diff --git a/WHATSNEW.md b/WHATSNEW.md
index b361dbc8968dd394620a8842b4133bdb827ae104..14a69ee57592b1d29ef6f1e0355f23fe054c9eb2 100644
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
@@ -1,3 +1,56 @@
+osTicket v1.8.1.3
+=================
+### Enhancements
+ * Support filtering based on help topic (#728)
+ * Embedded images ([rfc2397](http://www.ietf.org/rfc/rfc2397.txt)) are correctly supported (#740)
+ * Allow regular staff members to show assigned open tickets on open queue (#751)
+ * Support Handle [rfc1892](http://www.ietf.org/rfc/rfc1892.txt) style bounce notices (#871)
+ * Disable autocomplete on CAPTCHA fields (#821)
+ * Show `closed` date on the closed ticket queue (#865)
+ * Departments support assignment to members only (#862)
+ * Department email selection is optional (#862)
+
+### Bugs
+ * Fix error output on some systems if the `i18n` folder is not readable (#714)
+ * Fix possible crash if an email has no body (#707)
+ * Fix errors in download hash generation (#743)
+ * Support two-character file extensions (#719)
+ * Fix inline images with an invalid content id (#708)
+ * Remove confusing false-positive banner and admin email for client login (#763, #765)
+ * Fix detection of inline images without a `cid:` URL scheme (#779)
+ * Fix crash sending fatal alert email (bdfb2f1)
+ * Fix partial corruption of HTML @style attributes (#784)
+ * Fix several CSS styles for the staff interface (#785)
+ * Properly clear department selection from other settings on deletion (#792)
+ * Users with ticket-edit rights can see the "Change Owner" option in the more drop-down (#799)
+ * Links to new osTicket site are now correct (#808)
+ * Fix incorrect ticket count on simple ticket search (#809)
+ * Fix attachment size detection on systems with `mbstring.func_overload` set (#811)
+ * Fix horribly incorrect TNEF stream parsing (#825)
+ * Fix incorrect SQL query searching staff directory (91d65d9)
+ * Properly trim user input for ban list entries (#837)
+ * Ticket assignment alert can be disabled (#839)
+ * Preserve newlines in long answer form fields (with HTML disabled) (a04c5e7)
+ * Fix javascript error on form submission with empty date picker field (0013b40)
+ * Fix images in message portion of the new ticket notice to end user (#842)
+ * Send new internal note alert to assigned team members (#858)
+ * Properly strip leading and trailing whitespace from text/plain emails (fa7a025)
+ * Fix incorrect default template for ticket auto responses (97d6e25)
+ * Canned responses can be disabled (120d90b)
+ * Don't corrupt filters with selected, disabled teams, SLAs (120d90b)
+ * Fix crash sending some alert emails (efa7311)
+ * Fix HTML scrubbing with some content-ids (efa7311, eb5861f)
+ * Squelch E_WARN from ContentAjaxAPI::getSignature (ed33d06)
+ * `@localhost` is *not* a valid email address (f40c018)
+ * Fix `web.config` for newly patched IIS setups (78a47c2)
+ * Honor disabled assignment alerts for teams (#894)
+ * Send out internal note alerts to assigned staff (and Team) if Agent closes the ticket with the note (#903)
+
+### Performance and Security
+ * Fix cross site scripting (XSS) vulnerability in thread entry widget (9916214)
+ * Mail parsing uses significantly less memory (#861)
+
+
osTicket v1.8.1.2
=================
* All fixes and enhancements from v1.8.0.4, plus *
diff --git a/include/ajax.content.php b/include/ajax.content.php
index 1703ba28e4f4b7d4a91687f9e8d6c6aa7ab9725f..3126c28e2fa34c479c62a69e07e3da8f311bc12a 100644
--- a/include/ajax.content.php
+++ b/include/ajax.content.php
@@ -103,7 +103,7 @@ class ContentAjaxAPI extends AjaxController {
return $content;
}
- function getSignature($type, $id) {
+ function getSignature($type, $id=null) {
global $thisstaff;
if (!$thisstaff)
diff --git a/include/class.team.php b/include/class.team.php
index 2d79a987f70260e4778a349d946f8d80bfb6c443..21280bd0efdc19152a7f3b95be15d394797a8c00 100644
--- a/include/class.team.php
+++ b/include/class.team.php
@@ -126,6 +126,10 @@ class Team {
return $this->isEnabled();
}
+ function alertsEnabled() {
