diff --git a/README.md b/README.md
index 32cc9d48650f366a627c77690dd880469572cc16..c22e9da10a3da146855b4e979ac6a46d4848f943 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,9 @@
osTicket
========
-osTicket is a widely-used open source support ticket system. It seamlessly
+<a href="http://osticket.com"><img src="http://osticket.com/sites/default/files/osTicket.jpg"
+align="left" hspace="10" vspace="6"></a>
+
+**osTicket** is a widely-used open source support ticket system. It seamlessly
integrates inquiries created via email, phone and web-based forms into a
simple easy-to-use multi-user web interface. Manage, organize and archive
all your support requests and responses in one place while providing your
@@ -16,6 +19,17 @@ osTicket is an attractive alternative to higher-cost and complex customer
support systems; simple, lightweight, reliable, open source, web-based and
easy to setup and use. The best part is, it's completely free.
+Requirements
+------------
+ * HTTP server running Microsoft® IIS or Apache
+ * PHP version 5.3 or greater
+ * mysqli extension for PHP
+ * MySQL database version 5.0 or greater
+
+### Recommendations
+ * gd, gettext, imap, json, mbstring, and xml extensions for PHP
+ * APC module enabled and configured for PHP
+
Deployment
----------
osTicket now supports bleeding-edge installations. The easiest way to
diff --git a/WHATSNEW.md b/WHATSNEW.md
index f37e20ec14bcfee80ef543dcdf2213eb8a80a752..131ae3ff181cd19c6ae2756aca389459a9c71a88 100644
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
@@ -1,4 +1,31 @@
-osTicket v1.8
+osTicket v1.8.0.1
+=================
+### Enhancements
+ * Allow edit of user on the ticket open page (#291)
+ * Display complete contact information to lookup dialog (07ec37d)
+ * Clarify `mysqli` extension requirement on install and upgrade pages (#309,
+ 334461e)
+ * Add option to display unprocessed name (original) (#323)
+
+### Bugfixes
+ * Fix parser error for PHP < 5.3 on upgrade and install (1ff1540)
+ * Remove dependency on mbstring (for real this time) (50d3d70)
+ * Fix incorrect advanced search hits on some custom fields (#290)
+ * Custom forms require a title (otherwise you cannot click on them to edit)
+ (#293)
+ * Update client phone number on ticket view page after update (#292)
+ * Fix regression where validation errors were not shown on new ticket form
+ (#303)
+ * Fix bug where client name and email were not filterable for web submissions
+ (#319)
+ * Fix various autocorrect annoyances (#321)
+
+### Performance and Security
+ * Improve performance of ticket filtering on some configurations (#301)
+ * Fix possible cross site scripting (XSS) vulnerability on display of contact
+ information values (#297)
+
+osTicket v1.8.0
=============
### Enhancements
* Rich text ticket thread (#5)
diff --git a/bootstrap.php b/bootstrap.php
index 3e01197710452ab346db3d580dbd40a5c931b3ba..d726e8c0452c7ee2141a02d6065e01b36f308285 100644
--- a/bootstrap.php
+++ b/bootstrap.php
@@ -183,10 +183,7 @@ class Bootstrap {
require_once(INCLUDE_DIR.'class.format.php'); //format helpers
require_once(INCLUDE_DIR.'class.validator.php'); //Class to help with basic form input validation...please help improve it.
require(INCLUDE_DIR.'class.mailer.php');
- if (extension_loaded('mysqli'))
- require_once INCLUDE_DIR.'mysqli.php';
- else
- require(INCLUDE_DIR.'mysql.php');
+ require_once INCLUDE_DIR.'mysqli.php';
}
function i18n_prep() {
diff --git a/include/class.filter.php b/include/class.filter.php
index db1256250081c8ebc4271620a1c709ead8ef87db..a17962cf2e9c44e50f44c1b1f3571c3fd4eadd0c 100644
--- a/include/class.filter.php
+++ b/include/class.filter.php
@@ -664,12 +664,6 @@ class TicketFilter {
* emailId - id of osTicket's system email (for emailed tickets)
* ---------------
* @see Filter::matches() for a complete list of supported keys
- *
- * IF $vars is not provided, every (active) filter will be fetched from the
- * database and matched against the incoming ticket. Otherwise, a subset
- * of filters from the database that appear to have rules that
- * deal with the data in the incoming ticket (based on $vars) will be considered.
