diff --git a/include/class.captcha.php b/include/class.captcha.php
index ca103d920c744e2ea7efd53b75c531c35ba97d90..86f89d9792da363351dee17d151238f03872616e 100644
--- a/include/class.captcha.php
+++ b/include/class.captcha.php
@@ -3,7 +3,7 @@
class.captcha.php
Very basic captcha class.
-
+
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
@@ -44,7 +44,7 @@ class Captcha {
$img= imagecreatefrompng($this->bgimg);
imagestring($img,$this->font, $x, $y,$this->hash,imagecolorallocate($img,0, 0, 0));
- Header ("(captcha-content-type:) image/png");
+ header("Content-Type: image/png");
imagepng($img);
imagedestroy($img);
$_SESSION['captcha'] = md5($this->hash);
diff --git a/include/class.file.php b/include/class.file.php
index 9e85630c7bd92f42cce0225e4d2c9c13127073c4..a896d9e9cefd4098be9a7e35080157bbe222d894 100644
--- a/include/class.file.php
+++ b/include/class.file.php
@@ -136,21 +136,23 @@ class AttachmentFile {
return true;
}
-
- function display() {
-
+ function makeCacheable($ttl=3600) {
// Thanks, http://stackoverflow.com/a/1583753/1025836
- $last_modified = strtotime($this->lastModified());
- header("Last-Modified: ".gmdate(DATE_RFC822, $last_modified)." GMT", false);
+ $last_modified = Misc::db2gmtime($this->lastModified());
+ header("Last-Modified: ".date('D, d M y H:i:s', $last_modified)." GMT", false);
header('ETag: "'.$this->getHash().'"');
- header('Cache-Control: private, max-age=3600');
- header('Expires: ' . date(DATE_RFC822, time() + 3600) . ' GMT');
+ header("Cache-Control: private, max-age=$ttl");
+ header('Expires: ' . gmdate(DATE_RFC822, time() + $ttl)." GMT");
header('Pragma: private');
if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified ||
@trim($_SERVER['HTTP_IF_NONE_MATCH']) == $this->getHash()) {
header("HTTP/1.1 304 Not Modified");
exit();
}
+ }
+
+ function display() {
+ $this->makeCacheable();
header('Content-Type: '.($this->getType()?$this->getType():'application/octet-stream'));
header('Content-Length: '.$this->getSize());
@@ -159,20 +161,20 @@ class AttachmentFile {
}
function download() {
+ $this->makeCacheable();
- header('Pragma: public');
- header('Expires: 0');
- header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
- header('Cache-Control: public');
header('Content-Type: '.($this->getType()?$this->getType():'application/octet-stream'));
$filename=basename($this->getName());
$user_agent = strtolower ($_SERVER['HTTP_USER_AGENT']);
- if ((is_integer(strpos($user_agent,'msie'))) && (is_integer(strpos($user_agent,'win')))) {
- header('Content-Disposition: filename='.$filename.';');
- }else{
- header('Content-Disposition: attachment; filename='.$filename.';' );
- }
+ if (false !== strpos($user_agent,'msie') && false !== strpos($user_agent,'win'))
+ header('Content-Disposition: filename='.rawurlencode($filename).';');
+ elseif (false !== strpos($user_agent, 'safari') && false === strpos($user_agent, 'chrome'))
+ // Safari and Safari only can handle the filename as is
+ header('Content-Disposition: filename='.str_replace(',', '', $filename).';');
+ else
+ // Use RFC5987
+ header("Content-Disposition: filename*=UTF-8''".rawurlencode($filename).';' );
header('Content-Transfer-Encoding: binary');
header('Content-Length: '.$this->getSize());
@@ -238,7 +240,7 @@ class AttachmentFile {
$sql='INSERT INTO '.FILE_TABLE.' SET created=NOW() '
.',type='.db_input($file['type'])
.',size='.db_input($file['size'])
- .',name='.db_input(Format::file_name($file['name']))
+ .',name='.db_input($file['name'])
.',hash='.db_input($file['hash']);
# XXX: ft does not exists during the upgrade when attachments are
diff --git a/include/class.misc.php b/include/class.misc.php
index e913a8de0fdd052b0e9a87ec9693b720cc36e03b..b92909caac5f4f80bae768d9acf812fce5fb4c41 100644
--- a/include/class.misc.php
+++ b/include/class.misc.php
@@ -139,21 +139,17 @@ class Misc {
return $output;
}
- function siteBaseUrl() {
- # Detects Alias-ing
- $paths = explode('/', $_SERVER['REQUEST_URI']);
- # Drop the last item -- it will be the php page we're on
- array_pop($paths);
- $leading = array();
- while (count($paths)) {
