Merge pull request #178 from greezybacon/issue/soif-fixes

Rebased soif/feature/fixes

Reviewed By: Peter Rotich 07/30/12

.gitignore

@@ -2,3 +2,4 @@
 php53.cgi
 include/ost-config.php
 *.sw[a-z]
+.DS_Store

include/api.ticket.php

@@ -10,7 +10,7 @@ class TicketController extends ApiController {
     # so that all supported input formats should be supported
     function getRequestStructure($format) {
         $supported = array(
-            "alert", "autorespond", "source",
+            "alert", "autorespond", "source", "topicId",
             "name", "email", "subject", "phone", "phone_ext",
             "attachments" => array("*" => 
                 array("name", "type", "data", "encoding")
@@ -33,8 +33,10 @@ class TicketController extends ApiController {
         $autorespond = $data['autorespond'] ? $data['autorespond'] : true;
         $source = $data['source'] ? $data['source'] : 'API';
 
-        # TODO: Handle attachment encoding (base64)
-        foreach ($data["attachments"] as $filename=>&$info) {
+        $attachments = $data['attachments'] ? $data['attachments'] : array();
+
+		# TODO: Handle attachment encoding (base64)
+        foreach ($attachments as $filename=>&$info) {
             if ($info["encoding"] == "base64") {
                 # XXX: May fail on large inputs. See
                 #      http://us.php.net/manual/en/function.base64-decode.php#105512
@@ -60,7 +62,7 @@ class TicketController extends ApiController {
         }
 
         # Save attachment(s)
-        foreach ($data["attachments"] as &$info)
+        foreach ($attachments as &$info)
             $ticket->saveAttachment($info, $ticket->getLastMsgId(), "M");
 
         # All done. Return HTTP/201 --> Created

include/class.ticket.php

@@ -955,7 +955,7 @@ class Ticket{
         $this->reload();
 
 
-        if(!$dept && !($tpl = $dept->getTemplate()))
+        if(!$dept || !($tpl = $dept->getTemplate()))
             $tpl= $cfg->getDefaultTemplate();
        
         //If enabled...send confirmation to user. ( New Message AutoResponse)
@@ -996,7 +996,7 @@ class Ticket{
         $dept = $this->getDept();
 
         //Get template.
-        if(!$dept && !($tpl = $dept->getTemplate()))
+        if(!$dept || !($tpl = $dept->getTemplate()))
             $tpl= $cfg->getDefaultTemplate();
 
         //Email to use!
@@ -1292,7 +1292,7 @@ class Ticket{
     }
 
     //Insert message from client
-    function postMessage($msg,$source='',$emsgid=null,$headers='',$newticket=false){
+    function postMessage($message,$source='',$emsgid=null,$headers='',$newticket=false){
         global $cfg;
        
         if(!$this->getId()) return 0;
@@ -1303,7 +1303,7 @@ class Ticket{
             .' ,thread_type="M" '
             .' ,ticket_id='.db_input($this->getId())
             # XXX: Put Subject header into the 'title' field
-            .' ,body='.db_input(Format::striptags($msg)) //Tags/code stripped...meaning client can not send in code..etc
+            .' ,body='.db_input(Format::striptags($message)) //Tags/code stripped...meaning client can not send in code..etc
             .' ,source='.db_input($source?$source:$_SERVER['REMOTE_ADDR'])
             .' ,ip_address='.db_input($_SERVER['REMOTE_ADDR']);
     
@@ -1336,13 +1336,12 @@ class Ticket{
         if(!($email=$cfg->getAlertEmail()))
             $email =$cfg->getDefaultEmail();
 
-
         //If enabled...send alert to staff (New Message Alert)
         if($cfg->alertONNewMessage() && $tpl && $email && ($msg=$tpl->getNewMessageAlertMsgTemplate())) {
 
             $body=$this->replaceTemplateVars($msg['body']);
             $subj=$this->replaceTemplateVars($msg['subj']);
-            $body = str_replace("%message", $msg,$body);
+            $body = str_replace("%message", $message,$body);
 
             //Build list of recipients and fire the alerts.
             $recipients=array();
@@ -1494,14 +1493,16 @@ class Ticket{
     //Insert Internal Notes 
     function postNote($title,$note,$alert=true,$poster='') {        
         global $thisstaff,$cfg;
-
+		
+        $poster=($poster || !$thisstaff)?$poster:$thisstaff->getName();
+		
         $sql= 'INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '.
                 ',thread_type="N"'.
                 ',ticket_id='.db_input($this->getId()).
                 ',title='.db_input(Format::striptags($title)).
                 ',body='.db_input(Format::striptags($note)).
                 ',staff_id='.db_input($thisstaff?$thisstaff->getId():0).
-                ',poster='.db_input(($poster || !$thisstaff)?$poster:$thisstaff->getName());
+                ',poster='.db_input($poster);
         //echo $sql;
         if(!db_query($sql) || !($id=db_insert_id()))
             return false;
@@ -1522,6 +1523,8 @@ class Ticket{
             $body=$this->replaceTemplateVars($msg['body']);
             $subj=$this->replaceTemplateVars($msg['subj']);
             $body = str_replace('%note',"$title\n\n$note",$body);
+            # TODO: Support a variable replacement of the staff writing the
+            #       note
 
             // Alert recipients    
             $recipients=array();

include/staff/faq-view.inc.php

@@ -40,6 +40,7 @@ if($thisstaff->canManageFAQ()) {
     ?>
    <div>
     <form action="faq.php?id=<?php echo  $faq->getId(); ?>" method="post">
+	 <?php csrf_token(); ?>
         <input type="hidden" name="id" value="<?php echo  $faq->getId(); ?>">
         <input type="hidden" name="do" value="manage-faq">
         <div>

include/staff/tpl.inc.php

@@ -26,6 +26,7 @@ $info=array_merge($template->getMsgTemplate($info['tpl']),$info);
     </form>
 </div>
 <form action="templates.php?id=<?php echo $template->getId(); ?>" method="post" id="save">
+<?php csrf_token(); ?>
 <input type="hidden" name="id" value="<?php echo $template->getId(); ?>">
 <input type="hidden" name="tpl" value="<?php echo $info['tpl']; ?>">
 <input type="hidden" name="a" value="manage">