- * @see ::quickList() for more information.
*/
function TicketFilter($origin, $vars=array()) {
@@ -697,7 +691,7 @@ class TicketFilter {
$this->short_list = null;
//Query DB for "possibly" matching filters.
- $res = $this->vars?$this->quickList():$this->getAllActive();
+ $res = $this->getAllActive();
if($res) {
while (list($id) = db_fetch_row($res))
array_push($this->filters, new Filter($id));
@@ -770,88 +764,6 @@ class TicketFilter {
return db_query($sql);
}
- /**
- * Fast lookup function to all filters that have at least one rule that
- * matches the received address or name or is not defined to match based
- * on an email-address or sender-name. This method is meant to retrieve
- * all possible filters that could potentially match the given
- * arguments. This method will request the database to make a first pass
- * and eliminate the filters from being considered that would never
- * match the received email.
- *
- * Returns an array<Filter::Id> which will need to have their respective
- * matches() method queried to determine if the Filter actually matches
- * the email.
- *
- * -----> Disclaimer <------------------
- * It would seem that this would not work; however, bear in mind that
- * this logic is completely backwards from the database design. Rather
- * than determining if the email matches the rules, we're determining if
- * the rules *might* apply to the email. This is a "quick" method,
- * because it does not request the database to fully verify that the
- * rule matches the email. Nor does it fetch the rule or filter
- * information from the database. Whether the filter will completely
- * match or not is determined in the Filter::matches() method.
- */
- function quickList() {
-
- if(!$this->vars || !$this->vars['email'])
- return $this->getAllActive();
-
- $sql='SELECT DISTINCT filter_id FROM '.FILTER_RULE_TABLE.' rule '
- .' INNER JOIN '.FILTER_TABLE.' filter '
- .' ON (filter.id=rule.filter_id) '
- .' WHERE filter.isactive '
- ." AND filter.target IN ('Any', ".db_input($this->getTarget()).') ';
-
- # Filter by system's email-id if specified
- if($this->vars['emailId'])
- $sql.=' AND (filter.email_id=0 OR filter.email_id='.db_input($this->vars['emailId']).')';
-
- # Include rules for sender-email, sender-name and subject as
- # requested
- $sql.=" AND ((what='email' AND LOCATE(val, ".db_input($this->vars['email']).'))';
- if($this->vars['name'])
- $sql.=" OR (what='name' AND LOCATE(val, ".db_input($this->vars['name']).'))';
- if($this->vars['subject'])
- $sql.=" OR (what='subject' AND LOCATE(val, ".db_input($this->vars['subject']).'))';
-
- # Always include negative-logic rules
- $sql.=" OR how IN ('dn_contain', 'not_equal')";
-
-
- # Also include filters that do not have any rules concerning either
- # sender-email-addresses or sender-names or subjects
- $sql.=") OR filter.id IN ("
- ." SELECT filter_id "
- ." FROM ".FILTER_RULE_TABLE." rule"
- ." INNER JOIN ".FILTER_TABLE." filter"
- ." ON (rule.filter_id=filter.id)"
- ." WHERE filter.isactive"
- ." AND filter.target IN('Any', ".db_input($this->getTarget()).")"
