diff --git a/include/class.company.php b/include/class.company.php
index c9aa22f04af3889ea22b564f06ffdf2dff936a71..049ecbb215a0abcbe1d6d25b0d5842c26fd97850 100644
--- a/include/class.company.php
+++ b/include/class.company.php
@@ -48,7 +48,7 @@ class Company {
}
function getInfo() {
- return $this->getForm()->getClean();
+ return $this->getForm()->getSaved();
}
function getName() {
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index d3424f3e41c6b986bc46a553e444a2882f390dae..da13ad45e71e2a50bddb34a0a1785e775ee54042 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -43,7 +43,7 @@ class DynamicForm extends VerySimpleModel {
var $_form;
var $_fields;
var $_has_data = false;
- var $_dfields = array();
+ var $_dfields;
function getFields($cache=true) {
if (!isset($this->_fields) || !$cache) {
@@ -657,6 +657,16 @@ class DynamicFormEntry extends VerySimpleModel {
return $vars;
}
+ function getSaved() {
+ $info = array();
+ foreach ($this->getAnswers() as $a) {
+ $field = $a->getField();
+ $info[$field->get('id')]
+ = $info[$field->get('name')] = $a->getValue();
+ }
+ return $info;
+ }
+
function forTicket($ticket_id, $force=false) {
static $entries = array();
if (!isset($entries[$ticket_id]) || $force)
diff --git a/include/class.forms.php b/include/class.forms.php
index d1f394868d5364615f6125d8d5e9bf7dabd2941a..e86a07dd09b3a7219c8cc10bf4e5906d559075cb 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -1047,12 +1047,13 @@ class PhoneNumberWidget extends Widget {
list($phone, $ext) = explode("X", $this->value);
?>
<input type="text" name="<?php echo $this->name; ?>" value="<?php
- echo $phone; ?>"/><?php
+ echo Format::htmlchars($phone); ?>"/><?php
// Allow display of extension field even if disabled if the phone
// number being edited has an extension
if ($ext || $config['ext']) { ?> Ext:
<input type="text" name="<?php
- echo $this->name; ?>-ext" value="<?php echo $ext; ?>" size="5"/>
+ echo $this->name; ?>-ext" value="<?php echo Format::htmlchars($ext);
+ ?>" size="5"/>
<?php }
}
diff --git a/include/class.mailer.php b/include/class.mailer.php
index 60bf67a954d5f903eb10dec35fa07236086e7a2b..9f8c2970b8b2808366607d68816dbafedec80147 100644
--- a/include/class.mailer.php
+++ b/include/class.mailer.php
@@ -148,7 +148,19 @@ class Mailer {
}
}
- $mime = new Mail_mime();
+ // The Suhosin patch will muck up the line endings in some
+ // cases
+ //
+ // References:
+ // https://github.com/osTicket/osTicket-1.8/issues/202
+ // http://pear.php.net/bugs/bug.php?id=12032
+ // http://us2.php.net/manual/en/function.mail.php#97680
+ if ((extension_loaded('suhosin') || constant("SUHOSIN_PATCH"))
+ && !$this->getSMTPInfo())
+ $mime = new Mail_mime("\n");
+ else
+ // Use defaults
+ $mime = new Mail_mime();
// If the message is not explicitly declared to be a text message,
// then assume that it needs html processing to create a valid text
diff --git a/include/class.mailparse.php b/include/class.mailparse.php
index 9e3623a3812124982cf79390a06197ff36d1b813..9c96403e5860b45cfcbd070b7236022c0caf1127 100644
--- a/include/class.mailparse.php
+++ b/include/class.mailparse.php
@@ -471,22 +471,36 @@ class Mail_Parse {
return Mail_Parse::parsePriority($this->getHeader());
}
- function parsePriority($header=null){
-
- $priority=0;
- if($header && ($begin=strpos($header,'X-Priority:'))!==false){
- $begin+=strlen('X-Priority:');
- $xpriority=preg_replace("/[^0-9]/", "",substr($header, $begin, strpos($header,"\n",$begin) - $begin));
- if(!is_numeric($xpriority))
- $priority=0;
- elseif($xpriority>4)
- $priority=1;
- elseif($xpriority>=3)
- $priority=2;
- elseif($xpriority>0)
- $priority=3;
- }
- return $priority;
+ static function parsePriority($header=null){
+
+ if (! $header)
+ return 0;
+ // Test for normal "X-Priority: INT" style header & stringy version.
