`, `hash`, `ip`) VALUES (" . intval($row['id']) . ", '{$hash}', '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "') "); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` (`user`, `hash`, `ip`) VALUES (" . intval($row['id']) . ", '{$hash}', '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "') ");

8
inc/admin_functions.inc.php
View File

@ -34,6 +34,8 @@ $hesk_settings['possible_ticket_list'] = array(
'time_worked' => $hesklang['ts'], 'time_worked' => $hesklang['ts'],
); );
define('HESK_NO_ROBOTS', true);
/*** FUNCTIONS ***/ /*** FUNCTIONS ***/
@ -564,6 +566,8 @@ function hesk_verifyGoto()
'banned_emails.php' => '', 'banned_emails.php' => '',
'banned_ips.php' => '', 'banned_ips.php' => '',
'change_status.php' => '', 'change_status.php' => '',
'custom_fields.php' => '',
'custom_statuses.php' => '',
'edit_post.php' => '', 'edit_post.php' => '',
'email_templates.php' => '', 'email_templates.php' => '',
'export.php' => '', 'export.php' => '',
@ -572,6 +576,7 @@ function hesk_verifyGoto()
'knowledgebase_private.php' => '', 'knowledgebase_private.php' => '',
'lock.php' => '', 'lock.php' => '',
'mail.php' => '', 'mail.php' => '',
'mail.php?a=read&id=1' => '',
'manage_canned.php' => '', 'manage_canned.php' => '',
'manage_categories.php' => '', 'manage_categories.php' => '',
'manage_knowledgebase.php' => '', 'manage_knowledgebase.php' => '',
@ -715,6 +720,9 @@ function hesk_purge_cache($type = '', $expire_after_seconds = 0)
case 'cf': case 'cf':
$files = glob($cache_dir.'cf_*', GLOB_NOSORT); $files = glob($cache_dir.'cf_*', GLOB_NOSORT);
break; break;
case 'kb':
$files = array($cache_dir.'kb.cache.php');
break;
default: default:
hesk_rrmdir(trim($cache_dir, '/'), true); hesk_rrmdir(trim($cache_dir, '/'), true);
return true; return true;

2
inc/attachments.inc.php
View File

@ -103,7 +103,7 @@ function hesk_fileError($error)
} // End hesk_fileError() } // End hesk_fileError()
function hesk_removeAttachments($attachments, $isTicket) function hesk_removeAttachments($attachments, $isTicket = true)
{ {
global $hesk_settings, $hesklang, $modsForHesk_settings; global $hesk_settings, $hesklang, $modsForHesk_settings;

