eric/hesk-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hesk v3.2.0

Browse Source
This commit is contained in:
Luke Tainton
2021-03-06 16:23:18 +00:00
parent a5296eea55
commit ac0640212a
222 changed files with 16911 additions and 1089 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
hesk/admin/admin_main.php
View File

@@ -50,27 +50,6 @@ hesk_handle_messages();
/* Print tickets? */
if (hesk_checkPermission('can_view_tickets',0))
{
if ( ! isset($_SESSION['hide']['ticket_list']) )
{
// Show 'Tickets' if resolved tickets are shown by default
if (isset($_SESSION['default_list']) && strpos($_SESSION['default_list'], 's3=1') !== false) {
$table_title = $hesklang['tickets'];
} else {
$table_title = $hesklang['open_tickets'];
}
$header_text = '
<section style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 16px">
<h2 style="font-size: 18px; font-weight: bold">'.$table_title.' (%%HESK_TICKET_COUNT%%)</h2>
<div class="checkbox-custom">
<input type="checkbox" id="reloadCB" onclick="toggleAutoRefresh(this);">
<label for="reloadCB">'.$hesklang['arp'].'</label>&nbsp;<span id="timer"></span>
<script type="text/javascript">heskCheckReloading();</script>
</div>
</section>
';
}
/* Reset default settings? */
if ( isset($_GET['reset']) && hesk_token_check() )
{
@@ -85,6 +64,7 @@ if (hesk_checkPermission('can_view_tickets',0))
}
/* Print the list of tickets */
$href = 'admin_main.php';
require(HESK_PATH . 'inc/print_tickets.inc.php');
echo "&nbsp;<br />";

61
hesk/admin/admin_reply_ticket.php
View File

@@ -39,6 +39,19 @@ hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Prevent flooding - multiple replies within a few seconds are probably not valid
if ($hesk_settings['flood'])
{
if (isset($_SESSION['last_reply_timestamp']) && (time() - $_SESSION['last_reply_timestamp']) < $hesk_settings['flood'])
{
hesk_error($hesklang['e_flood']);
}
else
{
$_SESSION['last_reply_timestamp'] = time();
}
}
/* Check permissions for this feature */
hesk_checkPermission('can_reply_tickets');
@@ -76,6 +89,29 @@ require_once(HESK_PATH . 'inc/statuses.inc.php');
if (strlen($message))
{
$message_html = $message;
// Handle rich-text tickets
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$message_html = hesk_html_entity_decode($message_html);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$message_html = $purifier->heskPurify($message_html);
$message = convert_html_to_text($message_html);
$message = fix_newlines($message);
// Re-encode the message
$message = hesk_htmlspecialchars($message);
} elseif ($hesk_settings['staff_ticket_formatting'] == 0) {
$message_html = hesk_makeURL($message_html);
$message_html = nl2br($message_html);
}
// Save message for later and ignore the rest?