- ." GROUP BY filter_id"
- ." HAVING COUNT(*)-COUNT(NULLIF(what,'email'))=0";
- if (!$this->vars['name']) $sql.=" AND COUNT(*)-COUNT(NULLIF(what,'name'))=0";
- if (!$this->vars['subject']) $sql.=" AND COUNT(*)-COUNT(NULLIF(what,'subject'))=0";
- # Also include filters that do not have match_all_rules set to and
- # have at least one rule 'what' type that wasn't considered e.g body
- $sql.=") OR filter.id IN ("
- ." SELECT filter_id"
- ." FROM ".FILTER_RULE_TABLE." rule"
- ." INNER JOIN ".FILTER_TABLE." filter"
- ." ON (rule.filter_id=filter.id)"
- ." WHERE filter.isactive"
- ." AND filter.target IN ('Any', ".db_input($this->getTarget()).")"
- ." AND what NOT IN ('email'"
- # Handle sender-name and subject if specified
- .((!$this->vars['name'])?",'name'":"")
- .((!$this->vars['subject'])?",'subject'":"")
- .") AND filter.match_all_rules = 0 "
- # Return filters in declared execution order
- .") ORDER BY filter.execorder";
-
- return db_query($sql);
- }
/**
* Quick function to determine if the received email-address is
* indicated by an active email filter to be banned. Returns the id of
diff --git a/include/class.orm.php b/include/class.orm.php
index de47d422ecf6b2290e8541b5476d2a54f1d3cdbb..38d3482daf79c91fddeb9ef0f9b81240d4a4ed42 100644
--- a/include/class.orm.php
+++ b/include/class.orm.php
@@ -160,16 +160,18 @@ class VerySimpleModel {
$filter = $fields = array();
if (count($this->dirty) === 0)
return;
- foreach ($this->dirty as $field=>$old)
- if ($this->__new__ or !in_array($field, $pk))
+ foreach ($this->dirty as $field=>$old) {
+ if ($this->__new__ or !in_array($field, $pk)) {
if (@get_class($this->get($field)) == 'SqlFunction')
$fields[] = $field.' = '.$this->get($field)->toSql();
else
$fields[] = $field.' = '.db_input($this->get($field));
- foreach ($pk as $p)
- $filter[] = $p.' = '.db_input($this->get($p));
+ }
+ }
$sql .= ' SET '.implode(', ', $fields);
if (!$this->__new__) {
+ foreach ($pk as $p)
+ $filter[] = $p.' = '.db_input($this->get($p));
$sql .= ' WHERE '.implode(' AND ', $filter);
$sql .= ' LIMIT 1';
}
diff --git a/include/class.ticket.php b/include/class.ticket.php
index 273d8e292773aeaf0b9720eb239001db010be9a8..cbc319c6799a35e85f71d70b6f0d5b30fdf74a73 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -2059,6 +2059,13 @@ class Ticket {
foreach ($form->getFields() as $f)
$vars['field.'.$f->get('id')] = $f->toString($f->getClean());
+ // Unpack the basic user information
+ $interesting = array('name', 'email');
+ $user_form = UserForm::getUserForm()->getForm($vars);
+ foreach ($user_form->getFields() as $f)
+ if (in_array($f->get('name'), $interesting))
+ $vars[$f->get('name')] = $f->toString($f->getClean());
+
//Init ticket filters...