158
inc/common.inc.php
View File

@ -77,9 +77,81 @@ if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
// Load language file // Load language file
hesk_getLanguage(); hesk_getLanguage();
// Set timezone
hesk_setTimezone();
/*** FUNCTIONS ***/ /*** FUNCTIONS ***/
function hesk_getClientIP() {
global $hesk_settings;
// Already set? Just return it
if (isset($hesk_settings['client_IP'])) {
return $hesk_settings['client_IP'];
}
// Empty client IP, for example when used in CLI (piping, cron jobs, ...)
$hesk_settings['client_IP'] = '';
// Server (environment) variables to loop through
// the first valid one found will be returned as client IP
// Uncomment those used on your server
$server_client_IP_variables = array(
// 'HTTP_CF_CONNECTING_IP', // CloudFlare
// 'HTTP_CLIENT_IP',
// 'HTTP_X_FORWARDED_FOR',
// 'HTTP_X_FORWARDED',
// 'HTTP_FORWARDED_FOR',
// 'HTTP_FORWARDED',
'REMOTE_ADDR',
);
// The first valid environment variable is our client IP
foreach ($server_client_IP_variables as $server_client_IP_variable) {
// Must be set
if (!isset($_SERVER[$server_client_IP_variable])) {
continue;
}
// Must be a valid IP
if (!hesk_isValidIP($_SERVER[$server_client_IP_variable])) {
continue;
}
// Bingo!
$hesk_settings['client_IP'] = $_SERVER[$server_client_IP_variable];
break;
}
return $hesk_settings['client_IP'];
} // END hesk_getClientIP()
function hesk_isValidIP($ip) {
// Use filter_var for PHP 5.2.0
if (function_exists('filter_var') && filter_var($ip, FILTER_VALIDATE_IP) !== false) {
return true;
}
// Use regex for PHP < 5.2.0
// -> IPv4
if (preg_match('/^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$/', $ip)) {
return true;
}
// -> IPv6
if (preg_match('/^[0-9A-Fa-f\:\.]$/', $ip)) {
return true;
}
// Not a valid IP
return false;
} // END hesk_isValidIP()
function hesk_setcookie($name, $value, $expire=0, $path=""){ function hesk_setcookie($name, $value, $expire=0, $path=""){
if (HESK_SSL) { if (HESK_SSL) {
setcookie($name, $value, $expire, $path, "", true, true); setcookie($name, $value, $expire, $path, "", true, true);
@ -415,6 +487,9 @@ function hesk_getCustomerEmail($can_remember = 0, $field = '')
} }
} }
// Remove unwanted side-effects
$my_email = hesk_emailCleanup($my_email);
$hesk_settings['e_param'] = '&e=' . rawurlencode($my_email); $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email);
$hesk_settings['e_query'] = '&amp;e=' . rawurlencode($my_email); $hesk_settings['e_query'] = '&amp;e=' . rawurlencode($my_email);
$hesk_settings['e_email'] = $my_email; $hesk_settings['e_email'] = $my_email;
@ -423,6 +498,10 @@ function hesk_getCustomerEmail($can_remember = 0, $field = '')
} // END hesk_getCustomerEmail() } // END hesk_getCustomerEmail()
function hesk_emailCleanup($my_email) {
return preg_replace("/(\\\)'/", "'", $my_email);
} // END hesk_emailCleanup()
function hesk_formatBytes($size, $translate_unit = 1, $precision = 2) function hesk_formatBytes($size, $translate_unit = 1, $precision = 2)
{ {
@ -670,7 +749,7 @@ function hesk_cleanBfAttempts()
} }
/* Delete expired logs from the database */ /* Delete expired logs from the database */
$res = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "'"); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape(hesk_getClientIP())."'");
define('HESK_BF_CLEAN', 1); define('HESK_BF_CLEAN', 1);
@ -683,7 +762,7 @@ function hesk_limitBfAttempts($showError = 1)
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang;
// Check if this IP is banned permanently // Check if this IP is banned permanently
if (hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { if (hesk_isBannedIP(hesk_getClientIP())) {
hesk_error($hesklang['baned_ip'], 0); hesk_error($hesklang['baned_ip'], 0);
} }
@ -695,7 +774,7 @@ function hesk_limitBfAttempts($showError = 1)
/* Define this constant to avoid duplicate checks */ /* Define this constant to avoid duplicate checks */
define('HESK_BF_LIMIT', 1); define('HESK_BF_LIMIT', 1);
$ip = $_SERVER['REMOTE_ADDR']; $ip = hesk_getClientIP();
/* Get number of failed attempts from the database */ /* Get number of failed attempts from the database */
$res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1"); $res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
@ -1207,6 +1286,58 @@ function hesk_returnLanguage()
return true; return true;
} // END hesk_returnLanguage() } // END hesk_returnLanguage()
function hesk_setTimezone() {
global $hesk_settings;
// Get Hesk time difference from UTC in seconds
$seconds = date('Z') + 3600*$hesk_settings['diff_hours'] + 60*$hesk_settings['diff_minutes'];
// Daylight saving?
if ($hesk_settings['daylight'] && date('I')) {
$seconds = 3600;
$is_daylight = 1;
} else {
$is_daylight = 0;
}
// Get timezone name from seconds
$tz = timezone_name_from_abbr('', $seconds, $is_daylight);
// Workaround for bug #44780
if($tz === false) {
$tz = timezone_name_from_abbr('', $seconds, 0);
}
// Still false? Disregards minutes
if($tz === false) {
$seconds = date('Z') + 3600*$hesk_settings['diff_hours'];
$tz = timezone_name_from_abbr('', $seconds, 0);
}
// Set timezone
date_default_timezone_set($tz);
return true;
} // END hesk_setTimezone()
function hesk_timeToHHMM($time, $time_format="seconds", $signed=true) {
if ($time < 0) {
$time = abs($time);
$sign = "-";
} else {
$sign = "";
}
if ($time_format == 'minutes') {
$time *= 60;
}
return ($signed ? $sign : '') . gmdate('H:i', $time);
} // END hesk_timeToHHMM()
function hesk_date($dt = '', $from_database = false, $is_str = true, $return_str = true) function hesk_date($dt = '', $from_database = false, $is_str = true, $return_str = true)
{ {
@ -1218,25 +1349,6 @@ function hesk_date($dt = '', $from_database = false, $is_str = true, $return_str
$dt = strtotime($dt); $dt = strtotime($dt);
} }
// Adjust MySQL time if different from PHP time
if ($from_database) {
if (!defined('MYSQL_TIME_DIFF')) {
define('MYSQL_TIME_DIFF', time() - hesk_dbTime());
}
if (MYSQL_TIME_DIFF != 0) {
$dt += MYSQL_TIME_DIFF;
}
}
// Add HESK set time difference
$dt += 3600 * $hesk_settings['diff_hours'] + 60 * $hesk_settings['diff_minutes'];
// Daylight savings?
if ($hesk_settings['daylight'] && date('I', $dt)) {
$dt += 3600;
}
// Return formatted date // Return formatted date
return $return_str ? date($hesk_settings['timeformat'], $dt) : $dt; return $return_str ? date($hesk_settings['timeformat'], $dt) : $dt;
@ -1729,7 +1841,7 @@ function hesk_check_maintenance($dodie = true)
$hesk_settings['maintenance_mode'] == 0 && $hesk_settings['maintenance_mode'] == 0 &&
$hesk_settings['question_ans'] == 'PB6YM' && $hesk_settings['question_ans'] == 'PB6YM' &&
$hesk_settings['site_title'] == 'My Web site' && $hesk_settings['site_title'] == 'Website' &&
$hesk_settings['site_url'] == 'http://www.example.com' && $hesk_settings['site_url'] == 'http://www.example.com' &&
$hesk_settings['webmaster_mail'] == 'support@example.com' && $hesk_settings['webmaster_mail'] == 'support@example.com' &&
$hesk_settings['noreply_mail'] == 'support@example.com' && $hesk_settings['noreply_mail'] == 'support@example.com' &&

