diff --git a/include/class.forms.php b/include/class.forms.php
index db13f4a436f217b128f57a2c75c621ce42f79bb7..a73b4e90dd42892592cb93362ac014f3faa47fb2 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -604,7 +604,7 @@ class TextareaField extends FormField {
if ($config['html'])
return Format::safe_html($value);
else
- return Format::htmlchars($value);
+ return nl2br(Format::htmlchars($value));
}
function export($value) {
@@ -1227,7 +1227,7 @@ class ThreadEntryWidget extends Widget {
?><div style="margin-bottom:0.5em;margin-top:0.5em"><strong><?php
echo Format::htmlchars($this->field->get('label'));
?></strong>:</div>
- <textarea name="<?php echo $this->field->get('name'); ?>"
+ <textarea style="width:100%;" name="<?php echo $this->field->get('name'); ?>"
placeholder="<?php echo Format::htmlchars($this->field->get('hint')); ?>"
<?php if (!$client) { ?>
data-draft-namespace="ticket.staff"
@@ -1237,7 +1237,7 @@ class ThreadEntryWidget extends Widget {
<?php } ?>
class="richtext draft draft-delete ifhtml"
cols="21" rows="8" style="width:80%;"><?php echo
- $this->value; ?></textarea>
+ Format::htmlchars($this->value); ?></textarea>
<?php
}
@@ -1248,6 +1248,7 @@ class ThreadEntryWidget extends Widget {
&& !$cfg->allowAttachmentsOnlogin())
|| ($cfg->allowAttachmentsOnlogin()
&& ($thisclient && $thisclient->isValid()))) { ?>
+ <div class="clear"><div>
<hr/>
<div><strong style="padding-right:1em;vertical-align:top">Attachments: </strong>
<div style="display:inline-block">
diff --git a/include/staff/directory.inc.php b/include/staff/directory.inc.php
index b922451076e984c61b95e870db888000bf2a1da9..35b0137fbc5f8654a911d797357db401b79d803d 100644
--- a/include/staff/directory.inc.php
+++ b/include/staff/directory.inc.php
@@ -11,7 +11,7 @@ if($_REQUEST['q']) {
if($searchTerm){
$query=db_real_escape($searchTerm,false); //escape the term ONLY...no quotes.
if(is_numeric($searchTerm)){
- $where.=" AND (staff.phone LIKE '%$query%' OR staff.phone_ext LIKE '%$query%' staff.mobile LIKE '%$query%') ";
+ $where.=" AND (staff.phone LIKE '%$query%' OR staff.phone_ext LIKE '%$query%' OR staff.mobile LIKE '%$query%') ";
}elseif(strpos($searchTerm,'@') && Validator::is_email($searchTerm)){
$where.=" AND staff.email='$query'";
}else{
diff --git a/include/staff/settings-alerts.inc.php b/include/staff/settings-alerts.inc.php
index 688e2a53ce49b3e2fdcfb028555ab1be291c9d6c..2f60d79689c3186f985dc26c5752218ad7296eb0 100644
--- a/include/staff/settings-alerts.inc.php
+++ b/include/staff/settings-alerts.inc.php
@@ -102,9 +102,11 @@
</em></th></tr>
<tr>
<td><em><b>Status: </b></em>
- <input name="assigned_alert_active" value="1" checked="checked" type="radio">Enable
+ <input name="assigned_alert_active" value="1" type="radio"
+ <?php echo $config['assigned_alert_active']?'checked="checked"':''; ?>>Enable
- <input name="assigned_alert_active" value="0" type="radio">Disable
+ <input name="assigned_alert_active" value="0" type="radio"
+ <?php echo !$config['assigned_alert_active']?'checked="checked"':''; ?>>Disable
<font class="error"> <?php echo $errors['assigned_alert_active']; ?></font>
</td>
</tr>
diff --git a/include/tnef_decoder.php b/include/tnef_decoder.php
index 91a5e59fe562c036f396a57be78f835065834aec..45ee5b5c074db014d98e69af2c2238697c550820 100644
--- a/include/tnef_decoder.php
+++ b/include/tnef_decoder.php
@@ -278,15 +278,14 @@ class TnefAttributeStreamReader extends TnefStreamReader {
$this->push($stream);