+ // Allows for Importance possibility.
+ $matching_char = '';
+ if (preg_match ( '/priority: (\d|\w)/i', $header, $matching_char )
+ || preg_match ( '/importance: (\d|\w)/i', $header, $matching_char )) {
+ switch ($matching_char[1]) {
+ case 'h' :
+ case 'H' :// high
+ case 'u':
+ case 'U': //Urgent
+ case 6 :
+ case 5 :
+ return 1;
+ case 'n' : // normal
+ case 'N' :
+ case 4 :
+ case 3 :
+ return 2;
+ case 'l' : // low
+ case 'L' :
+ case 2 :
+ case 1 :
+ return 3;
+ }
+ }
+ return 0;
}
function parseAddressList($address){
diff --git a/include/class.signal.php b/include/class.signal.php
index 424ccccc9665a36db41bb5a1ff271150d946ec82..af257cd4a2dd560076a33d5a34d31d02750c9a01 100644
--- a/include/class.signal.php
+++ b/include/class.signal.php
@@ -93,9 +93,9 @@ class Signal {
list($s, $callable, $check) = $sub;
if ($s && !is_a($object, $s))
continue;
- elseif ($check && !call_user_func($check, $object, $data))
+ elseif ($check && !call_user_func_array($check, array($object, $data)))
continue;
- call_user_func($callable, $object, $data);
+ call_user_func_array($callable, array($object, $data));
}
}
}
diff --git a/include/client/edit.inc.php b/include/client/edit.inc.php
index 21f2ca726b1863bfe1b5f5eaf0f946606b0830b4..e01b2df4938ecde09b38b2db5747cb54d78d85f4 100644
--- a/include/client/edit.inc.php
+++ b/include/client/edit.inc.php
@@ -11,7 +11,7 @@ if(!defined('OSTCLIENTINC') || !$thisclient || !$ticket || !$ticket->checkUserAc
<form action="tickets.php" method="post">
<?php echo csrf_token(); ?>
<input type="hidden" name="a" value="edit"/>
- <input type="hidden" name="id" value="<?php echo $_REQUEST['id']; ?>"/>
+ <input type="hidden" name="id" value="<?php echo Format::htmlchars($_REQUEST['id']); ?>"/>
<table width="800">
<tbody id="dynamic-form">
<?php if ($forms)
diff --git a/include/client/tickets.inc.php b/include/client/tickets.inc.php
index b355e2265d69e7c6121474edc41f414c4c3cee37..2c7a9f2317743e6ff170236a06ec39ce2355df23 100644
--- a/include/client/tickets.inc.php
+++ b/include/client/tickets.inc.php
@@ -120,7 +120,7 @@ $negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting
</select>
<input type="submit" value="Go">
</form>
-<a class="refresh" href="<?php echo $_SERVER['REQUEST_URI']; ?>">Refresh</a>
+<a class="refresh" href="<?php echo Format::htmlchars($_SERVER['REQUEST_URI']); ?>">Refresh</a>
<table id="ticketTable" width="800" border="0" cellspacing="0" cellpadding="0">
<caption><?php echo $showing; ?></caption>
<thead>
diff --git a/include/staff/pwreset.login.php b/include/staff/pwreset.login.php
index 6f93f1f0118093aefd5eb7b67568a560d2fb9066..8a7455ad8b28d5283b0f3ee6cd3f303f3262af6a 100644
--- a/include/staff/pwreset.login.php
+++ b/include/staff/pwreset.login.php
@@ -11,7 +11,7 @@ $info = ($_POST)?Format::htmlchars($_POST):array();
<form action="pwreset.php" method="post">
<?php csrf_token(); ?>
<input type="hidden" name="do" value="newpasswd"/>
- <input type="hidden" name="token" value="<?php echo $_REQUEST['token']; ?>"/>
+ <input type="hidden" name="token" value="<?php echo Format::htmlchars($_REQUEST['token']); ?>"/>
<fieldset>
<input type="text" name="userid" id="name" value="<?php echo
$info['userid']; ?>" placeholder="username or email"