$ticket_filter = new TicketFilter($origin, $vars);
// Make sure email contents should not be rejected
diff --git a/include/class.user.php b/include/class.user.php
index 3281d38c2865ee013e62f563c11c116fd6b9f490..9102771c846e69f64d0d5442e5d7b8700c5b3c20 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -296,6 +296,7 @@ class PersonsName {
'short' => array("First L.", 'getShort'),
'shortformal' => array("F. Last", 'getShortFormal'),
'complete' => array("Mr. First M. Last Sr.", 'getComplete'),
+ 'original' => array('-- As Entered --', 'getOriginal'),
);
function __construct($name) {
@@ -368,6 +369,16 @@ class PersonsName {
return $this->name;
}
+ function getInitials() {
+ $names = array($this->parts['first']);
+ $names = array_merge($names, explode(' ', $this->parts['middle']));
+ $names[] = $this->parts['last'];
+ $initials = '';
+ foreach (array_filter($names) as $n)
+ $initials .= mb_substr($n,0,1);
+ return mb_convert_case($initials, MB_CASE_UPPER);
+ }
+
function getName() {
return $this;
}
diff --git a/include/client/open.inc.php b/include/client/open.inc.php
index c5ecb42c66717eadbb5346f7e526e1e4c6ebb1a1..d47e07380273648661a4a2e898d0c4350ddb4e7c 100644
--- a/include/client/open.inc.php
+++ b/include/client/open.inc.php
@@ -40,14 +40,18 @@ $info=($_POST && $errors)?Format::htmlchars($_POST):$info;
</tr>
<?php
if (!$thisclient) {
- UserForm::getUserForm()->render(false, 'Your Information');
+ $uform = UserForm::getUserForm()->getForm($_POST);
+ if ($_POST) $uform->isValid();
+ $uform->render(false, 'Your Information');
}
else { ?>
<tr><td colspan="2"><hr /></td></tr>
<tr><td>Email:</td><td><?php echo $thisclient->getEmail(); ?></td></tr>
<tr><td>Client:</td><td><?php echo $thisclient->getName(); ?></td></tr>
<?php }
- TicketForm::getInstance()->render(false); ?>
+ $tform = TicketForm::getInstance()->getForm($_POST);
+ if ($_POST) $tform->isValid();
+ $tform->render(false); ?>
</tbody>
<tbody id="dynamic-form">
<?php if ($form) {
diff --git a/include/mysql.php b/include/mysql.php
deleted file mode 100644
index 95be46f5a93b8ee239f13fa441bd94494dad35bc..0000000000000000000000000000000000000000
--- a/include/mysql.php
+++ /dev/null
@@ -1,211 +0,0 @@
-<?php
-/*********************************************************************
- mysql.php
-
- Collection of MySQL helper interface functions.
-
- Mostly wrappers with error/resource checking.
-
- Peter Rotich <peter@osticket.com>
- Copyright (c) 2006-2013 osTicket
- http://www.osticket.com
-
- Released under the GNU General Public License WITHOUT ANY WARRANTY.
- See LICENSE.TXT for details.
-
- vim: expandtab sw=4 ts=4 sts=4:
-**********************************************************************/
-
- function db_connect($host, $user, $passwd, $options = array()) {
-
- //Assert
- if(!strlen($user) || !strlen($passwd) || !strlen($host))
- return NULL;
-
- //Connect
- $start = (double) microtime() * 1000000;
- if(!($dblink =@mysql_connect($host, $user, $passwd)))
- return NULL;
-
- //Select the database, if any.
- if($options['db']) db_select_database($options['db']);
-
- //set desired encoding just in case mysql charset is not UTF-8 - Thanks to FreshMedia
- @mysql_query('SET NAMES "utf8"');
- @mysql_query('SET CHARACTER SET "utf8"');
- @mysql_query('SET COLLATION_CONNECTION=utf8_general_ci');
-
- @db_set_variable('sql_mode', '');
-
- // Use connection timing to seed the random number generator
- Misc::__rand_seed(((double) microtime() * 1000000) - $start);
-
- return $dblink;
- }
-
- function db_close() {
- global $dblink;
- return @mysql_close($dblink);
- }
-
- function db_version() {
-
- $version=0;
- $matches = array();
- if(preg_match('/(\d{1,2}\.\d{1,2}\.\d{1,2})/',
- mysql_result(db_query('SELECT VERSION()'),0,0),
- $matches))
- $version=$matches[1];
-
- return $version;
- }
-
- function db_timezone() {
- return db_get_variable('time_zone');
- }
-
- function db_get_variable($variable, $type='session') {
- $sql =sprintf('SELECT @@%s.%s', $type, $variable);
- return db_result(db_query($sql));
- }
-
- function db_set_variable($variable, $value, $type='session') {
- $sql =sprintf('SET %s %s=%s',strtoupper($type), $variable, db_input($value));
- return db_query($sql);
- }
-
-
- function db_select_database($database) {
- return ($database && @mysql_select_db($database));
- }
-
- function db_create_database($database, $charset='utf8', $collate='utf8_general_ci') {
- return @mysql_query(sprintf('CREATE DATABASE %s DEFAULT CHARACTER SET %s COLLATE %s', $database, $charset, $collate));
- }
-
- // execute sql query
- function db_query($query, $logError=true) {
- global $ost;
-
- $res = mysql_query($query);
-
- if(!$res && $logError && $ost) { //error reporting
- $msg='['.$query.']'."\n\n".db_error();
- $ost->logDBError('DB Error #'.db_errno(), $msg);
- //echo $msg; #uncomment during debuging or dev.