/* Number of attributes. */
$this->count = $this->_geti(32);
- $this->next();
}
function valid() {
- return (bool) $this->current;
+ return $this->count && $this->current;
}
function rewind() {
- $this->pos = 0;
+ $this->pos = 4;
}
protected function readPhpValue($type) {
@@ -350,10 +349,11 @@ class TnefAttributeStreamReader extends TnefStreamReader {
}
function next() {
- $this->count--;
-
- if ($this->length - $this->pos < 12)
+ if ($this->count <= 0) {
return $this->current = false;
+ }
+
+ $this->count--;
$have_mval = false;
$named_id = $value = null;
@@ -391,7 +391,7 @@ class TnefAttributeStreamReader extends TnefStreamReader {
$value = $this->readPhpValue($data_type);
} else {
$value = array();
- $k = $this->_geti(32);
+ $k = $this->_geti(32);
for ($i=0; $i < $k; $i++)
$value[] = $this->readPhpValue($data_type);
}
diff --git a/open.php b/open.php
index 3d9b90e81f73a9dbf46d8b0c91c2290e649e30d2..e0bc8fdcfb1ba75a1efca191e0a31cc06ac36930 100644
--- a/open.php
+++ b/open.php
@@ -32,10 +32,12 @@ if ($_POST) {
if (!$errors && $cfg->allowOnlineAttachments() && $_FILES['attachments'])
$vars['files'] = AttachmentFile::format($_FILES['attachments'], true);
+ // Drop the draft.. If there are validation errors, the content
+ // submitted will be displayed back to the user
+ Draft::deleteForNamespace('ticket.client.'.substr(session_id(), -12));
//Ticket::create...checks for errors..
if(($ticket=Ticket::create($vars, $errors, SOURCE))){
$msg='Support ticket request created';
- Draft::deleteForNamespace('ticket.client.'.substr(session_id(), -12));
//Logged in...simply view the newly created ticket.
if($thisclient && $thisclient->isValid()) {
session_write_close();
diff --git a/scp/banlist.php b/scp/banlist.php
index f2ec48446d0db70566e6c03db6dc629e38e922ad..dc6f25fe2c163897fecf0c941881d8d544a5cd5c 100644
--- a/scp/banlist.php
+++ b/scp/banlist.php
@@ -36,7 +36,7 @@ if($_POST && !$errors && $filter){
}elseif(!$errors){
$vars=array('w'=>'email',
'h'=>'equal',
- 'v'=>$_POST['val'],
+ 'v'=>trim($_POST['val']),
'filter_id'=>$filter->getId(),
'isactive'=>$_POST['isactive'],
'notes'=>$_POST['notes']);
@@ -52,9 +52,9 @@ if($_POST && !$errors && $filter){
$errors['err']='Unknown or invalid ban list';
}elseif(!$_POST['val'] || !Validator::is_email($_POST['val'])) {
$errors['err']=$errors['val']='Valid email address required';
- }elseif(BanList::includes($_POST['val'])) {
+ }elseif(BanList::includes(trim($_POST['val']))) {
$errors['err']=$errors['val']='Email already in the ban list';
- }elseif($filter->addRule('email','equal',$_POST['val'],array('isactive'=>$_POST['isactive'],'notes'=>$_POST['notes']))) {
+ }elseif($filter->addRule('email','equal',trim($_POST['val']),array('isactive'=>$_POST['isactive'],'notes'=>$_POST['notes']))) {
$msg='Email address added to ban list successfully';
$_REQUEST['a']=null;
//Add filter rule here.
diff --git a/scp/js/scp.js b/scp/js/scp.js
index 9c5990c1fd244939f7c364f423cc5dee6cc1c95b..b489006e1c67b774307efb890ba566815033361a 100644
--- a/scp/js/scp.js
+++ b/scp/js/scp.js
@@ -272,8 +272,9 @@ var scp_prep = function() {
$(document).on('submit', 'form', function() {
$('.dp', $(this)).each(function(i, e) {
var $e = $(e),
- d = $e.datepicker('getDate'),
- day = ('0'+d.getDate()).substr(-2),
+ d = $e.datepicker('getDate');
+ if (!d) return;
+ var day = ('0'+d.getDate()).substr(-2),
month = ('0'+(d.getMonth()+1)).substr(-2),
year = d.getFullYear();
$e.val(year+'-'+month+'-'+day);