- if (in_array($paths[0], array('scp','client')))
- break;
- $leading[] = array_shift($paths);
+ /* static */
+ function siteRootPath($main_inc_path) {
+ $root = str_replace('\\', '/', $main_inc_path);
+ $root2 = str_replace('\\','/', $_SERVER['DOCUMENT_ROOT']);
+ $path = '';
+ while (strpos($_SERVER['DOCUMENT_ROOT'], $root) === false) {
+ $lastslash = strrpos($root, '/');
+ $path = substr($root, $lastslash) . $path;
+ $root = substr($root, 0, $lastslash);
}
- if (count($leading) > 1)
- return implode('/', $leading);
- else
- return '';
+ return $path;
}
}
diff --git a/include/class.staff.php b/include/class.staff.php
index e0220120c0ca497bc12482296d6e08ffe84c257f..c434d3d1ca7548f65fc66160439da988cbfb17b3 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -690,7 +690,7 @@ class Staff {
// this user id
$sql = 'DELETE FROM '.CONFIG_TABLE.' WHERE `namespace`="pwreset"
AND `value`='.db_input($this->getId());
- db_query($sql);
+ db_query($sql, false);
unset($_SESSION['_staff']['reset-token']);
}
diff --git a/include/ost-sampleconfig.php b/include/ost-sampleconfig.php
index d3cbb517a3b2922444a6ccdbd9fcb936439cf5a1..65ff21c0d053e78c6b49a1e0647b881a1bff57f3 100644
--- a/include/ost-sampleconfig.php
+++ b/include/ost-sampleconfig.php
@@ -22,7 +22,7 @@ if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__)) || !defined
#Install flag
define('OSTINSTALLED',FALSE);
if(OSTINSTALLED!=TRUE){
- if(!file_exists(ROOT_PATH.'setup/install.php')) die('Error: Contact system admin.'); //Something is really wrong!
+ if(!file_exists(ROOT_DIR.'setup/install.php')) die('Error: Contact system admin.'); //Something is really wrong!
//Invoke the installer.
header('Location: '.ROOT_PATH.'setup/install.php');
exit;
diff --git a/main.inc.php b/main.inc.php
index 4b69b3e1638a2fc8f90f9d9533c092f31a9dffbd..428a33e4a63ff98ef9e5b53b24b20f8babe0b74c 100644
--- a/main.inc.php
+++ b/main.inc.php
@@ -60,13 +60,6 @@
}
#Set Dir constants
- $here = substr(realpath(dirname(__file__)),
- strlen($_SERVER['DOCUMENT_ROOT']));
- // Determine the path in the URI used as the base of the osTicket
- // installation
- if (!defined('ROOT_PATH'))
- define('ROOT_PATH', str_replace('\\', '/', $here.'/')); //root path. Damn directories
-
define('ROOT_DIR',str_replace('\\\\', '/', realpath(dirname(__FILE__))).'/'); #Get real path for root dir ---linux and windows
define('INCLUDE_DIR',ROOT_DIR.'include/'); //Change this if include is moved outside the web path.
define('PEAR_DIR',INCLUDE_DIR.'pear/');
@@ -75,6 +68,13 @@
define('UPGRADE_DIR', INCLUDE_DIR.'upgrader/');
define('I18N_DIR', INCLUDE_DIR.'i18n/');
+ require(INCLUDE_DIR.'class.misc.php');
+
+ // Determine the path in the URI used as the base of the osTicket
+ // installation
+ if (!defined('ROOT_PATH'))
+ define('ROOT_PATH', Misc::siteRootPath(realpath(dirname(__file__))).'/'); //root path. Damn directories
+
/*############## Do NOT monkey with anything else beyond this point UNLESS you really know what you are doing ##############*/
#Current version && schema signature (Changes from version to version)
@@ -117,7 +117,6 @@
require(INCLUDE_DIR.'class.pagenate.php'); //Pagenate helper!
require(INCLUDE_DIR.'class.log.php');
require(INCLUDE_DIR.'class.crypto.php');
- require(INCLUDE_DIR.'class.misc.php');
require(INCLUDE_DIR.'class.timezone.php');
require(INCLUDE_DIR.'class.http.php');
require(INCLUDE_DIR.'class.signal.php');
diff --git a/setup/cli/package.php b/setup/cli/package.php
index 45fd517704822e7ae3e4c8d471bdb30b14d1e5ea..4bae36081898368857a18838d852bab129429ebe 100755
--- a/setup/cli/package.php
+++ b/setup/cli/package.php
@@ -110,7 +110,7 @@ package("setup/scripts/*", "scripts/", -1, "*stage");
package("include/{,.}*", "upload/include", -1, array('*ost-config.php', '*.sw[a-z]'));
# Include the installer
-package("setup/*.{php,txt}", "upload/setup", -1, array("*scripts","*test","*stage"));
+package("setup/*.{php,txt,html}", "upload/setup", -1, array("*scripts","*test","*stage"));
foreach (array('css','images','js') as $dir)
package("setup/$dir/*", "upload/setup/$dir", -1);
package("setup/inc/streams/*.sql", "upload/setup/inc/streams", -1);