if ( isset($_POST['save_reply']) )
{
@@ -83,7 +119,7 @@ if (strlen($message))
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id']));
// Save the message draft
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`, `message_html`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."', '".hesk_dbEscape($message_html)."')");
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
@@ -97,7 +133,7 @@ if (strlen($message))
elseif ($_SESSION['afterreply'] == 2)
{
/* Get the next open ticket that needs a reply */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') AND `id` != ".intval($ticket['id']). " ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
@@ -121,6 +157,14 @@ if (strlen($message))
if ( ! $submit_as_customer && ! empty($_POST['signature']) && strlen($_SESSION['signature']))
{
$message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
// Make signature links clickable
$signature = hesk_makeURL($_SESSION['signature']);
// Turn newlines into <br /> tags
$signature = nl2br($signature);
$message_html .= "<br/><br/>" . addslashes($signature) . "<br/>";
}
// Make links clickable
@@ -188,11 +232,11 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments))
// Add reply
if ($submit_as_customer)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."<br /><br /><i>{$hesklang['creb']} {$_SESSION['name']}</i>")."',NOW(),'".hesk_dbEscape($myattachments)."')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`message_html`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."<br /><br /><i>{$hesklang['creb']} ".addslashes($_SESSION['name'])."</i>")."','".hesk_dbEscape($message_html."<br /><br /><i>{$hesklang['creb']} ".addslashes($_SESSION['name'])."</i>")."',NOW(),'".hesk_dbEscape($myattachments)."')");
}
else
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`message_html`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."','".hesk_dbEscape($message_html)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
}
/* Track ticket status changes for history */
@@ -214,7 +258,7 @@ if ( ! empty($_POST['set_priority']) )
3 => $hesklang['low']
);
$revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$priority_sql = ",`priority`='$priority', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
@@ -237,7 +281,7 @@ elseif ($submit_as_customer)
if ($ticket['status'] != $new_status)
{
$revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang['wait_reply'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang['wait_reply'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
}
@@ -274,7 +318,7 @@ else
if ($ticket['status'] != $new_status && $new_status != 2)
{
$revision = sprintf($hesklang['thist9'],hesk_date(),$data['name'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist9'],hesk_date(),addslashes($data['name']),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$sql_status .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
@@ -314,7 +358,7 @@ else
if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0))
{
$revision = sprintf($hesklang['thist2'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')',$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$sql .= " , `owner`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
@@ -355,6 +399,7 @@ $info = array(
'attachments' => $myattachments,
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'language' => $ticket['language'],
'time_worked' => $ticket['time_worked'],

18
hesk/admin/admin_settings_email.php
View File

@@ -622,6 +622,7 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') )
<input type="hidden" name="tmp_imap_user" value="<?php echo $hesk_settings['imap_user']; ?>" />