- }
-
- return $res;
- }
-
- function db_squery($query) { //smart db query...utilizing args and sprintf
-
- $args = func_get_args();
- $query = array_shift($args);
- $query = str_replace("?", "%s", $query);
- $args = array_map('db_real_escape', $args);
- array_unshift($args, $query);
- $query = call_user_func_array('sprintf', $args);
- return db_query($query);
- }
-
- function db_count($query) {
- return db_result(db_query($query));
- }
-
- function db_result($res, $row=0) {
- return ($res)?mysql_result($res, $row):NULL;
- }
-
- function db_fetch_array($res, $mode=false) {
- return ($res)?db_output(mysql_fetch_array($res, ($mode)?$mode:MYSQL_ASSOC)):NULL;
- }
-
- function db_fetch_row($res) {
- return ($res)?db_output(mysql_fetch_row($res)):NULL;
- }
-
- function db_fetch_field($res) {
- return ($res)?mysql_fetch_field($res):NULL;
- }
-
- function db_assoc_array($res, $mode=false) {
- $result = array();
- if($res && db_num_rows($res)) {
- while ($row=db_fetch_array($res, $mode))
- $result[]=$row;
- }
- return $result;
- }
-
- function db_num_rows($res) {
- return ($res)?mysql_num_rows($res):0;
- }
-
- function db_affected_rows() {
- return mysql_affected_rows();
- }
-
- function db_data_seek($res, $row_number) {
- return mysql_data_seek($res, $row_number);
- }
-
- function db_data_reset($res) {
- return mysql_data_seek($res,0);
- }
-
- function db_insert_id() {
- return mysql_insert_id();
- }
-
- function db_free_result($res) {
- return mysql_free_result($res);
- }
-
- function db_output($var) {
-
- if(!function_exists('get_magic_quotes_runtime') || !get_magic_quotes_runtime()) //Sucker is NOT on - thanks.
- return $var;
-
- if (is_array($var))
- return array_map('db_output', $var);
-
- return (!is_numeric($var))?stripslashes($var):$var;
-
- }
-
- //Do not call this function directly...use db_input
- function db_real_escape($val, $quote=false) {
-
- //Magic quotes crap is taken care of in main.inc.php
- $val=mysql_real_escape_string($val);
-
- return ($quote)?"'$val'":$val;
- }
-
- function db_input($var, $quote=true) {
-
- if(is_array($var))
- return array_map('db_input', $var, array_fill(0, count($var), $quote));
- elseif($var && preg_match("/^\d+(\.\d+)?$/", $var))
- return $var;
-
- return db_real_escape($var, $quote);
- }
-
- function db_error() {
- return mysql_error();
- }
-
- function db_connect_error() {
- return db_error();
- }
-
- function db_errno() {
- return mysql_errno();
- }
-
- function db_field_type($res, $col=0) {
- return mysql_field_type($res, $col);
- }
-?>
diff --git a/include/staff/email.inc.php b/include/staff/email.inc.php
index 8c0c45d92c51b07bbe9b6ab5160ee35932342ac8..33ddc72c14f6adf9bed9a3c37b99a07d51c26d8a 100644
--- a/include/staff/email.inc.php
+++ b/include/staff/email.inc.php
@@ -123,7 +123,8 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
Username
</td>
<td>
- <input type="text" size="35" name="userid" value="<?php echo $info['userid']; ?>">
+ <input type="text" size="35" name="userid" value="<?php echo $info['userid']; ?>"
+ autocomplete="off" autocorrect="off">
<span class="error"> <?php echo $errors['userid']; ?> </span>
</td>
</tr>
