Merge branch 'develop' into develop-next

Conflicts:
	include/staff/tickets.inc.php

include/ajax.tickets.php

@@ -213,9 +213,10 @@ class TicketsAjaxAPI extends AjaxController {
                     && ($val = $req[$f->getFormName()])) {
                 $name = $f->get('name') ? $f->get('name')
                     : 'field_'.$f->get('id');
-                $cwhere = "cdata.`$name` LIKE '%".db_real_escape($val)."%'";
                 if ($f->getImpl()->hasIdValue() && is_numeric($val))
-                    $cwhere .= " OR cdata.`{$name}_id` = ".db_input($val);
+                    $cwhere = "cdata.`{$name}_id` = ".db_input($val);
+                else
+                    $cwhere = "cdata.`$name` LIKE '%".db_real_escape($val)."%'";
                 $where .= ' AND ('.$cwhere.')';
                 $cdata_search = true;
             }
@@ -232,7 +233,8 @@ class TicketsAjaxAPI extends AjaxController {
             $sections[] = "$select $from $where";
 
         $sql=implode(' union ', $sections);
-        $res = db_query($sql);
+        if (!($res = db_query($sql)))
+            return TicketForm::dropDynamicDataView();
 
         $tickets = array();
         while ($row = db_fetch_row($res))

include/class.dynamic_forms.php

@@ -878,13 +878,20 @@ class SelectionField extends FormField {
     }
 
     function parse($value) {
-        return $this->to_php($value);
+        $config = $this->getConfiguration();
+        if (is_int($value))
+            return $this->to_php($this->getWidget()->getEnteredValue(), (int) $value);
+        elseif (!$config['typeahead'])
+            return $this->to_php(null, (int) $value);
+        else
+            return $this->to_php($value);
     }
 
     function to_php($value, $id=false) {
-        $item = DynamicListItem::lookup($id ? $id : $value);
+        if ($id && is_int($id))
+            $item = DynamicListItem::lookup($id);
         # Attempt item lookup by name too
-        if (!$item) {
+        if (!$item || ($value !== null && $value != $item->get('value'))) {
             $item = DynamicListItem::lookup(array(
                 'value'=>$value,
                 'list_id'=>$this->getListId()));
@@ -903,13 +910,18 @@ class SelectionField extends FormField {
     }
 
     function toString($item) {
-        return ($item instanceof DynamicListItem) ? $item->toString() : $item;
+        return ($item instanceof DynamicListItem)
+            ? $item->toString() : (string) $item;
     }
 
     function validateEntry($item) {
+        $config = $this->getConfiguration();
         parent::validateEntry($item);
         if ($item && !$item instanceof DynamicListItem)
             $this->_errors[] = 'Select a value from the list';
+        elseif ($item && $config['typeahead']
+                && $this->getWidget()->getEnteredValue() != $item->get('value'))
+            $this->_errors[] = 'Select a value from the list';
     }
 
     function getConfigurationOptions() {
@@ -943,10 +955,8 @@ class SelectionWidget extends ChoicesWidget {
         } elseif ($this->value) {
             // Loaded from POST
             $value = $this->value;
-            $name = DynamicListItem::lookup($value);
-            $name = ($name) ? $name->get('value') : $value;
+            $name = $this->getEnteredValue();
         }
-
         if (!$config['typeahead']) {
             $this->value = $value;
             return parent::render();
@@ -955,7 +965,7 @@ class SelectionWidget extends ChoicesWidget {
         $source = array();
         foreach ($this->field->getList()->getItems() as $i)
             $source[] = array(
-                'value' => $i->get('value'),
+                'value' => $i->get('value'), 'id' => $i->get('id'),
                 'info' => $i->get('value')." -- ".$i->get('extra'),
             );
         ?>
@@ -963,6 +973,8 @@ class SelectionWidget extends ChoicesWidget {
         <input type="text" size="30" name="<?php echo $this->name; ?>"
             id="<?php echo $this->name; ?>" value="<?php echo $name; ?>"
             autocomplete="off" />
+        <input type="hidden" name="<?php echo $this->name;
+            ?>_id" id="<?php echo $this->name; ?>_id" value="<?php echo $value; ?>"/>
         <script type="text/javascript">
         $(function() {
             $('input#<?php echo $this->name; ?>').typeahead({
@@ -970,6 +982,7 @@ class SelectionWidget extends ChoicesWidget {
                 property: 'info',
                 onselect: function(item) {
                     $('input#<?php echo $this->name; ?>').val(item['value'])
+                    $('input#<?php echo $this->name; ?>_id').val(item['id'])
                 }
             });
         });
@@ -977,5 +990,18 @@ class SelectionWidget extends ChoicesWidget {
         </span>
         <?php
     }
+
+    function getValue() {
+        $data = $this->field->getSource();
+        // Search for HTML form name first
+        if (isset($data[$this->name.'_id']))
+            return (int) $data[$this->name.'_id'];
+        return parent::getValue();
+    }
+
+    function getEnteredValue() {
+        // Used to verify typeahead fields
+        return parent::getValue();
+    }
 }
 ?>