<input type="hidden" name="tmp_imap_password" value="<?php echo $hesk_settings['imap_password']; ?>" />
<input type="hidden" name="tmp_imap_enc" value="<?php echo $hesk_settings['imap_enc']; ?>" />
<input type="hidden" name="tmp_imap_noval_cert" value="<?php echo $hesk_settings['imap_noval_cert']; ?>" />
<input type="hidden" name="tmp_imap_keep" value="<?php echo $hesk_settings['imap_keep']; ?>" />
<div class="checkbox-group row">
<h5>
@@ -726,6 +727,19 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') )
<input type="radio" name="s_imap_enc" value="" id="i3" <?php echo $none; echo $onload_status; ?>>
<label for="i3"><?php echo $hesklang['none']; ?></label>
</div>
<div id="div_imap_noval_cert" style="display:<?php echo ($hesk_settings['imap_enc'] == 'ssl' || $hesk_settings['imap_enc'] == 'tls') ? 'block' : 'none'; ?>">
<div class="checkbox-custom">
<input type="checkbox" id="i10" name="s_imap_noval_cert" value="1" <?php if ($hesk_settings['imap_noval_cert']) {echo 'checked';} ?>>
<label for="i10"><?php echo $hesklang['noval_cert']; ?></label>
<a onclick="hesk_window('<?php echo $help_folder; ?>email.html#68','400','500')">
<div class="tooltype right">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</div>
</div>
</div>
</div>
<div class="checkbox-group row">
@@ -800,13 +814,15 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') )
var s_imap_user = document.getElementById('i5').value;
var s_imap_password = document.getElementById('i6').value;
var s_imap_enc = document.getElementById('i4').checked ? 'tls' : (document.getElementById('i9').checked ? 'ssl' : '');
var s_imap_noval_cert = document.getElementById('i10').checked ? '1' : '0';
var params = "test=imap" +
"&s_imap_host_name=" + encodeURIComponent( s_imap_host_name ) +
"&s_imap_host_port=" + encodeURIComponent( s_imap_host_port ) +
"&s_imap_user=" + encodeURIComponent( s_imap_user ) +
"&s_imap_password=" + encodeURIComponent( s_imap_password ) +
"&s_imap_enc=" + encodeURIComponent( s_imap_enc );
"&s_imap_enc=" + encodeURIComponent( s_imap_enc ) +
"&s_imap_noval_cert=" + encodeURIComponent( s_imap_noval_cert );
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)

21
hesk/admin/admin_settings_general.php
View File

@@ -239,6 +239,27 @@ hesk_handle_messages();
<?php echo $hesklang['test_theme_folder']; ?>
</button>
</div>
<div class="checkbox-group">
<h5>
<span><?php echo $hesklang['admin_css']; ?></span>
<a onclick="hesk_window('<?php echo $help_folder; ?>general.html#59','400','500')">
<div class="tooltype right" style="vertical-align: top;">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</h5>
<div class="checkbox-list">
<div class="checkbox-custom">
<input type="checkbox" id="s_admin_css" name="s_admin_css" value="1" onchange="hesk_toggleLayerDisplay('admin_css');" <?php if ($hesk_settings['admin_css']) {echo 'checked';} ?>>
<label for="s_admin_css"><?php echo $hesklang['admin_css2']; ?></label>
</div>
<div id="admin_css" style="margin-left:25px;display:<?php echo $hesk_settings['admin_css'] ? 'block' : 'none'; ?>">
<input type="text" class="form-control" name="s_admin_css_url" maxlength="255" value="<?php echo $hesk_settings['admin_css_url']; ?>">
</div>
</div>
</div>
</section>
<section class="settings__form_block language">
<h3><?php echo $hesklang['lgs']; ?></h3>

109
hesk/admin/admin_settings_help_desk.php
View File

@@ -159,6 +159,17 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) {
}
return true;
}
function hesk_generateUrlAccessKey(fID) {
var length = Math.random() * (30 - 20) + 20;
var result = '';
var characters = 'abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ1234567890-_.';
var charactersLength = characters.length;
for ( var i = 0; i < length; i++ ) {
