diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index 0adc1abcb6bd3347ad7ba425e7de588e1a1fd908..248ee66d2210156f25ce120e18e603af91484c3e 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -106,10 +106,12 @@ class TicketsAjaxAPI extends AjaxController {
$select = 'SELECT ticket.ticket_id';
$from = ' FROM '.TICKET_TABLE.' ticket ';
//Access control.
- $where = ' WHERE ( ticket.staff_id='.db_input($thisstaff->getId());
+ $where = ' WHERE ( (ticket.staff_id='.db_input($thisstaff->getId())
+ .' AND ticket.status="open" )';
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
- $where.=' OR ticket.team_id IN('.implode(',', db_input(array_filter($teams))).')';
+ $where.=' OR (ticket.team_id IN ('.implode(',', db_input(array_filter($teams)))
+ .' ) AND ticket.status="open")';
if(!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
$where.=' OR ticket.dept_id IN ('.implode(',', db_input($depts)).')';
diff --git a/include/class.format.php b/include/class.format.php
index 2a9934a6dd1342ca5e9dc80212bec2e0788c5397..e203415806b62f4555e3873c306bf7ae060fe33f 100644
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -205,8 +205,9 @@ class Format {
array(':<(head|style|script).+</\1>:is', # <head> and <style> sections
':<!\[[^]<]+\]>:', # <![if !mso]> and friends
':<!DOCTYPE[^>]+>:', # <!DOCTYPE ... >
+ ':<\?[^>]+>:', # <?xml version="1.0" ... >
),
- array('', '', ''),
+ array('', '', '', ''),
$html);
$config = array(
'safe' => 1, //Exclude applet, embed, iframe, object and script tags.
diff --git a/include/class.ticket.php b/include/class.ticket.php
index 7ef551a15b682372c829b0bc10e0c549dcc60bf1..da270ab81c73540c7f01ec1b72ec32674562e96b 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -2019,11 +2019,12 @@ class Ticket {
if(!$staff || (!is_object($staff) && !($staff=Staff::lookup($staff))) || !$staff->isStaff())
return null;
- $where = array('ticket.staff_id='.db_input($staff->getId()));
+ $where = array('(ticket.staff_id='.db_input($staff->getId()) .' AND ticket.status="open")');
$where2 = '';
if(($teams=$staff->getTeams()))
- $where[] = 'ticket.team_id IN('.implode(',', db_input(array_filter($teams))).')';
+ $where[] = ' ( ticket.team_id IN('.implode(',', db_input(array_filter($teams)))
+ .') AND ticket.status="open")';
if(!$staff->showAssignedOnly() && ($depts=$staff->getDepts())) //Staff with limited access just see Assigned tickets.
$where[] = 'ticket.dept_id IN('.implode(',', db_input($depts)).') ';
diff --git a/include/class.user.php b/include/class.user.php
index e74e922a56e65ebf82bccbcdc2d7393688fc3e7f..0a945f68b57c1b37ed93c59fa40fbd7b5ba45969 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -84,8 +84,9 @@ class User extends UserModel {
'name'=>$vars['name'],
'created'=>new SqlFunction('NOW'),
'updated'=>new SqlFunction('NOW'),
- 'default_email'=>
- UserEmail::create(array('address'=>$vars['email']))
+ //XXX: Do plain create once the cause
+ // of the detached emails is fixed.
+ 'default_email' => UserEmail::ensure($vars['email'])
));
$user->save(true);
$user->emails->add($user->default_email);
diff --git a/include/mysqli.php b/include/mysqli.php
index d8ce115ccfc454369f8a8a89094dd5ce124c1016..86b5a3b7fe0c6a789dfa515afae6f52ce793a76d 100644
--- a/include/mysqli.php
+++ b/include/mysqli.php
@@ -239,7 +239,7 @@ function db_input($var, $quote=true) {
if(is_array($var))
return array_map('db_input', $var, array_fill(0, count($var), $quote));
- elseif($var && preg_match("/^\d+(\.\d+)?$/", $var))
+ elseif($var && preg_match("/^(?:\d+\.\d+|[1-9]\d*)$/S", $var))
return $var;
return db_real_escape($var, $quote);
diff --git a/include/staff/department.inc.php b/include/staff/department.inc.php
index 1031b3d97050223abc5b7f07e75b24c834d8c96b..c452cab26d3074540e292dda715b3b206fd53cda 100644
--- a/include/staff/department.inc.php
+++ b/include/staff/department.inc.php
@@ -119,8 +119,6 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<span class="error">* <?php echo $errors['sla_id']; ?></span>
</td>
</tr>
- <?php
- if($dept && $dept->getNumUsers()){ ?>
<tr>
<td width="180" class="required">
Manager:
@@ -128,12 +126,11 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<td>
<select name="manager_id">
<option value="0">— None —</option>
- <option value="0" disabled="disabled">Select Department Manager (Optional)</option>
<?php
$sql='SELECT staff_id,CONCAT_WS(", ",lastname, firstname) as name '