include/class.staff.php

@@ -53,8 +53,10 @@ class Staff extends AuthenticatedUser {
             $sql .= 'staff_id='.db_input($var);
         elseif (Validator::is_email($var))
             $sql .= 'email='.db_input($var);
-        else
+        elseif (is_string($var))
             $sql .= 'username='.db_input($var);
+        else
+            return null;
 
         if(!($res=db_query($sql)) || !db_num_rows($res))
             return NULL;
@@ -748,9 +750,23 @@ class Staff extends AuthenticatedUser {
         if(!($email=$cfg->getAlertEmail()))
             $email = $cfg->getDefaultEmail();
 
-        $info = array('email' => $email, 'vars' => &$vars);
+        $info = array('email' => $email, 'vars' => &$vars, 'log'=>true);
         Signal::send('auth.pwreset.email', $this, $info);
 
+        if ($info['log'])
+            $ost->logWarning('Staff Password Reset', sprintf(
+               'Password reset was attempted for staff member: %s<br><br>
+                Requested-User-Id: %s<br>
+                Source-Ip: %s<br>
+                Email-Sent-To: %s<br>
+                Email-Sent-Via: %s',
+                $this->getName(),
+                $_POST['userid'],
+                $_SERVER['REMOTE_ADDR'],
+                $this->getEmail(),
+                $email->getEmail()
+            ), false);
+
         $msg = $ost->replaceTemplateVariables($template->asArray(), $vars);
 
         $_config = new Config('pwreset');

include/staff/tickets.inc.php

@@ -145,7 +145,7 @@ if ($_REQUEST['advsid'] && isset($_SESSION['adv_'.$_REQUEST['advsid']])) {
 }
 
 $sortOptions=array('date'=>'effective_date','ID'=>'`number`',
-    'pri'=>'priority_id','name'=>'user.name','subj'=>'subject',
+    'pri'=>'priority_urgency','name'=>'user.name','subj'=>'subject',
     'status'=>'ticket.status','assignee'=>'assigned','staff'=>'staff',
     'dept'=>'dept_name');
 
@@ -180,16 +180,16 @@ if(!$order_by ) {
     elseif(!strcasecmp($status,'closed'))
         $order_by='ticket.closed, ticket.created'; //No priority sorting for closed tickets.
     elseif($showoverdue) //priority> duedate > age in ASC order.
-        $order_by='priority_id, ISNULL(duedate) ASC, duedate ASC, effective_date ASC, ticket.created';
+        $order_by='priority_urgency ASC, ISNULL(duedate) ASC, duedate ASC, effective_date ASC, ticket.created';
     else //XXX: Add due date here?? No -
-        $order_by='priority_id, effective_date DESC, ticket.created';
+        $order_by='priority_urgency ASC, effective_date DESC, ticket.created';
 }
 
 $order=$order?$order:'DESC';
 if($order_by && strpos($order_by,',') && $order)
     $order_by=preg_replace('/(?<!ASC|DESC),/', " $order,", $order_by);
 
-$sort=$_REQUEST['sort']?strtolower($_REQUEST['sort']):'priority_id'; //Urgency is not on display table.
+$sort=$_REQUEST['sort']?strtolower($_REQUEST['sort']):'priority_urgency'; //Urgency is not on display table.
 $x=$sort.'_sort';
 $$x=' class="'.strtolower($order).'" ';
 
@@ -231,7 +231,7 @@ $qselect.=' ,IF(ticket.duedate IS NULL,IF(sla.id IS NULL, NULL, DATE_ADD(ticket.
          .' ,CONCAT_WS(" ", staff.firstname, staff.lastname) as staff, team.name as team '
          .' ,IF(staff.staff_id IS NULL,team.name,CONCAT_WS(" ", staff.lastname, staff.firstname)) as assigned '
          .' ,IF(ptopic.topic_pid IS NULL, topic.topic, CONCAT_WS(" / ", ptopic.topic, topic.topic)) as helptopic '
-         .' ,cdata.priority_id, cdata.subject';
+         .' ,cdata.priority_id, cdata.subject, pri.priority_desc, pri.priority_color';
 