@@ -132,7 +133,8 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
Password
</td>
<td>
- <input type="password" size="35" name="passwd" value="<?php echo $info['passwd']; ?>">
+ <input type="password" size="35" name="passwd" value="<?php echo $info['passwd']; ?>"
+ autocomplete="off">
<span class="error"> <?php echo $errors['passwd']; ?> </span>
<br><em><?php echo $passwdtxt; ?></em>
</td>
diff --git a/include/staff/templates/user-lookup.tmpl.php b/include/staff/templates/user-lookup.tmpl.php
index 7810079c6cbf373a8e801695d777fb7c13d1364e..eb93fab228e78baea30831ea74520402aa309d8f 100644
--- a/include/staff/templates/user-lookup.tmpl.php
+++ b/include/staff/templates/user-lookup.tmpl.php
@@ -3,7 +3,7 @@
<b><a class="close" href="#"><i class="icon-remove-circle"></i></a></b>
<hr/>
<div><p id="msg_info"><i class="icon-info-sign"></i> Search existing users or add a new user.</p></div>
-<div style="margin-bottom:10px;"><input type="text" class="search-input" style="width:100%;" placeholder="Search by email, phone or name" id="user-search"/></div>
+<div style="margin-bottom:10px;"><input type="text" class="search-input" style="width:100%;" placeholder="Search by email, phone or name" id="user-search" autocorrect="off" autocomplete="off"/></div>
<?php
if ($info['error']) {
echo sprintf('<p id="msg_error">%s</p>', $info['error']);
@@ -16,7 +16,7 @@ if ($info['error']) {
<i class="icon-user icon-4x pull-left icon-border"></i>
<a class="action-button pull-right" style="overflow:inherit"
id="unselect-user" href="#"><i class="icon-remove"></i> Add New User</a>
- <div><strong id="user-name"><?php echo $user ? Format::htmlchars($user->getName()) : ''; ?></strong></div>
+ <div><strong id="user-name"><?php echo $user ? Format::htmlchars($user->getName()->getOriginal()) : ''; ?></strong></div>
<div><<span id="user-email"><?php echo $user ? $user->getEmail() : ''; ?></span>></div>
<?php if ($user) { ?>
<table style="margin-top: 1em;">
diff --git a/include/staff/templates/user.tmpl.php b/include/staff/templates/user.tmpl.php
index 456176c8139c37f4a3e040de20753eafa5945a36..6c91f3b26416d0b0684a2fc9b1d7efa0ca4cc001 100644
--- a/include/staff/templates/user.tmpl.php
+++ b/include/staff/templates/user.tmpl.php
@@ -20,7 +20,7 @@ if ($info['error']) {
<?php
} ?>
<div><b><a href="#" id="edituser"><i class="icon-edit"></i> <?php
- echo Format::htmlchars($user->getName()); ?></a></b></div>
+ echo Format::htmlchars($user->getName()->getOriginal()); ?></a></b></div>
<div><<?php echo $user->getEmail(); ?>></div>
<table style="margin-top: 1em;">
<?php foreach ($user->getDynamicData() as $entry) {
diff --git a/include/staff/ticket-open.inc.php b/include/staff/ticket-open.inc.php
index 1c49b407308ba09a9487c4a465e9986a13db9c2f..489d45ed425d67a85a81ec4132c212c030619247 100644
--- a/include/staff/ticket-open.inc.php
+++ b/include/staff/ticket-open.inc.php
@@ -62,7 +62,8 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<td width="160" class="required"> Email Address: </td>
<td>
<span style="display:inline-block;">
- <input type="text" size=45 name="email" id="user-email" value="<?php echo $info['email']; ?>" /> </span>
+ <input type="text" size=45 name="email" id="user-email"
