diff --git a/include/class.file.php b/include/class.file.php
index bcdb9e0ed68f0ce7a944a9ae866ea5626dd4b90b..2a0073b4be2817ecbd41e28858e1487184fffba4 100644
--- a/include/class.file.php
+++ b/include/class.file.php
@@ -635,7 +635,7 @@ class AttachmentFile extends VerySimpleModel {
->filter(array(
'attachments__object_id__isnull' => true,
'ft' => 'T',
- 'created__gt' => new DateTime('now -1 day'),
+ 'created__lt' => SqlFunction::NOW()->minus(SqlInterval::DAY(1)),
));
foreach ($files as $f) {
diff --git a/include/class.format.php b/include/class.format.php
index 6058142d8c0adb2b51e996943f2ac1562d60b647..27497d3d32b15346f997ea63eb5bd4b0a276d6f8 100644
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -306,8 +306,9 @@ class Format {
':<!DOCTYPE[^>]+>:', # <!DOCTYPE ... >
':<\?[^>]+>:', # <?xml version="1.0" ... >
':<html[^>]+:i', # drop html attributes
+ ':<(a|span) (name|style)="(mso-bookmark\:)?_MailEndCompose">(.+)?<\/(a|span)>:', # Drop _MailEndCompose
),
- array('', '', '', '', '<html'),
+ array('', '', '', '', '<html', '$4'),
$html);
// HtmLawed specific config only
@@ -321,7 +322,7 @@ class Format {
'hook_tag' => function($e, $a=0) { return Format::__html_cleanup($e, $a); },
'elements' => '*+iframe',
'spec' =>
- 'iframe=-*,height,width,type,style,src(match="`^(https?:)?//(www\.)?(youtube|dailymotion|vimeo)\.com/`i"),frameborder'.($options['spec'] ? '; '.$options['spec'] : ''),
+ 'iframe=-*,height,width,type,style,src(match="`^(https?:)?//(www\.)?(youtube|dailymotion|vimeo|player.vimeo)\.com/`i"),frameborder'.($options['spec'] ? '; '.$options['spec'] : ''),
);
return Format::html($html, $config);
diff --git a/include/class.forms.php b/include/class.forms.php
index 062bcaea5a173b5b0f3cca56a8825bed5d281ef3..a1d7a331d9a2b73889834babfba673ca4e9cc405 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -3803,7 +3803,7 @@ class SectionBreakWidget extends Widget {
function render($options=array()) {
?><div class="form-header section-break"><h3><?php
echo Format::htmlchars($this->field->getLocal('label'));
- ?></h3><em><?php echo Format::htmlchars($this->field->getLocal('hint'));
+ ?></h3><em><?php echo Format::display($this->field->getLocal('hint'));
?></em></div>
<?php
}
diff --git a/include/class.mailfetch.php b/include/class.mailfetch.php
index 7333992a47726d49b4cbd60eb64e682b3cea9287..fec76bc01d961c93bbd7d559e04e7539a0a89228 100644
--- a/include/class.mailfetch.php
+++ b/include/class.mailfetch.php
@@ -136,8 +136,8 @@ class MailFetcher {
// Disable Kerberos and NTLM authentication if it happens to be
// supported locally or remotely
if (version_compare(PHP_VERSION, '5.3.2', '>='))
- $args += array(NULL, 0, array(
- 'DISABLE_AUTHENTICATOR' => array('GSSAPI', 'NTLM')));
+ $args = array_merge($args, array(NULL, 0, array(
+ 'DISABLE_AUTHENTICATOR' => array('GSSAPI', 'NTLM'))));
$this->mbox = @call_user_func_array('imap_open', $args);
diff --git a/include/class.orm.php b/include/class.orm.php
index 7539c144564aba7d5c5922632fe341dc4e9abd9e..74ecc322aa5975416144b7c4e3c1a751c033e650 100644
--- a/include/class.orm.php
+++ b/include/class.orm.php
@@ -1606,15 +1606,22 @@ extends CachedResultSet {
class ModelInstanceManager
implements IteratorAggregate {
- var $queryset;
var $model;
var $map;
+ var $resource;
+ var $annnotations;
+ var $defer;
static $objectCache = array();
function __construct(QuerySet $queryset) {
- $this->queryset = $queryset;
$this->model = $queryset->model;
+ $this->resource = $queryset->getQuery();
+ $cache = !$queryset->hasOption(QuerySet::OPT_NOCACHE);
+ $this->resource->setBuffered($cache);
+ $this->map = $this->resource->getMap();
+ $this->annotations = $queryset->annotations;
+ $this->defer = $queryset->defer;