result += characters.charAt(Math.floor(Math.random() * charactersLength));
}
$('#' + fID).val(result);
}
//-->
</script>
<form method="post" action="admin_settings_save.php" name="form1" onsubmit="return hesk_checkFields()">
@@ -257,6 +268,20 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) {
</label>
<input type="text" class="form-control" name="s_max_open" size="5" maxlength="3" value="<?php echo $hesk_settings['max_open']; ?>">
</div>
<div class="form-group short">
<label>
<span><?php echo $hesklang['set_ds']; ?></span>
<a onclick="hesk_window('<?php echo $help_folder; ?>helpdesk.html#84','400','500')">
<div class="tooltype right">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</label>
<input type="text" class="form-control" name="s_due_soon" size="5" maxlength="3" value="<?php echo $hesk_settings['due_soon']; ?>">
<span><?php echo $hesklang['set_ds2']; ?></span>
</div>
<div class="radio-group mt24">
<h5>
<span><?php echo $hesklang['rord']; ?></span>
@@ -844,6 +869,32 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) {
<input type="text" class="form-control" name="s_cat_show_select" maxlength="3" value="<?php echo $hesk_settings['cat_show_select']; ?>">
<span><?php echo $hesklang['scat2']; ?></span>
</div>
<?php
$plain = $hesk_settings['staff_ticket_formatting']==0 ? 'checked' : '';
$html = $hesk_settings['staff_ticket_formatting']==2 ? 'checked' : '';
?>
<div class="radio-group">
<h5>
<span><?php echo $hesklang['ticket_formatting_staff']; ?></span>
<a onclick="hesk_window('<?php echo $help_folder; ?>helpdesk.html#80','400','500')">
<div class="tooltype right">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</h5>
<div class="radio-list">
<div class="radio-custom">
<input type="radio" id="s_ticket_formatting_staff0" name="s_ticket_formatting_staff" value="0" <?php echo $plain; ?>>
<label for="s_ticket_formatting_staff0"><?php echo $hesklang['ticket_formatting_plaintext']; ?></label>
</div>
<div class="radio-custom">
<input type="radio" id="s_ticket_formatting_staff2" name="s_ticket_formatting_staff" value="2" <?php echo $html; ?>>
<label for="s_ticket_formatting_staff2"><?php echo $hesklang['ticket_formatting_rich_text']; ?></label>
</div>
</div>
</div>
</section>
<section class="settings__form_block">
<h3><?php echo $hesklang['sp']; ?></h3>
@@ -1032,6 +1083,20 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) {
</label>
<input type="text" class="form-control" name="s_attempt_banmin" maxlength="3" value="<?php echo $hesk_settings['attempt_banmin']; ?>">
</div>
<div class="form-group short">
<label>
<span><?php echo $hesklang['flood']; ?></span>
<a onclick="hesk_window('<?php echo $help_folder; ?>helpdesk.html#81','400','500')">
<div class="tooltype right">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</label>
<input type="text" class="form-control" name="s_flood" maxlength="3" value="<?php echo $hesk_settings['flood']; ?>">
<span><?php echo $hesklang['seconds']; ?></span>
</div>
<div class="checkbox-group">
<h5>
<span><?php echo $hesklang['passr']; ?></span>
@@ -1080,6 +1145,29 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) {
<label for="s_x_frame_opt"><?php echo $hesklang['frames2']; ?></label>
</div>
</div>
<div class="form-group">
<label>
<span><?php echo $hesklang['cookies']; ?></span>
<a onclick="hesk_window('<?php echo $help_folder; ?>helpdesk.html#82','400','500')">
<div class="tooltype right">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</label>
<div class="dropdown-select center out-close">
<select name="s_samesite" id="samesite-select">
<?php
$samesite_options = array('Strict', 'Lax', 'None');
foreach ($samesite_options as $samesite_option)
