Skip to content
Snippets Groups Projects
Commit 54ab3ed9 authored by Peter Rotich's avatar Peter Rotich
Browse files

Merge pull request #178 from greezybacon/issue/soif-fixes

Rebased soif/feature/fixes

Reviewed By: Peter Rotich 07/30/12
parents 94ec0f65 a2c52bd2
Branches
Tags
No related merge requests found
...@@ -2,3 +2,4 @@ ...@@ -2,3 +2,4 @@
php53.cgi php53.cgi
include/ost-config.php include/ost-config.php
*.sw[a-z] *.sw[a-z]
.DS_Store
...@@ -10,7 +10,7 @@ class TicketController extends ApiController { ...@@ -10,7 +10,7 @@ class TicketController extends ApiController {
# so that all supported input formats should be supported # so that all supported input formats should be supported
function getRequestStructure($format) { function getRequestStructure($format) {
$supported = array( $supported = array(
"alert", "autorespond", "source", "alert", "autorespond", "source", "topicId",
"name", "email", "subject", "phone", "phone_ext", "name", "email", "subject", "phone", "phone_ext",
"attachments" => array("*" => "attachments" => array("*" =>
array("name", "type", "data", "encoding") array("name", "type", "data", "encoding")
...@@ -33,8 +33,10 @@ class TicketController extends ApiController { ...@@ -33,8 +33,10 @@ class TicketController extends ApiController {
$autorespond = $data['autorespond'] ? $data['autorespond'] : true; $autorespond = $data['autorespond'] ? $data['autorespond'] : true;
$source = $data['source'] ? $data['source'] : 'API'; $source = $data['source'] ? $data['source'] : 'API';
# TODO: Handle attachment encoding (base64) $attachments = $data['attachments'] ? $data['attachments'] : array();
foreach ($data["attachments"] as $filename=>&$info) {
# TODO: Handle attachment encoding (base64)
foreach ($attachments as $filename=>&$info) {
if ($info["encoding"] == "base64") { if ($info["encoding"] == "base64") {
# XXX: May fail on large inputs. See # XXX: May fail on large inputs. See
# http://us.php.net/manual/en/function.base64-decode.php#105512 # http://us.php.net/manual/en/function.base64-decode.php#105512
...@@ -60,7 +62,7 @@ class TicketController extends ApiController { ...@@ -60,7 +62,7 @@ class TicketController extends ApiController {
} }
# Save attachment(s) # Save attachment(s)
foreach ($data["attachments"] as &$info) foreach ($attachments as &$info)
$ticket->saveAttachment($info, $ticket->getLastMsgId(), "M"); $ticket->saveAttachment($info, $ticket->getLastMsgId(), "M");
# All done. Return HTTP/201 --> Created # All done. Return HTTP/201 --> Created
......
...@@ -955,7 +955,7 @@ class Ticket{ ...@@ -955,7 +955,7 @@ class Ticket{
$this->reload(); $this->reload();
if(!$dept && !($tpl = $dept->getTemplate())) if(!$dept || !($tpl = $dept->getTemplate()))
$tpl= $cfg->getDefaultTemplate(); $tpl= $cfg->getDefaultTemplate();
//If enabled...send confirmation to user. ( New Message AutoResponse) //If enabled...send confirmation to user. ( New Message AutoResponse)
...@@ -996,7 +996,7 @@ class Ticket{ ...@@ -996,7 +996,7 @@ class Ticket{
$dept = $this->getDept(); $dept = $this->getDept();
//Get template. //Get template.
if(!$dept && !($tpl = $dept->getTemplate())) if(!$dept || !($tpl = $dept->getTemplate()))
$tpl= $cfg->getDefaultTemplate(); $tpl= $cfg->getDefaultTemplate();
//Email to use! //Email to use!
...@@ -1292,7 +1292,7 @@ class Ticket{ ...@@ -1292,7 +1292,7 @@ class Ticket{
} }
//Insert message from client //Insert message from client
function postMessage($msg,$source='',$emsgid=null,$headers='',$newticket=false){ function postMessage($message,$source='',$emsgid=null,$headers='',$newticket=false){
global $cfg; global $cfg;
if(!$this->getId()) return 0; if(!$this->getId()) return 0;
...@@ -1303,7 +1303,7 @@ class Ticket{ ...@@ -1303,7 +1303,7 @@ class Ticket{
.' ,thread_type="M" ' .' ,thread_type="M" '
.' ,ticket_id='.db_input($this->getId()) .' ,ticket_id='.db_input($this->getId())
# XXX: Put Subject header into the 'title' field # XXX: Put Subject header into the 'title' field
.' ,body='.db_input(Format::striptags($msg)) //Tags/code stripped...meaning client can not send in code..etc .' ,body='.db_input(Format::striptags($message)) //Tags/code stripped...meaning client can not send in code..etc