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index 88cb3898018e96e5e4c5dd609d16a3216a65e640..ce2728dd2adc70580a663146a02de4aa8e476920 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -308,7 +308,7 @@ if ($results) {
<div style="margin-bottom:20px">
<form action="tickets.php" method="POST" name='tickets'>
<?php csrf_token(); ?>
- <a class="refresh" href="<?php echo $_SERVER['REQUEST_URI']; ?>">Refresh</a>
+ <a class="refresh" href="<?php echo Format::htmlchars($_SERVER['REQUEST_URI']); ?>">Refresh</a>
<input type="hidden" name="a" value="mass_process" >
<input type="hidden" name="do" id="action" value="" >
<input type="hidden" name="status" value="<?php echo Format::htmlchars($_REQUEST['status']); ?>" >
diff --git a/setup/test/run-tests.php b/setup/test/run-tests.php
index ecd7bb3c73a4f092b8684c3a84f04a010e296d16..326f8be18f9ba349b2d908eab241be1f60d817d4 100644
--- a/setup/test/run-tests.php
+++ b/setup/test/run-tests.php
@@ -2,6 +2,9 @@
<?php
if (php_sapi_name() != 'cli') exit();
+//Allow user to select suite
+$selected_test = (isset($argv[1])) ? $argv[1] : false;
+
require_once "tests/class.test.php";
if (!function_exists('get_osticket_root_path')) {
@@ -63,6 +66,8 @@ foreach (glob_recursive(dirname(__file__)."/tests/test.*.php") as $t) {
$class = (include $t);
if (!is_string($class))
continue;
+ if($selected_test && ($class != $selected_test))
+ continue;
$test = new $class();
echo "Running: " . $test->name . "\n";
$test->run();
diff --git a/setup/test/tests/test.header_functions.php b/setup/test/tests/test.header_functions.php
new file mode 100644
index 0000000000000000000000000000000000000000..b64a1c400946e590e01a8742d47d9a09ffefbd46
--- /dev/null
+++ b/setup/test/tests/test.header_functions.php
@@ -0,0 +1,112 @@
+<?php
+require_once "class.test.php";
+define('INCLUDE_DIR', realpath(dirname(__file__).'/../../../include').'/');
+define('PEAR_DIR', INCLUDE_DIR.'/pear/');
+require_once INCLUDE_DIR."class.mailparse.php";
+
+abstract class Priorities {
+ const HIGH_PRIORITY = 1;
+ const NORMAL_PRIORITY = 2;
+ const LOW_PRIORITY = 3;
+ const NO_PRIORITY = 0;
+}
+
+class TestHeaderFunctions extends Test {
+ var $name = "Email Header Function Algorithm Regression Tests.";
+
+ function testMailParsePriority() {
+ $func_class_method = array('Mail_Parse','parsePriority');
+ $strlen_base = strlen($this->h());
+
+ foreach ( array (
+ 'X-Priority: isNAN' => Priorities::NO_PRIORITY, // input => output
+ 'X-Priority: 1' => Priorities::LOW_PRIORITY,
+ 'X-Priority: 2' => Priorities::LOW_PRIORITY,
+ 'X-Priority: 3' => Priorities::NORMAL_PRIORITY,
+ 'X-Priority: 4' => Priorities::NORMAL_PRIORITY,
+ 'X-Priority: 5' => Priorities::HIGH_PRIORITY,
+ 'X-Priority: 6' => Priorities::HIGH_PRIORITY,
+ 'No priority set' => Priorities::NO_PRIORITY,
+ 'Priority: normal' => Priorities::NORMAL_PRIORITY,
+ 'xyz-priority: high' => Priorities::HIGH_PRIORITY,
+ 'Priority: high' => Priorities::HIGH_PRIORITY,
+ 'priority: low' => Priorities::LOW_PRIORITY,
+ 'x-priority: 1000' => Priorities::LOW_PRIORITY, // only matches first 1, not the full 1000
+ 'priority: 3' => Priorities::NORMAL_PRIORITY,
+ 'IPM-Importance: low' => Priorities::LOW_PRIORITY,
+ 'My-Importance: URGENT' => Priorities::HIGH_PRIORITY,
+ 'Urgency: High' => Priorities::NO_PRIORITY, //urgency doesn't match.. maybe it should?