{
echo '<option value="' . $samesite_option . '"' . ($hesk_settings['samesite'] == $samesite_option ? ' selected' : '') . '>' . $samesite_option . '</option>';
}
?>
</select>
</div>
</div>
<div class="checkbox-group">
<h5>
<span><?php echo $hesklang['ssl']; ?></span>
@@ -1100,6 +1188,27 @@ if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) {
<?php endif; ?>
</div>
</div>
<div>
<div class="form-group">
<label for="s_url_key">
<span><?php echo $hesklang['ukey']; ?></span>
<a onclick="hesk_window('<?php echo $help_folder; ?>helpdesk.html#83','400','500')">
<div class="tooltype right">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
</div>
</a>
</label>
<input class="form-control" type="text" id="url_key" name="s_url_key" value="<?php echo hesk_htmlentities($hesk_settings['url_key']); ?>">
</div>
<div class="form-group">
<h5></h5>
<button style="margin-left: 24px" type="button" class="btn btn--blue-border" onclick="Javascript:hesk_generateUrlAccessKey('url_key')">
<?php echo $hesklang['ukeyg']; ?>
</button>
</div>
</div>
</section>
<section class="settings__form_block">
<h3><?php echo $hesklang['attachments']; ?></h3>

39
hesk/admin/admin_settings_save.php
View File

@@ -58,10 +58,10 @@ if ($section === 'GENERAL') {
/* --> General settings */
$set['site_title'] = hesk_input( hesk_POST('s_site_title'), $hesklang['err_sname']);
$set['site_title'] = str_replace('\\&quot;','&quot;',$set['site_title']);
$set['site_url'] = hesk_input( hesk_POST('s_site_url'), $hesklang['err_surl']);
$set['site_url'] = hesk_validateURL( hesk_POST('s_site_url'), $hesklang['err_surl']);
$set['hesk_title'] = hesk_input( hesk_POST('s_hesk_title'), $hesklang['err_htitle']);
$set['hesk_title'] = str_replace('\\&quot;','&quot;',$set['hesk_title']);
$set['hesk_url'] = rtrim( hesk_input( hesk_POST('s_hesk_url'), $hesklang['err_hurl']), '/');
$set['hesk_url'] = rtrim( hesk_validateURL( hesk_POST('s_hesk_url'), $hesklang['err_hurl']), '/');
$set['webmaster_mail'] = hesk_validateEmail( hesk_POST('s_webmaster_mail'), $hesklang['err_wmmail']);
$set['noreply_mail'] = hesk_validateEmail( hesk_POST('s_noreply_mail'), $hesklang['err_nomail']);
$set['noreply_name'] = hesk_input( hesk_POST('s_noreply_name') );
@@ -75,6 +75,12 @@ if ($section === 'GENERAL') {
} else {
hesk_error($hesklang['err_site_theme']);
}
$set['admin_css'] = empty($_POST['s_admin_css']) ? 0 : 1;
$set['admin_css_url'] = hesk_validateURL( hesk_POST('s_admin_css_url', 'https://www.example.com/hesk-style.css'));
if ($set['admin_css_url'] == '' || $set['admin_css_url'] == 'https://www.example.com/hesk-style.css') {
$set['admin_css'] = 0;
$set['admin_css_url'] = 'https://www.example.com/hesk-style.css';
}
/* --> Language settings */
$set['can_sel_lang'] = empty($_POST['s_can_sel_lang']) ? 0 : 1;
@@ -134,6 +140,7 @@ if ($section === 'GENERAL') {
$set['print_font_size'] = hesk_checkMinMax( intval( hesk_POST('s_print_font_size') ) , 1, 99, 12);
$set['autoclose'] = hesk_checkMinMax( intval( hesk_POST('s_autoclose') ) , 0, 999, 7);
$set['max_open'] = hesk_checkMinMax( intval( hesk_POST('s_max_open') ) , 0, 999, 0);
$set['due_soon'] = hesk_checkMinMax( intval( hesk_POST('s_due_soon') ) , 1, 999, 7);
$set['new_top'] = empty($_POST['s_new_top']) ? 0 : 1;
$set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
$set['hide_replies'] = hesk_checkMinMax( intval( hesk_POST('s_hide_replies') ) , -1, 1, -1);
@@ -167,6 +174,11 @@ if ($section === 'GENERAL') {
$set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
$set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
$set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10);
