- Nov 21, 2019
-
-
aydreeihn authored
This commit adds the 'Required to close tickets' warning to inline edit fields if they are configured with the Data Integrity box checked (Require entry to close a thread)
-
- Nov 19, 2019
-
-
Peter Rotich authored
Security Vulnerabilities
-
Peter Rotich authored
This commit addresses possible Arbitrary Method Invocation via AJAX file upload. To save some memory osTicket uses callback method to fetch the content of a file on mail fetch. $file['data'] was overloaded as a callback by simply checking if the content is callable, resulting in method invocation when content of the uploaded file is a callable. The address the issue we're not using locally set callback parameter / method.
-
Peter Rotich authored
This commit addresses a vulnerability on how osTicket authenticates auth-tokens used for auto-login to view ticket status. The validation process failed to handle unexpected type handling issue making it possible for users to exploit type juggling and authenticate using only email and ticket number.
-
Peter Rotich authored
This commit mitigates insufficient validation in mPDF library that enables a malicious intruder to inject arbitrary PHP objects via css @import utility that may result in Remote Code Execution.
-
Peter Rotich authored
Dialog: Highlight tab with error(s)
-
Peter Rotich authored
This commit addresses javascript error - on error - on a dialog modal with tab content.
- Nov 18, 2019
-
-
Peter Rotich authored
format: Clickable URLs
-
JediKev authored
This addresses issue 5176 where some Plaintext URLs are not completely clickable. This is due to the regex check for clickable URLs not including a few characters. This adds `[`, `]`, and `/` as matchable characters so urls like `https://test.com/cart/add?route=marketplace/extension/info&product[123]=3` will be completely clickable.
-
- Nov 14, 2019
-
-
aydreeihn authored
Queue Pages Default
-
aydreeihn authored
Remove page limit parenthesis
-
aydreeihn authored
Queue Pages Default
-
aydreeihn authored
Default to the page limit when the queue returns 0 results instead of 3 pages.
-
Peter Rotich authored
Add Time boundaries to Between date range
-
Peter Rotich authored
The date picker already has the user's timezone factored in to the selection. Removing user's timezone allows for admin set queues to maintain the original timezone selection.
-
Peter Rotich authored
Clear Overdue Flag on Due Date Change
-
- Nov 13, 2019
-
-
Peter Rotich authored
Add time boundaries to between data range dates and convert results to database timezone.
-
Peter Rotich authored
Clear overdue flag on SLA / Duedate change that results in a duedate in the future.
-
- Nov 12, 2019
-
-
Peter Rotich authored
Feature: Mark as Answered permission option
-
Peter Rotich authored
db: System Time Zone
-
Peter Rotich authored
db: System Time Zone
-
JediKev authored
This addresses issue 5156 where using something like AWS RDS shows incorrect timezone for the database. In systems like AWS RDS you cannot set the `@@global.system_time_zone` variable to anything other than `UTC` which is a problem. This updates `db_connect` to set the session timezone to the global timezone for every connection. This will ensure the appropriate timezone is used in subsequent methods.
-
- Nov 11, 2019
-
-
Peter Rotich authored
Modify Reopen Assignment
-
- Nov 08, 2019
-
-
Peter Rotich authored
issue: Format File Name
-
aydreeihn authored
This commit modifies the code to ensure that if the 'Disable auto assign on reopen' box is checked for a department, reopened tickets are open as unassigned when a ticket is reopened by a user's message as well as when an agent manually reopens the ticket.
-
- Nov 06, 2019
-
-
Peter Rotich authored
issue: DB Error #1062
-
JediKev authored
This formats the filename before using it in an error to avoid chance of XSS.
-
JediKev authored
This addresses a long-time issue of the famous `DB Error #1062` when uploading an Inline File to a Draft. The issue is that the system does not check if an Attachment record exists before creating a new one. We create a new Attachment record, we go to save it, and the system errors out because that record already exists. This adds a check to see if the Attachment record already exists and if so we use that instead of creating a new one.
-
- Nov 05, 2019
-
-
Peter Rotich authored
Issue: Edit Task Fields
-
Peter Rotich authored
issue: In-Reply-To Header
-
- Nov 04, 2019
-
-
aydreeihn authored
This commit fixes an issue where you were unable to edit custom fields if they were added to a task form after a task had been created.
-
- Nov 01, 2019
-
-
Peter Rotich authored
issue: Delete Org Session Failure
-
JediKev authored
This addresses an issue raised in 5111 where the `in-reply-to` header is not sent with outgoing emails. This is due to the `$recipients` variable being an instance of `MailingList` which is not handled correctly in `class.mailer.php`. This adds a new case to handle `MailingList` directly.
-
- Oct 31, 2019
-
-
Peter Rotich authored
issue: Attachment Filter
-
Peter Rotich authored
issue: Umlauts In Sender's Name
-
Peter Rotich authored
issue: Umlauts In Subject
-
- Oct 30, 2019
-
-
JediKev authored
This addresses an ORM failure where upon refetching an object from the database that no longer exists the system crashes hard. We use the `one()` method which expects one result, if there is no result it throws a `DoesNotExist` exception. We are not catching the exception properly which crashes osTicket and forces you to clear the session via browser or database.
-
JediKev authored
This addresses an issue on the Forum where deleting an Organization causes the session to fail. This is due to the Organization QuerySet being stored in the session and not being cleared out when deleted from the system. This causes the system to try to refetch the object from the database which it's not there as it's been deleted and therefore causes the session to crash.
-