+ autocomplete="off" autocorrect="off" value="<?php echo $info['email']; ?>" /> </span>
<font class="error">* <?php echo $errors['email']; ?></font>
</td>
</td>
@@ -222,12 +223,14 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
</tr>
<?php
}
- TicketForm::getInstance()->render(true);
+ $tform = TicketForm::getInstance()->getForm($_POST);
+ if ($_POST) $tform->isValid();
+ $tform->render(true);
?>
</tbody>
<tbody id="dynamic-form">
<?php
- if ($form) $form->render(true);
+ if ($form) $form->getForm()->render(true);
?>
</tbody>
<tbody>
diff --git a/include/staff/ticket-view.inc.php b/include/staff/ticket-view.inc.php
index d541caa354a9aabeb0f8a013355082f8bc9dbc40..dc0f71ce1128eb441c8c076ca25e59fb734a67f0 100644
--- a/include/staff/ticket-view.inc.php
+++ b/include/staff/ticket-view.inc.php
@@ -931,9 +931,10 @@ $tcount+= $ticket->getNumNotes();
Are you sure want to <b>unassign</b> ticket from <b><?php echo $ticket->getAssigned(); ?></b>?
</p>
<p class="confirm-action" style="display:none;" id="changeuser-confirm">
- <p id="msg_warning">
- <b><?php echo Format::htmlchars($ticket->getName()); ?></b> <<?php echo $ticket->getEmail(); ?>> will no longer have access to the ticket.
- </p>
+ <span id="msg_warning" style="display:block;vertical-align:top">
+ <b><?php echo Format::htmlchars($ticket->getName()); ?></b> <<?php echo $ticket->getEmail(); ?>>
+ <br> will no longer have access to the ticket.
+ </span>
Are you sure want to <b>change</b> ticket owner to <b><span id="newuser">this guy</span></b>?
</p>
<p class="confirm-action" style="display:none;" id="delete-confirm">
diff --git a/scp/tickets.php b/scp/tickets.php
index 32b82768e5dc5b8af09de23b9afa9e4ac689e880..f28ac8e3e31a1677cceede9c867e49e204473b83 100644
--- a/scp/tickets.php
+++ b/scp/tickets.php
@@ -471,20 +471,11 @@ if($_POST && !$errors):
break;
case 'open':
$ticket=null;
- $interest=array('name','email','subject');
if ($topic=Topic::lookup($_POST['topicId'])) {
if ($form = DynamicForm::lookup($topic->ht['form_id'])) {
$form = $form->instanciate();
- # Collect name, email, and subject address for banning and such
- foreach ($form->getAnswers() as $answer) {
- $fname = $answer->getField()->get('name');
- if (in_array($fname, $interest))
- # XXX: Assigning to _POST not considered great PHP
- # coding style
- $_POST[$fname] = $answer->getField()->getClean();
- }
- if (!$form->isValid())
- $errors = array_merge($errors, $form->errors());
+ if (!$form->getForm()->isValid())
+ $errors = array_merge($errors, $form->getForm()->errors());
}
}
if(!$thisstaff || !$thisstaff->canCreateTickets()) {
diff --git a/setup/setup.inc.php b/setup/setup.inc.php
index 6eb4a495fb3c2a98350b033a0a80a88f3d25fa48..4327ffed75f66ac42b3b8a9e4dc159ec87b8bfb4 100644
--- a/setup/setup.inc.php
+++ b/setup/setup.inc.php
@@ -58,10 +58,6 @@ require_once(INCLUDE_DIR.'class.validator.php');
require_once(INCLUDE_DIR.'class.passwd.php');
require_once(INCLUDE_DIR.'class.format.php');
require_once(INCLUDE_DIR.'class.misc.php');
-
-if (extension_loaded('mysqli'))
- require_once INCLUDE_DIR.'mysqli.php';
-else
- require(INCLUDE_DIR.'mysql.php');
+require_once INCLUDE_DIR.'mysqli.php';
?>