diff --git a/.gitignore b/.gitignore
index 3303e4bdcbe10c755ed21dae59e9201c243983e0..2c0568a588f2c2759a62bc94151c0597f8c09abe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
php53.cgi
include/ost-config.php
*.sw[a-z]
+.DS_Store
diff --git a/include/api.ticket.php b/include/api.ticket.php
index d767e2128ba2ee4f60abcc44f2fc10b2f4af1a23..4fcae4b183925dfe32bb91c95275a986fc492ea6 100644
--- a/include/api.ticket.php
+++ b/include/api.ticket.php
@@ -10,7 +10,7 @@ class TicketController extends ApiController {
# so that all supported input formats should be supported
function getRequestStructure($format) {
$supported = array(
- "alert", "autorespond", "source",
+ "alert", "autorespond", "source", "topicId",
"name", "email", "subject", "phone", "phone_ext",
"attachments" => array("*" =>
array("name", "type", "data", "encoding")
@@ -33,8 +33,10 @@ class TicketController extends ApiController {
$autorespond = $data['autorespond'] ? $data['autorespond'] : true;
$source = $data['source'] ? $data['source'] : 'API';
- # TODO: Handle attachment encoding (base64)
- foreach ($data["attachments"] as $filename=>&$info) {
+ $attachments = $data['attachments'] ? $data['attachments'] : array();
+
+ # TODO: Handle attachment encoding (base64)
+ foreach ($attachments as $filename=>&$info) {
if ($info["encoding"] == "base64") {
# XXX: May fail on large inputs. See
# http://us.php.net/manual/en/function.base64-decode.php#105512
@@ -60,7 +62,7 @@ class TicketController extends ApiController {
}
# Save attachment(s)
- foreach ($data["attachments"] as &$info)
+ foreach ($attachments as &$info)
$ticket->saveAttachment($info, $ticket->getLastMsgId(), "M");
# All done. Return HTTP/201 --> Created
diff --git a/include/class.ticket.php b/include/class.ticket.php
index 071dda44f77a7ab4624c7408fa59ac85b737fb40..104ff20b4517ef22d785b3f4f40ede84195134e9 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -955,7 +955,7 @@ class Ticket{
$this->reload();
- if(!$dept && !($tpl = $dept->getTemplate()))
+ if(!$dept || !($tpl = $dept->getTemplate()))
$tpl= $cfg->getDefaultTemplate();
//If enabled...send confirmation to user. ( New Message AutoResponse)
@@ -996,7 +996,7 @@ class Ticket{
$dept = $this->getDept();
//Get template.
- if(!$dept && !($tpl = $dept->getTemplate()))
+ if(!$dept || !($tpl = $dept->getTemplate()))
$tpl= $cfg->getDefaultTemplate();
//Email to use!
@@ -1292,7 +1292,7 @@ class Ticket{
}
//Insert message from client
- function postMessage($msg,$source='',$emsgid=null,$headers='',$newticket=false){
+ function postMessage($message,$source='',$emsgid=null,$headers='',$newticket=false){
global $cfg;
if(!$this->getId()) return 0;
@@ -1303,7 +1303,7 @@ class Ticket{
.' ,thread_type="M" '
.' ,ticket_id='.db_input($this->getId())
# XXX: Put Subject header into the 'title' field
- .' ,body='.db_input(Format::striptags($msg)) //Tags/code stripped...meaning client can not send in code..etc
+ .' ,body='.db_input(Format::striptags($message)) //Tags/code stripped...meaning client can not send in code..etc
.' ,source='.db_input($source?$source:$_SERVER['REMOTE_ADDR'])
.' ,ip_address='.db_input($_SERVER['REMOTE_ADDR']);
@@ -1336,13 +1336,12 @@ class Ticket{
if(!($email=$cfg->getAlertEmail()))
$email =$cfg->getDefaultEmail();
-
//If enabled...send alert to staff (New Message Alert)
if($cfg->alertONNewMessage() && $tpl && $email && ($msg=$tpl->getNewMessageAlertMsgTemplate())) {
$body=$this->replaceTemplateVars($msg['body']);
$subj=$this->replaceTemplateVars($msg['subj']);
- $body = str_replace("%message", $msg,$body);
+ $body = str_replace("%message", $message,$body);
//Build list of recipients and fire the alerts.
$recipients=array();
@@ -1494,14 +1493,16 @@ class Ticket{
//Insert Internal Notes
function postNote($title,$note,$alert=true,$poster='') {
global $thisstaff,$cfg;
-
+
+ $poster=($poster || !$thisstaff)?$poster:$thisstaff->getName();
+
$sql= 'INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '.
',thread_type="N"'.
',ticket_id='.db_input($this->getId()).
',title='.db_input(Format::striptags($title)).
',body='.db_input(Format::striptags($note)).
',staff_id='.db_input($thisstaff?$thisstaff->getId():0).
- ',poster='.db_input(($poster || !$thisstaff)?$poster:$thisstaff->getName());
+ ',poster='.db_input($poster);
//echo $sql;
if(!db_query($sql) || !($id=db_insert_id()))
return false;
@@ -1522,6 +1523,8 @@ class Ticket{
$body=$this->replaceTemplateVars($msg['body']);
$subj=$this->replaceTemplateVars($msg['subj']);
$body = str_replace('%note',"$title\n\n$note",$body);
+ # TODO: Support a variable replacement of the staff writing the
+ # note
// Alert recipients
$recipients=array();
diff --git a/include/staff/faq-view.inc.php b/include/staff/faq-view.inc.php
index cdbb266d106940fa267dd03743428832ed6656f6..ee7d743e4044d93ea18971e055b842985f6f656b 100644
--- a/include/staff/faq-view.inc.php
+++ b/include/staff/faq-view.inc.php
@@ -40,6 +40,7 @@ if($thisstaff->canManageFAQ()) {
?>
<div>
<form action="faq.php?id=<?php echo $faq->getId(); ?>" method="post">
+ <?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $faq->getId(); ?>">
<input type="hidden" name="do" value="manage-faq">
<div>
diff --git a/include/staff/tpl.inc.php b/include/staff/tpl.inc.php
index 43412bcad7b0ac01aeb3ff80edc6f857232f6313..c973ab9ff9c1d083e6a6a13643e8d49ea14ff16b 100644
--- a/include/staff/tpl.inc.php
+++ b/include/staff/tpl.inc.php
@@ -26,6 +26,7 @@ $info=array_merge($template->getMsgTemplate($info['tpl']),$info);
</form>
</div>
<form action="templates.php?id=<?php echo $template->getId(); ?>" method="post" id="save">
+<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $template->getId(); ?>">
<input type="hidden" name="tpl" value="<?php echo $info['tpl']; ?>">
<input type="hidden" name="a" value="manage">
diff --git a/setup/images/.DS_Store b/setup/images/.DS_Store
deleted file mode 100644
index 0781e8368c16159126b95903f523919883384c09..0000000000000000000000000000000000000000
Binary files a/setup/images/.DS_Store and /dev/null differ