+ return !$this->ht['noalerts'];
+ }
+
function update($vars, &$errors) {
//reset team lead if they're being deleted
diff --git a/include/class.ticket.php b/include/class.ticket.php
index 27e293523ba0689f7106e544f8f375e6e0a8bce4..e70b25dec2e8b760cb7eb1530d2d3c407a2c6bc6 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -1145,18 +1145,19 @@ class Ticket {
//recipients
$recipients=array();
- if(!strcasecmp(get_class($assignee), 'Staff')) {
- if($cfg->alertStaffONAssignment())
+ if ($assignee instanceof Staff) {
+ if ($cfg->alertStaffONAssignment())
$recipients[] = $assignee;
- } elseif(!strcasecmp(get_class($assignee), 'Team')) {
- if($cfg->alertTeamMembersONAssignment() && ($members=$assignee->getMembers()))
+ } elseif (($assignee instanceof Team) && $assignee->alertsEnabled()) {
+ if ($cfg->alertTeamMembersONAssignment() && ($members=$assignee->getMembers()))
$recipients = array_merge($recipients, $members);
- elseif($cfg->alertTeamLeadONAssignment() && ($lead=$assignee->getTeamLead()))
+ elseif ($cfg->alertTeamLeadONAssignment() && ($lead=$assignee->getTeamLead()))
$recipients[] = $lead;
}
//Get the message template
- if($recipients && ($msg=$tpl->getAssignedAlertMsgTemplate())) {
+ if ($recipients
+ && ($msg=$tpl->getAssignedAlertMsgTemplate())) {
$msg = $this->replaceVars($msg->asArray(),
array('comments' => $comments,
@@ -1846,6 +1847,9 @@ class Ticket {
// No alerts for bounce emails
$alert = false;
+ // Get assigned staff just in case the ticket is closed.
+ $assignee = $this->getStaff();
+
//Set state: Error on state change not critical!
if(isset($vars['state']) && $vars['state']) {
if($this->setState($vars['state']))
@@ -1867,31 +1871,41 @@ class Ticket {
$recipients=array();
//Last respondent.
- if($cfg->alertLastRespondentONNewNote())
- $recipients[]=$this->getLastRespondent();
+ if ($cfg->alertLastRespondentONNewNote())
+ $recipients[] = $this->getLastRespondent();
+
+ // Assigned staff / team
+ if ($cfg->alertAssignedONNewNote()) {
+
+ if ($assignee && $assignee instanceof Staff)
+ $recipients[] = $assignee;
- //Assigned staff if any...could be the last respondent
- if($cfg->alertAssignedONNewNote() && $this->isAssigned()) {
- if ($staff = $this->getStaff())
- $recipients[] = $staff;
if ($team = $this->getTeam())
$recipients = array_merge($recipients, $team->getMembers());
}
- //Dept manager
- if($cfg->alertDeptManagerONNewNote() && $dept && $dept->getManagerId())
- $recipients[]=$dept->getManager();
+ // Dept manager
+ if ($cfg->alertDeptManagerONNewNote() && $dept && $dept->getManagerId())
+ $recipients[] = $dept->getManager();
$options = array(
'inreplyto'=>$note->getEmailMessageId(),
'references'=>$note->getEmailReferences(),
'thread'=>$note);
+
+ $isClosed = $this->isClosed();
$sentlist=array();
foreach( $recipients as $k=>$staff) {
if(!is_object($staff)
- || !$staff->isAvailable() //Don't bother vacationing staff.
- || isset($sentlist[$staff->getEmail()]) //No duplicates.
- || $note->getStaffId() == $staff->getId()) //No need to alert the poster!
+ // Don't bother vacationing staff.
+ || !$staff->isAvailable()
+ // No duplicates.
+ || isset($sentlist[$staff->getEmail()])
+ // No need to alert the poster!
+ || $note->getStaffId() == $staff->getId()
+ // Make sure staff has access to ticket
+ || ($isClosed && !$this->checkStaffAccess($staff))
+ )
continue;
$alert = $this->replaceVars($msg, array('recipient' => $staff));
$email->sendAlert($staff->getEmail(), $alert['subj'], $alert['body'], null, $options);
diff --git a/web.config b/web.config
index ee754443fd21e93c111e2cd962fd019ded871c30..19eb76ef3acecaa61690919e7ec6812f156f2af5 100644
--- a/web.config
+++ b/web.config
@@ -1,15 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
- <configSections>
- <sectionGroup name="system.webServer">
- <sectionGroup name="rewrite">
- <section name="rewriteMaps" overrideModeDefault="Allow" />
- <section name="rules" overrideModeDefault="Allow" />
- </sectionGroup>
- </sectionGroup>
- </configSections>
-
<system.webServer>
<directoryBrowse enabled="false" />
<rewrite>