$set['staff_ticket_formatting'] = hesk_checkMinMax( intval( hesk_POST('s_ticket_formatting_staff') ) , 0, 2, 0);
// Temporary until Markdown support
if ($set['staff_ticket_formatting'] == 1) {
$set['staff_ticket_formatting'] = 0;
}
/* --> SPAM prevention */
$set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : ( hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@@ -189,9 +201,14 @@ if ($section === 'GENERAL') {
$set['attempt_limit']++;
}
$set['attempt_banmin'] = hesk_checkMinMax( intval( hesk_POST('s_attempt_banmin') ) , 5, 99999, 60);
$set['flood'] = hesk_checkMinMax( intval( hesk_POST('s_flood') ) , 0, 999, 3);
$set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
$set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1);
$set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1;
$set['samesite'] = hesk_POST('s_samesite', 'Lax');
if ( ! in_array($set['samesite'], array('Strict', 'Lax', 'None'))) {
$set['samesite'] = 'Lax';
}
$set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0;
// Make sure help desk URL starts with https if forcing SSL
@@ -200,6 +217,9 @@ if ($section === 'GENERAL') {
$set['hesk_url'] = preg_replace('/^http:/i', 'https:', hesk_getProperty($set, 'hesk_url') );
}
$set['url_key'] = hesk_input( hesk_POST('s_url_key') );
$set['url_key'] = preg_replace('/[^a-zA-Z0-9_.-]/', '', $set['url_key']);
/* --> Attachments */
$set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1;
if ($set['attachments']['use'])
@@ -212,7 +232,7 @@ if ($section === 'GENERAL') {
$set['attachments']['max_size'] = hesk_formatUnits($size . ' ' . $unit);
$set['attachments']['allowed_types'] = isset($_POST['s_allowed_types']) && ! is_array($_POST['s_allowed_types']) && strlen($_POST['s_allowed_types']) ? explode(',', strtolower( preg_replace('/[^a-zA-Z0-9,]/', '', $_POST['s_allowed_types']) ) ) : array();
$set['attachments']['allowed_types'] = array_diff($set['attachments']['allowed_types'], array('php', 'php4', 'php3', 'php5', 'phps', 'phtml', 'shtml', 'shtm', 'cgi', 'pl') );
$set['attachments']['allowed_types'] = array_diff($set['attachments']['allowed_types'], array('php', 'php4', 'php3', 'php5', 'php7', 'php8', 'phps', 'phar', 'phtml', 'shtml', 'shtm', 'cgi', 'pl') );
if (count($set['attachments']['allowed_types']))
{
@@ -338,6 +358,7 @@ if ($section === 'GENERAL') {
$set['imap_host_port'] = intval( hesk_POST('tmp_imap_host_port', 110) );
$set['imap_enc'] = hesk_POST('tmp_imap_enc');
$set['imap_enc'] = ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : '';
$set['imap_noval_cert'] = empty($_POST['tmp_imap_noval_cert']) ? 0 : 1;
$set['imap_keep'] = empty($_POST['tmp_imap_keep']) ? 0 : 1;
$set['imap_user'] = hesk_input( hesk_POST('tmp_imap_user') );
$set['imap_password'] = hesk_input( hesk_POST('tmp_imap_password') );
@@ -472,12 +493,12 @@ if ($section === 'GENERAL') {
$set['time_display'] = empty($_POST['s_time_display']) ? 0 : 1;
/* --> Other */
$set['ip_whois'] = hesk_input( hesk_POST('s_ip_whois_url', 'https://whois.domaintools.com/{IP}') );
$set['ip_whois'] = hesk_validateURL( hesk_POST('s_ip_whois_url', 'https://whois.domaintools.com/{IP}') );
// If no {IP} tag append it to the end
if ( strlen($set['ip_whois']) == 0 )
{
$set['ip_whois'] = 'http://whois.domaintools.com/{IP}';
$set['ip_whois'] = 'https://whois.domaintools.com/{IP}';
}
elseif ( strpos($set['ip_whois'], '{IP}') === false )
{
@@ -509,6 +530,8 @@ $hesk_settings[\'webmaster_mail\']=\'' . hesk_getProperty($set, 'webmaster_mail'
$hesk_settings[\'noreply_mail\']=\'' . hesk_getProperty($set, 'noreply_mail') . '\';
$hesk_settings[\'noreply_name\']=\'' . hesk_getProperty($set, 'noreply_name') . '\';
$hesk_settings[\'site_theme\']=\'' . hesk_getProperty($set, 'site_theme') . '\';