}
function cache($model) {
@@ -1669,7 +1676,7 @@ implements IteratorAggregate {
return null;
}
}
- $annotations = $this->queryset->annotations;
+ $annotations = $this->annotations;
$extras = array();
// For annotations, drop them from the $fields list and add them to
// an $extras list. The fields passed to the root model should only
@@ -1688,7 +1695,7 @@ implements IteratorAggregate {
// Construct and cache the object
$m = $modelClass::$meta->newInstance($fields);
// XXX: defer may refer to fields not in this model
- $m->__deferred__ = $this->queryset->defer;
+ $m->__deferred__ = $this->defer;
$m->__onload();
if ($cache)
$this->cache($m);
@@ -1758,10 +1765,6 @@ implements IteratorAggregate {
}
function getIterator() {
- $this->resource = $this->queryset->getQuery();
- $this->map = $this->resource->getMap();
- $cache = !$this->queryset->hasOption(QuerySet::OPT_NOCACHE);
- $this->resource->setBuffered($cache);
$func = ($this->map) ? 'getRow' : 'getArray';
$func = array($this->resource, $func);
diff --git a/include/class.upgrader.php b/include/class.upgrader.php
index 87fb63c89be95b0cab01f8beb838a111e1b06841..562dcb27957c948a639942cf654fd1450e899d3c 100644
--- a/include/class.upgrader.php
+++ b/include/class.upgrader.php
@@ -362,6 +362,10 @@ class StreamUpgrader extends SetupWizard {
if(!($max_time = ini_get('max_execution_time')))
$max_time = 300; //Apache/IIS defaults.
+ // Drop any model meta cache to ensure model changes do not cause
+ // crashes
+ ModelMeta::flushModelCache();
+
// Apply up to five patches at a time
foreach (array_slice($patches, 0, 5) as $patch) {
//TODO: check time used vs. max execution - break if need be
diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index 2e93d012db87de7f2fa984e12b6110dcef13be4b..a95bb080af72ab1bb87eef08db131e2f0bc32cd9 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -6,6 +6,7 @@ $signin_url = ROOT_PATH . "login.php"
$signout_url = ROOT_PATH . "logout.php?auth=".$ost->getLinkToken();
header("Content-Type: text/html; charset=UTF-8");
+header("X-Frame-Options: SAMEORIGIN");
if (($lang = Internationalization::getCurrentLanguage())) {
$langs = array_unique(array($lang, $cfg->getPrimaryLanguage()));
$langs = Internationalization::rfc1766($langs);
diff --git a/include/staff/header.inc.php b/include/staff/header.inc.php
index b89c16ab49c93c57bfa790a1d2153cf1a77b2e6b..3f80ac1e0e46ad8704e0c80dd024ed77bca967d2 100644
--- a/include/staff/header.inc.php
+++ b/include/staff/header.inc.php
@@ -1,5 +1,6 @@
<?php
header("Content-Type: text/html; charset=UTF-8");
+header("X-Frame-Options: SAMEORIGIN");
$title = ($ost && ($title=$ost->getPageTitle()))
? $title : ('osTicket :: '.__('Staff Control Panel'));
diff --git a/include/staff/login.header.php b/include/staff/login.header.php
index 4460229c1acb8c2814128e343c9d0e861048abcc..abe9d46f0b53b4894910778ffc3bb897f820317f 100644
--- a/include/staff/login.header.php
+++ b/include/staff/login.header.php
@@ -1,5 +1,6 @@
<?php
defined('OSTSCPINC') or die('Invalid path');
+header("X-Frame-Options: SAMEORIGIN");
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
diff --git a/include/staff/system.inc.php b/include/staff/system.inc.php
index 20198b8f88c040d7592a9d5c512bb25c3fc5029b..a1341fd01a6033254e27785886bb3eb18f3360ea 100644
--- a/include/staff/system.inc.php
+++ b/include/staff/system.inc.php
@@ -154,7 +154,17 @@ if (!$lv) { ?>
echo sprintf('%.2f MiB', $space); ?></td>
<tr><td><?php echo __('Space for Attachments'); ?></td>
<td><?php
- $sql = 'SELECT SUM(LENGTH(filedata)) / 1048576 FROM '.FILE_CHUNK_TABLE;
+ $sql = 'SELECT
+ (DATA_LENGTH + INDEX_LENGTH) / 1024 / 1024
+ FROM
+ information_schema.TABLES
+ WHERE
+ TABLE_SCHEMA = "'.DBNAME.'"