+ 'X-Importance: 5' => Priorities::HIGH_PRIORITY,
+ '' => Priorities::NO_PRIORITY
+ ) as $priority => $response ) {
+ $this->assert(is_int($response), "Setup fail, function should only return Integer values");
+ //get header
+ $header = $this->h($priority);
+
+ if(strlen($priority)){
+ $this->assert((strlen($header) > $strlen_base), "Setup fail, function h not returning correct string length");
+ }
+ if (! (call_user_func_array ($func_class_method , array($header) ) == $response)){
+ //TODO: make line number dynamic
+ $this->fail ( "class.mailparse.php", 351, "Algorithm mistake: $priority should return $response!" );
+ }else{
+ $this->pass();
+ }
+ }
+
+ }
+
+ /**
+ * Generate some header text to test with. Allows insertion of a known header variable
+ *
+ * @param string $setPriority
+ * @return string
+ */
+ function h($setPriority = "") {
+ return <<<HEADER
+Delivered-To: clonemeagain@gmail.com
+Received: by 10.69.18.42 with SMTP id gj10csp88238pbd;
+Fri, 20 Dec 2013 10:08:25 -0800 (PST)
+X-Received: by 10.224.13.80 with SMTP id b16mr16256982qaa.73.1387562904239;
+Fri, 20 Dec 2013 10:08:24 -0800 (PST)
+Return-Path: <noreply@github.com>
+Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2-ext5.iad.github.net. [192.30.252.196])
+by mx.google.com with ESMTPS id k3si6568083qao.74.2013.12.20.10.08.23
+for <clonemeagain@gmail.com>
+(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
+Fri, 20 Dec 2013 10:08:23 -0800 (PST)
+Received-SPF: pass (google.com: domain of noreply@github.com designates 192.30.252.196 as permitted sender) client-ip=192.30.252.196;
+Authentication-Results: mx.google.com;
+spf=pass (google.com: domain of noreply@github.com designates 192.30.252.196 as permitted sender) smtp.mail=noreply@github.com
+Date: Fri, 20 Dec 2013 10:08:23 -0800
+From: Jared Hancock <notifications@github.com>
+Reply-To: "osTicket/osTicket-1.8" <reply+i-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH@reply.github.com>
+To: "osTicket/osTicket-1.8" <osTicket-1.8@noreply.github.com>
+Cc: clonemeagain <clonemeagain@gmail.com>
+Message-ID: <osTicket/osTicket-1.8/pull/336/issue_event/82864993@github.com>
+In-Reply-To: <osTicket/osTicket-1.8/pull/336@github.com>
+References: <osTicket/osTicket-1.8/pull/336@github.com>
+Subject: Re: [osTicket-1.8] Landing page inline image correction (#336)
+Mime-Version: 1.0
+Content-Type: multipart/alternative;
+boundary="--==_mimepart_52b4879729712_d621217cfc567e3";
+charset=UTF-8
+Content-Transfer-Encoding: 7bit
+Precedence: list
+X-GitHub-Recipient: clonemeagain
+X-GitHub-Reason: author
+List-ID: osTicket/osTicket-1.8 <osTicket-1.8.osTicket.github.com>
+List-Archive: https://github.com/osTicket/osTicket-1.8
+List-Post: <mailto:reply+i-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH@reply.github.com>
+List-Unsubscribe: <mailto:unsub+i-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH@reply.github.com>,
+<https://github.com/notifications/unsubscribe/BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISH-BUNCHORANDOMGIBBERIBBERISHBUNCHORANDOMGIBBERIBBERISHBUNCHORANDOMGIBBERIBBERISH>
+X-Auto-Response-Suppress: All
+X-GitHub-Recipient-Address: clonemeagain@gmail.com
+$setPriority
+
+HEADER;
+ }
+
+}
+return 'TestHeaderFunctions';
+?>