$hesk_settings[\'admin_css\']=' . hesk_getProperty($set, 'admin_css') . ';
$hesk_settings[\'admin_css_url\']=\'' . hesk_getProperty($set, 'admin_css_url') . '\';
// --> Language settings
$hesk_settings[\'can_sel_lang\']=' . hesk_getProperty($set, 'can_sel_lang') . ';
@@ -535,6 +558,7 @@ $hesk_settings[\'max_listings\']=' . hesk_getProperty($set, 'max_listings') . ';
$hesk_settings[\'print_font_size\']=' . hesk_getProperty($set, 'print_font_size') . ';
$hesk_settings[\'autoclose\']=' . hesk_getProperty($set, 'autoclose') . ';
$hesk_settings[\'max_open\']=' . hesk_getProperty($set, 'max_open') . ';
$hesk_settings[\'due_soon\']=' . hesk_getProperty($set, 'due_soon') . ';
$hesk_settings[\'new_top\']=' . hesk_getProperty($set, 'new_top') . ';
$hesk_settings[\'reply_top\']=' . hesk_getProperty($set, 'reply_top') . ';
$hesk_settings[\'hide_replies\']=' . hesk_getProperty($set, 'hide_replies') . ';
@@ -560,6 +584,7 @@ $hesk_settings[\'short_link\']=' . hesk_getProperty($set, 'short_link') . ';
$hesk_settings[\'select_cat\']=' . hesk_getProperty($set, 'select_cat') . ';
$hesk_settings[\'select_pri\']=' . hesk_getProperty($set, 'select_pri') . ';
$hesk_settings[\'cat_show_select\']=' . hesk_getProperty($set, 'cat_show_select') . ';
$hesk_settings[\'staff_ticket_formatting\']=' . hesk_getProperty($set, 'staff_ticket_formatting') . ';
// --> SPAM Prevention
$hesk_settings[\'secimg_use\']=' . hesk_getProperty($set, 'secimg_use') . ';
@@ -574,10 +599,13 @@ $hesk_settings[\'question_ans\']=\'' . hesk_getProperty($set, 'question_ans') .
// --> Security
$hesk_settings[\'attempt_limit\']=' . hesk_getProperty($set, 'attempt_limit') . ';
$hesk_settings[\'attempt_banmin\']=' . hesk_getProperty($set, 'attempt_banmin') . ';
$hesk_settings[\'flood\']=' . hesk_getProperty($set, 'flood') . ';
$hesk_settings[\'reset_pass\']=' . hesk_getProperty($set, 'reset_pass') . ';
$hesk_settings[\'email_view_ticket\']=' . hesk_getProperty($set, 'email_view_ticket') . ';
$hesk_settings[\'x_frame_opt\']=' . hesk_getProperty($set, 'x_frame_opt') . ';
$hesk_settings[\'samesite\']=\'' . hesk_getProperty($set, 'samesite') . '\';
$hesk_settings[\'force_ssl\']=' . hesk_getProperty($set, 'force_ssl') . ';
$hesk_settings[\'url_key\']=\'' . hesk_getProperty($set, 'url_key') . '\';
// --> Attachments
$hesk_settings[\'attachments\']=array (
@@ -640,6 +668,7 @@ $hesk_settings[\'imap_job_wait\']=' . hesk_getProperty($set, 'imap_job_wait') .
$hesk_settings[\'imap_host_name\']=\'' . hesk_getProperty($set, 'imap_host_name') . '\';
$hesk_settings[\'imap_host_port\']=' . hesk_getProperty($set, 'imap_host_port') . ';
$hesk_settings[\'imap_enc\']=\'' . hesk_getProperty($set, 'imap_enc') . '\';
$hesk_settings[\'imap_noval_cert\']=' . hesk_getProperty($set, 'imap_noval_cert') . ';
$hesk_settings[\'imap_keep\']=' . hesk_getProperty($set, 'imap_keep') . ';
$hesk_settings[\'imap_user\']=\'' . hesk_getProperty($set, 'imap_user') . '\';
$hesk_settings[\'imap_password\']=\'' . hesk_getProperty($set, 'imap_password') . '\';

88
hesk/admin/admin_submit_ticket.php
View File

@@ -39,6 +39,32 @@ if ( empty($_POST) && ! empty($_SERVER['CONTENT_LENGTH']) )
hesk_error($hesklang['maxpost']);
}
// Changing category? Remember data and redirect to category select page
if (hesk_POST('change_category') == 1)
{
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_priority'] = hesk_POST('priority');
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
$_SESSION['as_due_date'] = hesk_POST('due_date');
$_SESSION['as_owner'] = hesk_POST('owner');
$_SESSION['as_notify'] = hesk_POST('notify');
$_SESSION['as_show'] = hesk_POST('show');
$_SESSION['as_language'] = hesk_POST('as_language');