+ AND
+ TABLE_NAME = "'.FILE_CHUNK_TABLE.'"
+ ORDER BY
+ (DATA_LENGTH + INDEX_LENGTH)
+ DESC';
$space = db_result(db_query($sql));
echo sprintf('%.2f MiB', $space); ?></td></tr>
<tr><td><?php echo __('Timezone'); ?></td>
diff --git a/include/staff/templates/task-view.tmpl.php b/include/staff/templates/task-view.tmpl.php
index 0fe384b58e78a58fedf0c631e6334fd213046b29..5b03857f0a83d02b6e3ba4739cfd0778ee7d73d5 100644
--- a/include/staff/templates/task-view.tmpl.php
+++ b/include/staff/templates/task-view.tmpl.php
@@ -154,7 +154,7 @@ if ($task->isOverdue())
echo __('Reopen');?> </a>
</li>
<?php
- } else {
+ } elseif ($canClose) {
?>
<li>
<a class="no-pjax task-action"
@@ -212,7 +212,7 @@ if ($task->isOverdue())
echo __('Reopen');?> </a>
</li>
<?php
- } else {
+ } elseif ($canClose) {
?>
<li>
<a class="no-pjax task-action"
diff --git a/include/staff/templates/users.tmpl.php b/include/staff/templates/users.tmpl.php
index 7d56f26ef739863fd02ec9ccfdfdd89c82b3d9ef..112d25bf75173963c20edf8f300f79416d2ee26f 100644
--- a/include/staff/templates/users.tmpl.php
+++ b/include/staff/templates/users.tmpl.php
@@ -1,16 +1,18 @@
<?php
$qs = array();
-$select = 'SELECT user.*, email.address as email ';
+$select = 'SELECT user.*, email.address as email, account.status as status, account.id as account_id ';
$from = 'FROM '.USER_TABLE.' user '
- . 'LEFT JOIN '.USER_EMAIL_TABLE.' email ON (user.id = email.user_id) ';
+ . 'LEFT JOIN '.USER_EMAIL_TABLE.' email ON (user.id = email.user_id) '
+ . 'LEFT JOIN '.USER_ACCOUNT_TABLE.' account ON (user.id = account.user_id) ';
$where = ' WHERE user.org_id='.db_input($org->getId());
$sortOptions = array('name' => 'user.name',
'email' => 'email.address',
'create' => 'user.created',
- 'update' => 'user.updated');
+ 'update' => 'user.updated',
+ 'status' => 'account.status');
$orderWays = array('DESC'=>'DESC','ASC'=>'ASC');
$sort= ($_REQUEST['sort'] && $sortOptions[strtolower($_REQUEST['sort'])]) ? strtolower($_REQUEST['sort']) : 'name';
//Sorting options...
@@ -80,9 +82,9 @@ if ($num) { ?>
<thead>
<tr>
<th width="4%"> </th>
- <th width="38%"><?php echo __('Name'); ?></th>
- <th width="35%"><?php echo __('Email'); ?></th>
- <th width="8%"><?php echo __('Status'); ?></th>
+ <th width="30%"><?php echo __('Name'); ?></th>
+ <th width="33%"><?php echo __('Email'); ?></th>
+ <th width="18%"><?php echo __('Status'); ?></th>
<th width="15%"><?php echo __('Created'); ?></th>
</tr>
</thead>
@@ -93,7 +95,10 @@ if ($num) { ?>
while ($row = db_fetch_array($res)) {
$name = new UsersName($row['name']);
- $status = 'Active';
+ if (!$row['account_id'])
+ $status = __('Guest');
+ else
+ $status = new UserAccountStatus($row['status']);
$sel=false;
if($ids && in_array($row['id'], $ids))
$sel=true;
diff --git a/setup/inc/header.inc.php b/setup/inc/header.inc.php
index 4d59e4076b9f5ed93d2428b02f683048d607e58e..57ceade2e12bad159d811881d8f8eea2022c22f7 100644
--- a/setup/inc/header.inc.php
+++ b/setup/inc/header.inc.php
@@ -1,3 +1,4 @@
+<?php header("X-Frame-Options: SAMEORIGIN"); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html <?php