6
inc/knowledgebase_functions.inc.php
View File

@ -59,9 +59,6 @@ function hesk_kbTopArticles($how_many, $index = 1)
// Show title in bold // Show title in bold
$font_weight = 'b'; $font_weight = 'b';
// Print a line for spacing
echo '<hr />';
} }
?> ?>
@ -108,6 +105,8 @@ function hesk_kbTopArticles($how_many, $index = 1)
$hesk_settings['kb_top_articles_printed'] = array(); $hesk_settings['kb_top_articles_printed'] = array();
while ($article = hesk_dbFetchAssoc($res)) { while ($article = hesk_dbFetchAssoc($res)) {
$hesk_settings['kb_spacing']--;
$hesk_settings['kb_top_articles_printed'][] = $article['id']; $hesk_settings['kb_top_articles_printed'][] = $article['id'];
$icon = 'fa fa-file'; $icon = 'fa fa-file';
@ -217,6 +216,7 @@ function hesk_kbLatestArticles($how_many, $index = 1)
/* We have some results, print them out */ /* We have some results, print them out */
$colspan = $hesk_settings['kb_date'] ? '' : 'colspan="2"'; $colspan = $hesk_settings['kb_date'] ? '' : 'colspan="2"';
while ($article = hesk_dbFetchAssoc($res)) { while ($article = hesk_dbFetchAssoc($res)) {
$hesk_settings['kb_spacing']--;
$icon = 'fa fa-file'; $icon = 'fa fa-file';
$style = ''; $style = '';

1
inc/pipe_functions.inc.php
View File

@ -266,7 +266,6 @@ function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority
// Not a reply, but a new ticket. Add it to the database // Not a reply, but a new ticket. Add it to the database
$tmpvar['category'] = $set_category; $tmpvar['category'] = $set_category;
$tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority; $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
// Auto assign tickets if aplicable // Auto assign tickets if aplicable
$tmpvar['owner'] = 0; $tmpvar['owner'] = 0;