 $qfrom.=' LEFT JOIN '.TICKET_LOCK_TABLE.' tlock ON (ticket.ticket_id=tlock.ticket_id AND tlock.expire>NOW()
                AND tlock.staff_id!='.db_input($thisstaff->getId()).') '
@@ -240,16 +240,11 @@ $qfrom.=' LEFT JOIN '.TICKET_LOCK_TABLE.' tlock ON (ticket.ticket_id=tlock.ticke
        .' LEFT JOIN '.SLA_TABLE.' sla ON (ticket.sla_id=sla.id AND sla.isactive=1) '
        .' LEFT JOIN '.TOPIC_TABLE.' topic ON (ticket.topic_id=topic.topic_id) '
        .' LEFT JOIN '.TOPIC_TABLE.' ptopic ON (ptopic.topic_id=topic.topic_pid) '
-       .' LEFT JOIN '.TABLE_PREFIX.'ticket__cdata cdata ON (cdata.ticket_id = ticket.ticket_id) ';
+       .' LEFT JOIN '.TABLE_PREFIX.'ticket__cdata cdata ON (cdata.ticket_id = ticket.ticket_id) '
+       .' LEFT JOIN '.PRIORITY_TABLE.' pri ON (pri.priority_id = cdata.priority_id)';
 
 TicketForm::ensureDynamicDataView();
 
-// Fetch priority information
-$res = db_query('select * from '.PRIORITY_TABLE);
-$prios = array();
-while ($row = db_fetch_array($res))
-    $prios[$row['priority_id']] = $row;
-
 $query="$qselect $qfrom $qwhere ORDER BY $order_by $order LIMIT ".$pageNav->getStart().",".$pageNav->getLimit();
 //echo $query;
 $hash = md5($query);
@@ -435,8 +430,8 @@ if ($results) {
                         $displaystatus="<b>$displaystatus</b>";
                     echo "<td>$displaystatus</td>";
                 } else { ?>
-                <td class="nohover" align="center" style="background-color:<?php echo $prios[$row['priority_id']]['priority_color']; ?>;">
-                    <?php echo $prios[$row['priority_id']]['priority_desc']; ?></td>
+                <td class="nohover" align="center" style="background-color:<?php echo $row['priority_color']; ?>;">
+                    <?php echo $row['priority_desc']; ?></td>
                 <?php
                 }
                 ?>

setup/doc/signals.md

@@ -56,7 +56,25 @@ the signal handler should be called.
 
 Signals in osTicket
 -------------------
-**auth.login.succeeded**
+#### ajax.client
+Sent before an AJAX request is processed for the client interface
+
+Context:
+Object<Dispatcher> - Dispatcher used to resolve and service the request
+
+Parameters:
+(none)
+
+#### ajax.scp
+Sent before an AJAX request is processed for the staff interface
+
+Context:
+Object<Dispatcher> - Dispatcher used to resolve and service the request
+
+Parameters:
+(none)
+
+#### auth.login.succeeded
 Sent after a successful login is process for a user
 
 Context:
@@ -65,7 +83,7 @@ Object<StaffSession> - Staff object retrieved from the login credentials
 Parameters:
 (none)
 
-**auth.login.failed**
+#### auth.login.failed
 Sent after an unsuccessful login is attempted by a user.
 
 Context:
@@ -75,7 +93,7 @@ Arguments:
   * **username**: *read-only* username submitted to the login form
   * **passowrd**: *read-only* password submitted to the login form
 
-**auth.pwreset.email**
+#### auth.pwreset.email
 Sent just before an email is sent to the user with the password reset token
 
 Context:
@@ -85,8 +103,10 @@ Parameters:
   * **email**: *read-only* email object used to send the email
   * **vars**: (array) template variables used to render the password-reset
         email template
+  * **log**: (bool) TRUE if a log should be appended to the system log
+        concerning the password reset attempt
 
-**auth.pwreset.login**
+#### auth.pwreset.login
 Sent just before processing the automatic login for the staff from the link
 and token provided in the password-reset email. This signal is only sent if
 the token presented is considered completely valid and the password for the
@@ -99,7 +119,7 @@ Parameters:
   * **page**: Page / URL sent in the redirect to the user. In other words,
         the next page the staff will see.
 
-**auth.pwchange**
+#### auth.pwchange
 Sent when the password for a user is changed
 
 Context:
@@ -107,3 +127,9 @@ Object<Staff> - Staff whose password is being changed
 
 Parameters:
   * **password**: New password (clear-text) for the user
+
+#### cron
+Sent at the end of a cron run
+
+Context:
+null