.' ,source='.db_input($source?$source:$_SERVER['REMOTE_ADDR']) .' ,source='.db_input($source?$source:$_SERVER['REMOTE_ADDR'])
.' ,ip_address='.db_input($_SERVER['REMOTE_ADDR']); .' ,ip_address='.db_input($_SERVER['REMOTE_ADDR']);
...@@ -1336,13 +1336,12 @@ class Ticket{ ...@@ -1336,13 +1336,12 @@ class Ticket{
if(!($email=$cfg->getAlertEmail())) if(!($email=$cfg->getAlertEmail()))
$email =$cfg->getDefaultEmail(); $email =$cfg->getDefaultEmail();
//If enabled...send alert to staff (New Message Alert) //If enabled...send alert to staff (New Message Alert)
if($cfg->alertONNewMessage() && $tpl && $email && ($msg=$tpl->getNewMessageAlertMsgTemplate())) { if($cfg->alertONNewMessage() && $tpl && $email && ($msg=$tpl->getNewMessageAlertMsgTemplate())) {
$body=$this->replaceTemplateVars($msg['body']); $body=$this->replaceTemplateVars($msg['body']);
$subj=$this->replaceTemplateVars($msg['subj']); $subj=$this->replaceTemplateVars($msg['subj']);
$body = str_replace("%message", $msg,$body); $body = str_replace("%message", $message,$body);
//Build list of recipients and fire the alerts. //Build list of recipients and fire the alerts.
$recipients=array(); $recipients=array();
...@@ -1494,14 +1493,16 @@ class Ticket{ ...@@ -1494,14 +1493,16 @@ class Ticket{
//Insert Internal Notes //Insert Internal Notes
function postNote($title,$note,$alert=true,$poster='') { function postNote($title,$note,$alert=true,$poster='') {
global $thisstaff,$cfg; global $thisstaff,$cfg;
$poster=($poster || !$thisstaff)?$poster:$thisstaff->getName();
$sql= 'INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '. $sql= 'INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '.
',thread_type="N"'. ',thread_type="N"'.
',ticket_id='.db_input($this->getId()). ',ticket_id='.db_input($this->getId()).
',title='.db_input(Format::striptags($title)). ',title='.db_input(Format::striptags($title)).
',body='.db_input(Format::striptags($note)). ',body='.db_input(Format::striptags($note)).
',staff_id='.db_input($thisstaff?$thisstaff->getId():0). ',staff_id='.db_input($thisstaff?$thisstaff->getId():0).
',poster='.db_input(($poster || !$thisstaff)?$poster:$thisstaff->getName()); ',poster='.db_input($poster);
//echo $sql; //echo $sql;
if(!db_query($sql) || !($id=db_insert_id())) if(!db_query($sql) || !($id=db_insert_id()))
return false; return false;
...@@ -1522,6 +1523,8 @@ class Ticket{ ...@@ -1522,6 +1523,8 @@ class Ticket{
$body=$this->replaceTemplateVars($msg['body']); $body=$this->replaceTemplateVars($msg['body']);
$subj=$this->replaceTemplateVars($msg['subj']); $subj=$this->replaceTemplateVars($msg['subj']);
$body = str_replace('%note',"$title\n\n$note",$body); $body = str_replace('%note',"$title\n\n$note",$body);
# TODO: Support a variable replacement of the staff writing the
# note
// Alert recipients // Alert recipients
$recipients=array(); $recipients=array();
......
...@@ -40,6 +40,7 @@ if($thisstaff->canManageFAQ()) { ...@@ -40,6 +40,7 @@ if($thisstaff->canManageFAQ()) {
?> ?>
<div> <div>
<form action="faq.php?id=<?php echo $faq->getId(); ?>" method="post"> <form action="faq.php?id=<?php echo $faq->getId(); ?>" method="post">
<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $faq->getId(); ?>"> <input type="hidden" name="id" value="<?php echo $faq->getId(); ?>">
<input type="hidden" name="do" value="manage-faq"> <input type="hidden" name="do" value="manage-faq">
<div> <div>
......
...@@ -26,6 +26,7 @@ $info=array_merge($template->getMsgTemplate($info['tpl']),$info); ...@@ -26,6 +26,7 @@ $info=array_merge($template->getMsgTemplate($info['tpl']),$info);
</form> </form>
</div> </div>
<form action="templates.php?id=<?php echo $template->getId(); ?>" method="post" id="save"> <form action="templates.php?id=<?php echo $template->getId(); ?>" method="post" id="save">
<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $template->getId(); ?>"> <input type="hidden" name="id" value="<?php echo $template->getId(); ?>">
<input type="hidden" name="tpl" value="<?php echo $info['tpl']; ?>"> <input type="hidden" name="tpl" value="<?php echo $info['tpl']; ?>">
<input type="hidden" name="a" value="manage"> <input type="hidden" name="a" value="manage">
......
File deleted
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment