Merge remote-tracking branch 'upstream/develop' into issue/kb-disambiguate

include/PasswordHash.php

@@ -48,7 +48,7 @@ class PasswordHash {
 	function get_random_bytes($count)
 	{
 		$output = '';
-		if (is_readable('/dev/urandom') &&
+		if (@is_readable('/dev/urandom') &&
 		    ($fh = @fopen('/dev/urandom', 'rb'))) {
 			$output = fread($fh, $count);
 			fclose($fh);

include/class.staff.php

@@ -82,20 +82,28 @@ class Staff {
     }
 
     /*compares user password*/
-    function check_passwd($password) {
+    function check_passwd($password, $autoupdate=true) {
 
         /*bcrypt based password match*/
         if(Passwd::cmp($password, $this->getPasswd()))
             return true;
 
-        /*Fall back to MD5 && force a password reset if it matches*/
-        if(strlen($this->getPasswd()) && !strcmp($this->getPasswd(), MD5($password))) {
+        //Fall back to MD5
+        if(!$password || strcmp($this->getPasswd(), MD5($password)))
+            return false;
+
+        //Password is a MD5 hash: rehash it (if enabled) otherwise force passwd change.
+        $sql='UPDATE '.STAFF_TABLE.' SET passwd='.db_input(Passwd::hash($password))
+            .' WHERE staff_id='.db_input($this->getId());
+
+        if(!$autoupdate || !db_query($sql))
             $this->forcePasswdRest();
 
-            return true;
-        }
+        return true;
+    }
 
-        return false;
+    function cmp_passwd($password) {
+        return $this->check_passwd($password, false);
     }
 
     function forcePasswdRest() {
@@ -406,7 +414,7 @@ class Staff {
             
             if(!$vars['cpasswd'])
                 $errors['cpasswd']='Current password required';
-            elseif(!$this->check_passwd($vars['cpasswd']))
+            elseif(!$this->cmp_passwd($vars['cpasswd']))
                 $errors['cpasswd']='Invalid current password!';
             elseif(!strcasecmp($vars['passwd1'], $vars['cpasswd']))
                 $errors['passwd1']='New password MUST be different from the current password!';

include/client/faq.inc.php

@@ -7,7 +7,7 @@ $category=$faq->getCategory();
 <h1>Frequently Asked Questions</h1>
 <div id="breadcrumbs">
     <a href="index.php">All Categories</a>
-    &raquo; <a href="faq.php?cid=<? echo $category->getId(); ?>"><? echo $category->getName(); ?></a>
+    &raquo; <a href="faq.php?cid=<?php echo $category->getId(); ?>"><?php echo $category->getName(); ?></a>
 </div>
 <div style="width:700;padding-top:2px; float:left;">
 <strong style="font-size:16px;"><?php echo $faq->getQuestion() ?></strong>
@@ -21,8 +21,8 @@ $category=$faq->getCategory();
 <?php
 if($faq->getNumAttachments()) { ?>
  <div><span class="faded"><b>Attachments:</b></span>  <?php echo $faq->getAttachmentsLinks(); ?></div>
-<?
-}?>
+<?php
+} ?>
 
 <div class="article-meta"><span class="faded"><b>Help Topics:</b></span>
     <?php echo ($topics=$faq->getHelpTopics())?implode(', ',$topics):' '; ?>

include/client/tickets.inc.php

@@ -147,12 +147,12 @@ $negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting
                 <a class="Icon <?php echo strtolower($row['source']); ?>Ticket" title="<?php echo $row['email']; ?>" 
                     href="tickets.php?id=<?php echo $row['ticketID']; ?>"><?php echo $ticketID; ?></a>
                 </td>
-                <td>&nbsp;<?=Format::db_date($row['created'])?></td>
-                <td>&nbsp;<?=ucfirst($row['status'])?></td>
+                <td>&nbsp;<?php echo Format::db_date($row['created']); ?></td>
+                <td>&nbsp;<?php echo ucfirst($row['status']); ?></td>
                 <td>
                     <a href="tickets.php?id=<?php echo $row['ticketID']; ?>"><?php echo $subject; ?></a>
                 </td>
-                <td>&nbsp;<?=Format::truncate($dept,30)?></td>
+                <td>&nbsp;<?php echo Format::truncate($dept,30); ?></td>
                 <td><?php echo $phone; ?></td>
             </tr>
         <?php

include/pear/Auth/SASL/DigestMD5.php

@@ -178,10 +178,10 @@ class Auth_SASL_DigestMD5 extends Auth_SASL_Common
     */
     function _getCnonce()
     {
-        if (file_exists('/dev/urandom') && $fd = @fopen('/dev/urandom', 'r')) {
+        if (@file_exists('/dev/urandom') && $fd = @fopen('/dev/urandom', 'r')) {
             return base64_encode(fread($fd, 32));
 
-        } elseif (file_exists('/dev/random') && $fd = @fopen('/dev/random', 'r')) {
+        } elseif (@file_exists('/dev/random') && $fd = @fopen('/dev/random', 'r')) {
             return base64_encode(fread($fd, 32));
 
         } else {

include/staff/cannedresponse.inc.php

@@ -92,7 +92,8 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                 <div>
                     <input type="file" name="attachments[]" value=""/>
                 </div>
-                <?}?>
+                <?php 
+                }?>
                 <div class="faded">You can upload up to 10 attachments per canned response.</div>
             </td>
         </tr>

include/staff/staff.inc.php

@@ -11,6 +11,7 @@ if($staff && $_REQUEST['a']!='add'){
     $passwd_text='To reset the password enter a new one below';
     $info=$staff->getInfo();
     $info['id']=$staff->getId();
+    $info['teams'] = $staff->getTeams();
     $qstr.='&id='.$staff->getId();
 }else {
     $title='Add New Staff';
@@ -295,6 +296,6 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
 <p style="padding-left:250px;">
     <input type="submit" name="submit" value="<?php echo $submit_text; ?>">
     <input type="reset"  name="reset"  value="Reset">
-    <input type="button" name="cancel" value="Cancel" onclick='window.location.href="departments.php"'>
+    <input type="button" name="cancel" value="Cancel" onclick='window.location.href="staff.php"'>
 </p>
 </form>

include/staff/ticket-edit.inc.php

@@ -66,7 +66,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$ticket->getUpdateInfo());
                     <option value="API"   <?php echo ($info['source']=='API')?'selected="selected"':''; ?>>API</option>
                     <option value="Other" <?php echo ($info['source']=='Other')?'selected="selected"':''; ?>>Other</option>
                 </select>
-                &nbsp;<font class="error"><b>*</b>&nbsp;<?=$errors['source']?></font>
+                &nbsp;<font class="error"><b>*</b>&nbsp;<?php echo $errors['source']; ?></font>
             </td>
         </tr>
         <tr>
@@ -85,7 +85,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$ticket->getUpdateInfo());
                     }
                     ?>
                 </select>
-                &nbsp;<font class="error"><b>*</b>&nbsp;<?=$errors['topicId']?></font>
+                &nbsp;<font class="error"><b>*</b>&nbsp;<?php echo $errors['topicId']; ?></font>
             </td>
         </tr>
         <tr>
@@ -104,7 +104,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$ticket->getUpdateInfo());
                     }
                     ?>
                 </select>
-                &nbsp;<font class="error">*&nbsp;<?=$errors['priorityId']?></font>
+                &nbsp;<font class="error">*&nbsp;<?php echo $errors['priorityId']; ?></font>
             </td>
         </tr>
         <tr>
@@ -123,7 +123,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$ticket->getUpdateInfo());
                     }
                     ?>
                 </select>
-                &nbsp;<font class="error">*&nbsp;<?=$errors['slaId']?></font>
+                &nbsp;<font class="error">*&nbsp;<?php echo $errors['slaId']; ?></font>
             </td>
         </tr>
         <tr>
@@ -131,8 +131,8 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$ticket->getUpdateInfo());
                 Subject:
             </td>
             <td>
-                 <input type="text" name="subject" size="60" value="<?=$info['subject']?>">
-                 &nbsp;<font class="error">*&nbsp;<?=$errors['subject']?></font>
+                 <input type="text" name="subject" size="60" value="<?php echo $info['subject']; ?>">
+                 &nbsp;<font class="error">*&nbsp;<?php $errors['subject']; ?></font>
             </td>
         </tr>
         <tr>
@@ -149,7 +149,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$ticket->getUpdateInfo());
                     
                 echo Misc::timeDropdown($hr, $min, 'time');
                 ?>
-                &nbsp;<font class="error">&nbsp;<?=$errors['duedate']?>&nbsp;<?php echo $errors['time']; ?></font>
+                &nbsp;<font class="error">&nbsp;<?php echo $errors['duedate']; ?>&nbsp;<?php echo $errors['time']; ?></font>
                 <em>Time is based on your time zone (GMT <?php echo $thisstaff->getTZoffset(); ?>)</em>
             </td>
         </tr>

include/staff/ticket-open.inc.php

@@ -30,7 +30,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
             <?php 
             if($cfg->notifyONNewStaffTicket()) { ?>
                &nbsp;&nbsp;&nbsp;
-               <input type="checkbox" name="alertuser" <?php echo (!$errors || $info['alertuser'])? 'checked="checked"': ''?>>Send alert to user.
+               <input type="checkbox" name="alertuser" <?php echo (!$errors || $info['alertuser'])? 'checked="checked"': ''; ?>>Send alert to user.
             <?php 
              } ?>
             </td>
@@ -71,7 +71,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                     <option value="Email" <?php echo ($info['source']=='Email')?'selected="selected"':''; ?>>Email</option>
                     <option value="Other" <?php echo ($info['source']=='Other')?'selected="selected"':''; ?>>Other</option>
                 </select>
-                &nbsp;<font class="error"><b>*</b>&nbsp;<?=$errors['source']?></font>
+                &nbsp;<font class="error"><b>*</b>&nbsp;<?php echo $errors['source']; ?></font>
             </td>
         </tr>
         <tr>
@@ -90,7 +90,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                     }
                     ?>
                 </select>
-                &nbsp;<font class="error"><b>*</b>&nbsp;<?=$errors['deptId']?></font>
+                &nbsp;<font class="error"><b>*</b>&nbsp;<?php echo $errors['deptId']; ?></font>
             </td>
         </tr>
 
@@ -110,7 +110,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                     }
                     ?>
                 </select>
-                &nbsp;<font class="error"><b>*</b>&nbsp;<?=$errors['topicId']?></font>
+                &nbsp;<font class="error"><b>*</b>&nbsp;<?php echo $errors['topicId']; ?></font>
             </td>
         </tr>
         <tr>
@@ -118,13 +118,13 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                 Subject:
             </td>
             <td>
-                 <input type="text" name="subject" size="55" value="<?=$info['subject']?>">
-                 &nbsp;<font class="error">*&nbsp;<?=$errors['subject']?></font>
+                 <input type="text" name="subject" size="55" value="<?php echo $info['subject']; ?>">
+                 &nbsp;<font class="error">*&nbsp;<?php echo $errors['subject']; ?></font>
             </td>
         </tr>
         <tr>
             <th colspan="2">
-                <em><strong>Issue summary</strong>: Detailed summary of the reason(s) of opening the ticket. <font class="error">*&nbsp;<?=$errors['issue']?></font></em>
+                <em><strong>Issue summary</strong>: Detailed summary of the reason(s) of opening the ticket. <font class="error">*&nbsp;<?php echo $errors['issue']; ?></font></em>
             </th>
         </tr>
         <tr>
@@ -179,14 +179,14 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                 <div class="file_input">
                     <input type="file" class="multifile" name="attachments[]" size="30" value="" />
                 </div>
-            <?
+            <?php
             } ?>
             </td>
         </tr>
 
         <tr>
             <th colspan="2">
-                <em><strong>Internal Note</strong>: Optional internal note (recommended on assignment) <font class="error">&nbsp;<?php echo $errors['note'];?></font></em>
+                <em><strong>Internal Note</strong>: Optional internal note (recommended on assignment) <font class="error">&nbsp;<?php echo $errors['note']; ?></font></em>
             </th>
         </tr>
         <tr>
@@ -213,7 +213,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                     
                 echo Misc::timeDropdown($hr, $min, 'time');
                 ?>
-                &nbsp;<font class="error">&nbsp;<?=$errors['duedate']?>&nbsp;<?php echo $errors['time']; ?></font>
+                &nbsp;<font class="error">&nbsp;<?php echo $errors['duedate']; ?> &nbsp; <?php echo $errors['time']; ?></font>
                 <em>Time is based on your time zone (GMT <?php echo $thisstaff->getTZoffset(); ?>)</em>
             </td>
         </tr>
@@ -233,7 +233,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                     }
                     ?>
                 </select>
-                &nbsp;<font class="error">&nbsp;<?=$errors['priorityId']?></font>
+                &nbsp;<font class="error">&nbsp;<?php echo $errors['priorityId']; ?></font>
             </td>
         </tr>
         <?php
@@ -269,6 +269,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
         </tr>
         <?php
         } ?>
+
         <?php
         if($thisstaff->canCloseTickets()) { ?>
         <tr>
@@ -290,7 +291,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
                 ?>
                 <label><input type="radio" name="signature" value="none" checked="checked"> None</label>
                 <?php
-                if($thisstaff->getSignature()) {?>
+                if($thisstaff->getSignature()) { ?>
                     <label><input type="radio" name="signature" value="mine"
                         <?php echo ($info['signature']=='mine')?'checked="checked"':''; ?>> My signature</label>
                 <?php

include/upgrader/prereq.inc.php

@@ -14,9 +14,9 @@ if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access D
             <h3>Prerequisites: <font color="red"><?php echo $errors['prereq']; ?></font></h3>
             These items are necessary in order to run the latest version of osTicket.
             <ul class="progress">
-                <li class="<? echo $upgrader->check_php()?'yes':'no'; ?>">
+                <li class="<?php echo $upgrader->check_php()?'yes':'no'; ?>">
                 PHP v4.3 or greater - (<small><b><?php echo PHP_VERSION; ?></b></small>)</li>
-                <li class="<? echo $upgrader->check_mysql()?'yes':'no'; ?>">
+                <li class="<?php echo $upgrader->check_mysql()?'yes':'no'; ?>">
                 MySQL v4.4 or greater - (<small><b><?php echo extension_loaded('mysql')?'module loaded':'missing!'; ?></b></small>)</li>
             </ul>
             <h3>Higly Recommended:</h3>

scp/dashboard.php

@@ -63,6 +63,6 @@ member.</p>
 
 <div id="table-here"></div>
 
-<?
+<?php
 include(STAFFINC_DIR.'footer.inc.php');
 ?>

setup/inc/install-prereq.inc.php

@@ -14,17 +14,17 @@ if(!defined('SETUPINC')) die('Kwaheri!');
             <h3>Required: <font color="red"><?php echo $errors['prereq']; ?></font></h3>
             These items are necessary in order to install and use osTicket.
             <ul class="progress">
-                <li class="<? echo $installer->check_php()?'yes':'no'; ?>">
+                <li class="<?php echo $installer->check_php()?'yes':'no'; ?>">
                 PHP v4.3 or greater - (<small><b><?php echo PHP_VERSION; ?></b></small>)</li>
-                <li class="<? echo $installer->check_mysql()?'yes':'no'; ?>">
+                <li class="<?php echo $installer->check_mysql()?'yes':'no'; ?>">
                 MySQL v4.4 or greater - (<small><b><?php echo extension_loaded('mysql')?'module loaded':'missing!'; ?></b></small>)</li>
             </ul>
             <h3>Recommended:</h3>
             You can use osTicket without these, but you may not be able to use all features.
             <ul class="progress">
-                <li class="<? echo extension_loaded('mcrypt')?'yes':'no'; ?>">Mcrypt extension</li>
-                <li class="<? echo extension_loaded('gd')?'yes':'no'; ?>">Gdlib extension</li>
-                <li class="<? echo extension_loaded('imap')?'yes':'no'; ?>">PHP IMAP extension</li>
+                <li class="<?php echo extension_loaded('mcrypt')?'yes':'no'; ?>">Mcrypt extension</li>
+                <li class="<?php echo extension_loaded('gd')?'yes':'no'; ?>">Gdlib extension</li>
+                <li class="<?php echo extension_loaded('imap')?'yes':'no'; ?>">PHP IMAP extension</li>
             </ul>
             <div id="bar">
                 <form method="post" action="install.php">

setup/test/lint.php

@@ -44,7 +44,40 @@ if (strlen($syntax_errors)) {
     echo "$syntax_errors";
     exit();
 } else {
+    echo "pass\n";
+}
+
+function line_number_for_offset($filename, $offset) {
+    $lines = file($filename);
+    $bytes = $line = 0;
+    while ($bytes < $offset) {
+        $bytes += strlen(array_shift($lines));
+        $line += 1;
+    }
+    return $line;
+}
+echo "Short open tags: ";
+$fails = array();
+foreach ($scripts as $s) {
+    $matches = array();
+    if (preg_match_all('/<\?\s*(?!php|xml).*$/m', file_get_contents($s), $matches,
+            PREG_OFFSET_CAPTURE) > 0) {
+        foreach ($matches[0] as $match)
+            $fails[] = array(
+                str_replace($root.'/', '', $s),
+                $match[0],
+                line_number_for_offset($s, $match[1]));
+    }
+}
+if (count($fails)) {
+    echo "FAIL\n";
+    echo "-------------------------------------------------------\n";
+    foreach ($fails as $f)
+        echo sprintf("In %s, line %d: %s\n", $f[0], $f[2],
+            str_replace("\n", " ", $f[1]));
     echo "\n";
+} else {
+    echo "pass\n";
 }
 
 # Run phplint across all php files