From 844bd7cc74ef68fd263435bf32623b79e8b7fe15 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Mon, 26 Oct 2015 06:48:25 +0000
Subject: [PATCH] White-list canned attachments

Add canned attachments to allowed files list when a canned response is used.
---
 include/class.canned.php | 4 ++++
 include/class.forms.php  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/include/class.canned.php b/include/class.canned.php
index a272011a5..4ef801205 100644
--- a/include/class.canned.php
+++ b/include/class.canned.php
@@ -145,6 +145,10 @@ extends VerySimpleModel {
                 if (!$html) {
                     $resp['response'] = Format::html2text($resp['response'], 90);
                 }
+
+                foreach ($resp['files'] as $f)
+                    $_SESSION[':cannedFiles'][$f['file_id']] = 1;
+
                 return Format::json_encode($resp);
                 break;
             case 'html':
diff --git a/include/class.forms.php b/include/class.forms.php
index 77bc3e578..d64220956 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -3717,6 +3717,10 @@ class FileUploadWidget extends Widget {
         if (isset($_SESSION[':uploadedFiles']))
             $allowed += $_SESSION[':uploadedFiles'];
 
+        // Canned attachments initiated by this session
+        if (isset($_SESSION[':cannedFiles']))
+           $allowed += $_SESSION[':cannedFiles'];
+
         // Parse the files and make sure it's allowed.
         foreach ($files as $info) {
             @list($id, $name) = explode(',', $info, 2);
-- 
GitLab