.' FROM '.STAFF_TABLE.' staff '
.' ORDER by name';
- if(($res=db_query($sql)) && db_num_rows($res)){
+ if(($res=db_query($sql)) && db_num_rows($res)) {
while(list($id,$name)=db_fetch_row($res)){
$selected=($info['manager_id'] && $id==$info['manager_id'])?'selected="selected"':'';
echo sprintf('<option value="%d" %s>%s</option>',$id,$selected,$name);
@@ -144,9 +141,6 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<span class="error"> <?php echo $errors['manager_id']; ?></span>
</td>
</tr>
- <?php
- } ?>
-
<tr>
<td width="180">
Group Membership:
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index c8fca5ee60c1af3861e7d5e37d6fbf53013cc52a..18642111a1d015cae7d26301612acd8298087a01 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -61,13 +61,15 @@ $qwhere ='';
$depts=$thisstaff->getDepts();
$qwhere =' WHERE ( '
- .' ticket.staff_id='.db_input($thisstaff->getId());
+ .' ( ticket.staff_id='.db_input($thisstaff->getId())
+ .' AND ticket.status="open")';
if(!$thisstaff->showAssignedOnly())
$qwhere.=' OR ticket.dept_id IN ('.($depts?implode(',', db_input($depts)):0).')';
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
- $qwhere.=' OR ticket.team_id IN('.implode(',', db_input(array_filter($teams))).') ';
+ $qwhere.=' OR (ticket.team_id IN ('.implode(',', db_input(array_filter($teams)))
+ .') AND ticket.status="open")';
$qwhere .= ' )';
@@ -144,8 +146,8 @@ if ($_REQUEST['advsid'] && isset($_SESSION['adv_'.$_REQUEST['advsid']])) {
db_input($_SESSION['adv_'.$_REQUEST['advsid']])).')';
}
-$sortOptions=array('date'=>'effective_date','ID'=>'`number`',
- 'pri'=>'priority_urgency','name'=>'user.name','subj'=>'subject',
+$sortOptions=array('date'=>'effective_date','ID'=>'ticket.`number`',
+ 'pri'=>'pri.priority_urgency','name'=>'user.name','subj'=>'cdata.subject',
'status'=>'ticket.status','assignee'=>'assigned','staff'=>'staff',
'dept'=>'dept_name');
@@ -180,16 +182,16 @@ if(!$order_by ) {
elseif(!strcasecmp($status,'closed'))
$order_by='ticket.closed, ticket.created'; //No priority sorting for closed tickets.
elseif($showoverdue) //priority> duedate > age in ASC order.
- $order_by='priority_urgency ASC, ISNULL(duedate) ASC, duedate ASC, effective_date ASC, ticket.created';
+ $order_by='pri.priority_urgency ASC, ISNULL(ticket.duedate) ASC, ticket.duedate ASC, effective_date ASC, ticket.created';
else //XXX: Add due date here?? No -
- $order_by='priority_urgency ASC, effective_date DESC, ticket.created';
+ $order_by='pri.priority_urgency ASC, effective_date DESC, ticket.created';
}
$order=$order?$order:'DESC';
if($order_by && strpos($order_by,',') && $order)
$order_by=preg_replace('/(?<!ASC|DESC),/', " $order,", $order_by);
-$sort=$_REQUEST['sort']?strtolower($_REQUEST['sort']):'priority_urgency'; //Urgency is not on display table.
+$sort=$_REQUEST['sort']?strtolower($_REQUEST['sort']):'pri.priority_urgency'; //Urgency is not on display table.
$x=$sort.'_sort';
$$x=' class="'.strtolower($order).'" ';
diff --git a/js/osticket.js b/js/osticket.js
index 69839eb3b9dc4c6db51f01855673b5a45416ff07..f7d956e51202ebfec06a7d65ed0e1907c8e29415 100644
--- a/js/osticket.js
+++ b/js/osticket.js
@@ -136,7 +136,8 @@ showImagesInline = function(urls, thread_id) {
e = $(el);
if (info) {
// Add a hover effect with the filename
- var timeout, caption = $('<div class="image-hover">');
+ var timeout, caption = $('<div class="image-hover">')
+ .css({'float':e.css('float')});
e.wrap(caption).parent()
.hover(
function() {
diff --git a/scp/js/scp.js b/scp/js/scp.js
index 6e2ae6ea829afbe03f15d9722a5264a5213b7074..2ab155cdf4784a4a8e1e6f975a0c529e1483e423 100644
--- a/scp/js/scp.js
+++ b/scp/js/scp.js
@@ -196,7 +196,7 @@ $(document).ready(function(){
if (redactor)
redactor.insertHtml(canned.response);
else
- box.val(canned.response);
+ box.val(box.val() + canned.response);
}
else {
if (redactor)
diff --git a/scp/js/ticket.js b/scp/js/ticket.js
index 29030153a49023d91af1c448fde6a048a6ca7f91..a936191bec0d6f2e2dd9917f959952caf1d89187 100644
--- a/scp/js/ticket.js
+++ b/scp/js/ticket.js
@@ -438,7 +438,8 @@ showImagesInline = function(urls, thread_id) {
e = $(el);
if (info) {
// Add a hover effect with the filename
- var timeout, caption = $('<div class="image-hover">');
+ var timeout, caption = $('<div class="image-hover">')
+ .css({'float',e.css('float')});
e.wrap(caption).parent()
.hover(
function() {