2
inc/posting_functions.inc.php
View File

@ -101,7 +101,7 @@ function hesk_newTicket($ticket, $isVerified = true)
NOW(), NOW(),
NOW(), NOW(),
" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ", " . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",
'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', '" . hesk_dbEscape(hesk_getClientIP()) . "',
'" . hesk_dbEscape($language) . "', '" . hesk_dbEscape($language) . "',
'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "', '" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',
'" . intval($ticket['owner']) . "', '" . intval($ticket['owner']) . "',

8
inc/view_attachment_functions.inc.php
View File

@ -207,14 +207,14 @@ function output_attachment_id_holder_container($id) {
echo '<div id="attachment-holder-' . $id . '" class="hide"></div>'; echo '<div id="attachment-holder-' . $id . '" class="hide"></div>';
} }
function build_dropzone_markup($admin = false, $id = 'filedrop') { function build_dropzone_markup($admin = false, $id = 'filedrop', $startingId = 1) {
global $hesklang, $hesk_settings; global $hesklang, $hesk_settings;
$directory_separator = $admin ? '../' : ''; $directory_separator = $admin ? '../' : '';
echo '<div class="dropzone" id="' . $id . '"> echo '<div class="dropzone" id="' . $id . '">
<div class="fallback"> <div class="fallback">
<input type="hidden" name="use-legacy-attachments" value="1">'; <input type="hidden" name="use-legacy-attachments" value="1">';
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { for ($i = $startingId; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$cls = ($i == 1 && isset($_SESSION['iserror']) && in_array('attachments', $_SESSION['iserror'])) ? ' class="isError" ' : ''; $cls = ($i == 1 && isset($_SESSION['iserror']) && in_array('attachments', $_SESSION['iserror'])) ? ' class="isError" ' : '';
echo '<input type="file" name="attachment[' . $i . ']" size="50" ' . $cls . ' /><br />'; echo '<input type="file" name="attachment[' . $i . ']" size="50" ' . $cls . ' /><br />';
} }
@ -225,7 +225,7 @@ function build_dropzone_markup($admin = false, $id = 'filedrop') {
onclick="Javascript:hesk_window(\'' . $directory_separator . 'file_limits.php\',250,500);return false;">'. $hesklang['ful'] . '</a>'; onclick="Javascript:hesk_window(\'' . $directory_separator . 'file_limits.php\',250,500);return false;">'. $hesklang['ful'] . '</a>';
} }
function display_dropzone_field($url, $id = 'filedrop') { function display_dropzone_field($url, $id = 'filedrop', $max_files_override = -1) {
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang;
output_dropzone_window(); output_dropzone_window();
@ -233,7 +233,7 @@ function display_dropzone_field($url, $id = 'filedrop') {
$acceptedFiles = implode(',', $hesk_settings['attachments']['allowed_types']); $acceptedFiles = implode(',', $hesk_settings['attachments']['allowed_types']);
$size = mfh_bytesToUnits($hesk_settings['attachments']['max_size']); $size = mfh_bytesToUnits($hesk_settings['attachments']['max_size']);
$max_files = $hesk_settings['attachments']['max_number']; $max_files = $max_files_override > -1 ? $max_files_override : $hesk_settings['attachments']['max_number'];
echo " echo "
<script type=\"text/javascript\"> <script type=\"text/javascript\">

79
index.php
View File

@ -721,7 +721,7 @@ function print_add_ticket()
<!-- START KNOWLEDGEBASE SUGGEST --> <!-- START KNOWLEDGEBASE SUGGEST -->
<?php <?php
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers']) { if (has_public_kb() && $hesk_settings['kb_recommendanswers']) {
?> ?>
<div id="kb_suggestions" style="display:none"> <div id="kb_suggestions" style="display:none">
<br/>&nbsp;<br/> <br/>&nbsp;<br/>
@ -1116,7 +1116,7 @@ function print_add_ticket()
<b><?php echo $hesklang['we_have']; ?>:</b> <b><?php echo $hesklang['we_have']; ?>:</b>
<ul> <ul>
<li><?php echo hesk_htmlspecialchars($_SERVER['REMOTE_ADDR']) . ' ' . $hesklang['recorded_ip']; ?></li> <li><?php echo hesk_htmlspecialchars(hesk_getClientIP()) . ' ' . $hesklang['recorded_ip']; ?></li>
<li><?php echo $hesklang['recorded_time']; ?></li> <li><?php echo $hesklang['recorded_time']; ?></li>
</ul> </ul>
</div> </div>
@ -1206,16 +1206,26 @@ function print_start()
{ {
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang;
if ($hesk_settings['kb_enable'])
{
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
}
// Connect to database // Connect to database
hesk_load_database_functions();
hesk_dbConnect(); hesk_dbConnect();
define('PAGE_TITLE', 'CUSTOMER_HOME'); define('PAGE_TITLE', 'CUSTOMER_HOME');
// This will be used to determine how much space to print after KB
$hesk_settings['kb_spacing'] = 4;
// Include KB functionality only if we have any public articles
has_public_kb();
if ($hesk_settings['kb_enable'])
{
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
}
else
{
$hesk_settings['kb_spacing'] += 2;
}
/* Print header */ /* Print header */
require_once(HESK_PATH . 'inc/header.inc.php'); require_once(HESK_PATH . 'inc/header.inc.php');
@ -1418,7 +1428,7 @@ require(HESK_PATH . 'inc/email_functions.inc.php');
/* Get ticket(s) from database */ /* Get ticket(s) from database */
hesk_dbConnect(); hesk_dbConnect();
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1'); $email = hesk_emailCleanup(hesk_validateEmail(hesk_POST('email'), 'ERR', 0)) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
if (isset($_POST['open_only'])) { if (isset($_POST['open_only'])) {
$hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0; $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
@ -1437,9 +1447,9 @@ $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix'])
$num = hesk_dbNumRows($res); $num = hesk_dbNumRows($res);
if ($num < 1) { if ($num < 1) {
if ($hesk_settings['open_only']) { if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email); hesk_process_messages($hesklang['noopen'],'ticket.php?remind=1&e='.rawurlencode($email));
} else { } else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email); hesk_process_messages($hesklang['tid_not_found'],'ticket.php?remind=1&e='.rawurlencode($email));
} }
} }
@ -1505,8 +1515,7 @@ require_once(HESK_PATH . 'inc/header.inc.php');
} // End forgot_tid() } // End forgot_tid()
function processEmail($msg, $name, $num, $tid_list) function processEmail($msg, $name, $num, $tid_list) {
{
global $hesk_settings; global $hesk_settings;
$msg = str_replace('%%NAME%%', $name, $msg); $msg = str_replace('%%NAME%%', $name, $msg);
@ -1517,4 +1526,48 @@ require_once(HESK_PATH . 'inc/header.inc.php');
return $msg; return $msg;
} }
?> function has_public_kb($use_cache=1) {
global $hesk_settings;
// Return if KB is disabled
if ( ! $hesk_settings['kb_enable']) {
return 0;
}
// Do we have a cached version available
$cache_dir = $hesk_settings['cache_dir'].'/';
$cache_file = $cache_dir . 'kb.cache.php';
if ($use_cache && file_exists($cache_file)) {
require($cache_file);
return $hesk_settings['kb_enable'];
}
// Make sure we have database connection
hesk_load_database_functions();
hesk_dbConnect();
// Do we have any public articles at all?
$res = hesk_dbQuery("SELECT `t1`.`id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`type`='0' AND `t2`.`type`='0' LIMIT 1");
// If no public articles, disable the KB functionality
if (hesk_dbNumRows($res) < 1) {
$hesk_settings['kb_enable'] = 0;
}
// Try to cache results
if ($use_cache && (is_dir($cache_dir) || (@mkdir($cache_dir, 0777) && is_writable($cache_dir)))) {
// Is there an index.htm file?
if ( ! file_exists($cache_dir.'index.htm')) {
@file_put_contents($cache_dir.'index.htm', '');
}
// Write data
@file_put_contents($cache_file, '<?php if (!defined(\'IN_SCRIPT\')) {die();} $hesk_settings[\'kb_enable\']=' . $hesk_settings['kb_enable'] . ';' );
}
return $hesk_settings['kb_enable'];
} // End has_public_kb()

2
install/install_functions.inc.php
View File

@ -36,7 +36,7 @@
if (!defined('IN_SCRIPT')) {die('Invalid attempt');} if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// We will be installing this HESK version: // We will be installing this HESK version:
define('HESK_NEW_VERSION','2.7.2'); define('HESK_NEW_VERSION','2.7.3');
define('MODS_FOR_HESK_NEW_VERSION','3.0.5'); define('MODS_FOR_HESK_NEW_VERSION','3.0.5');
define('REQUIRE_PHP_VERSION','5.3.0'); define('REQUIRE_PHP_VERSION','5.3.0');
define('REQUIRE_MYSQL_VERSION','5.0.7'); define('REQUIRE_MYSQL_VERSION','5.0.7');

20
knowledgebase.php
View File

@ -20,10 +20,7 @@ require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php'); require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
// Load Knowledgebase-related functions // Connect to database
hesk_load_database_functions();
/* Connect to database */
hesk_dbConnect(); hesk_dbConnect();
// Are we in maintenance mode? // Are we in maintenance mode?
@ -31,11 +28,24 @@ hesk_check_maintenance();
define('PAGE_TITLE', 'CUSTOMER_KB'); define('PAGE_TITLE', 'CUSTOMER_KB');
/* Is Knowledgebase enabled? */ // Is Knowledgebase enabled?
if (!$hesk_settings['kb_enable']) { if (!$hesk_settings['kb_enable']) {
hesk_error($hesklang['kbdis']); hesk_error($hesklang['kbdis']);
} }
// Do we have any public articles at all?
$res = hesk_dbQuery("SELECT `t1`.`id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`type`='0' AND `t2`.`type`='0' LIMIT 1");
// If yes, load KB functions; if not, disable and hide the KB
if (hesk_dbNumRows($res) < 1) {
hesk_error($hesklang['noa']);
}
// Load KB functions
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
/* Rating? */ /* Rating? */
if (isset($_GET['rating'])) { if (isset($_GET['rating'])) {
// Detect and block robots // Detect and block robots

4
reply_ticket.php
View File

@ -125,7 +125,7 @@ if (count($hesk_error_buffer) != 0) {
} }
// Check if this IP is temporarily locked out // Check if this IP is temporarily locked out
$res = hesk_dbQuery("SELECT `number` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() LIMIT 1"); $res = hesk_dbQuery("SELECT `number` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape(hesk_getClientIP())."' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE ) > NOW() LIMIT 1");
if (hesk_dbNumRows($res) == 1) { if (hesk_dbNumRows($res) == 1) {
if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) { if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) {
unset($_SESSION); unset($_SESSION);
@ -157,7 +157,7 @@ if (hesk_dbNumRows($res) > 0) {
$sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1; $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;
} }
if ($sequential_customer_replies > 10) { if ($sequential_customer_replies > 10) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`, `number`) VALUES ('" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', " . intval($hesk_settings['attempt_limit'] + 1) . ")"); hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` (`ip`, `number`) VALUES ('".hesk_dbEscape(hesk_getClientIP())."', ".intval($hesk_settings['attempt_limit'] + 1).")");
hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0); hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);
} }
} }

10
submit_ticket.php
View File

@ -87,7 +87,7 @@ if ($hesk_settings['secimg_use'] && !isset($_SESSION['img_verified'])) {
require(HESK_PATH . 'inc/recaptcha/recaptchalib.php'); require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
$_SERVER['REMOTE_ADDR'], hesk_getClientIP(),
hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_challenge_field', ''),
hesk_POST('recaptcha_response_field', '') hesk_POST('recaptcha_response_field', '')
); );
@ -268,9 +268,9 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v) {
$_SESSION["c_$k"] = ''; $_SESSION["c_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) { if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00'); $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false; $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false; $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
$_SESSION["c_$k"] = $tmpvar[$k]; $_SESSION["c_$k"] = $tmpvar[$k];
@ -317,7 +317,7 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v) {
} }
// Check bans // Check bans
if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP(hesk_getClientIP())) {
hesk_error($hesklang['baned_e']); hesk_error($hesklang['baned_e']);
} }

4
ticket.php
View File

@ -159,8 +159,8 @@ if ($ticket['lastreplier']) {
} }
// If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP // If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) { if ($ticket['ip'] == '' || $ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id'])); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `ip` = '".hesk_dbEscape(hesk_getClientIP())."' WHERE `id`=".intval($ticket['id']));
} }
/* Get category name and ID */ /* Get category name and ID */