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && ! in_array($v['type'], array('date', 'email')))
{
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
}
}
header('Location: new_ticket.php');
exit();
}
$hesk_error_buffer = array();
$tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name'];
@@ -214,11 +240,16 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
}
}
$tmpvar['due_date'] = hesk_input(hesk_POST('due_date'));
if ($tmpvar['due_date'] != '' && !preg_match("/^[0-9]{2}\/[0-9]{2}\/[0-9]{4}$/", $tmpvar['due_date'])) {
$hesk_error_buffer['due_date'] = $hesklang['invalid_due_date'];
}
// Generate tracking ID
$tmpvar['trackid'] = hesk_createID();
// Log who submitted ticket
$tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), $_SESSION['name'].' ('.$_SESSION['user'].')');
$tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$tmpvar['openedby'] = $_SESSION['id'];
// Owner
@@ -239,7 +270,7 @@ if (hesk_checkPermission('can_assign_others',0))
if ($autoassign_owner)
{
$tmpvar['owner'] = intval($autoassign_owner['id']);
$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')');
$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),addslashes($autoassign_owner['name']).' ('.$autoassign_owner['user'].')');
}
else
{
@@ -254,7 +285,7 @@ if (hesk_checkPermission('can_assign_others',0))
else
{
// Has the new owner access to the selected category?
$res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
$res = hesk_dbQuery("SELECT `name`,`user`,`isadmin`,`categories` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$row = hesk_dbFetchAssoc($res);
@@ -267,6 +298,7 @@ if (hesk_checkPermission('can_assign_others',0))
$hesk_error_buffer['owner']=$hesklang['onasc'];
}
}
$tmpvar['history'] .= sprintf($hesklang['thist2'],hesk_date(),addslashes($row['name']).' ('.$row['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
}
else
{
@@ -286,6 +318,16 @@ $notify = ! empty($_POST['notify']) ? 1 : 0;
// Show ticket after submission?
$show = ! empty($_POST['show']) ? 1 : 0;
// Is the ticket language different than current language?
if ($hesk_settings['can_sel_lang'])
{
$new_lang = hesk_POST('as_language');
if (isset($hesk_settings['languages'][$new_lang]))
{
$hesklang['LANGUAGE'] = $new_lang;
}
}
// Attachments
if ($hesk_settings['attachments']['use'])
{
@@ -310,14 +352,16 @@ if (count($hesk_error_buffer)!=0)
{
$_SESSION['iserror'] = array_keys($hesk_error_buffer);
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_priority'] = $tmpvar['priority'];
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
$_SESSION['as_due_date'] = hesk_POST('due_date');
$_SESSION['as_owner'] = $tmpvar['owner'];
$_SESSION['as_notify'] = $notify;
$_SESSION['as_show'] = $show;
$_SESSION['as_language'] = hesk_POST('as_language');
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
@@ -353,8 +397,29 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments))
}
}
$tmpvar['message']=hesk_makeURL($tmpvar['message']);
$tmpvar['message']=nl2br($tmpvar['message']);
$tmpvar['message_html'] = $tmpvar['message'];
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']);
$tmpvar['message'] = convert_html_to_text($tmpvar['message_html']);
$tmpvar['message'] = fix_newlines($tmpvar['message']);
// Re-encode the message
$tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']);
} else {
// `message` already contains a HTML friendly version. May as well just re-use it
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
$tmpvar['message_html'] = $tmpvar['message'];
}
// Track who assigned the ticket
if ($tmpvar['owner'] > 0)
@@ -403,6 +468,8 @@ hesk_cleanSessionVars('as_message');
hesk_cleanSessionVars('as_owner');
hesk_cleanSessionVars('as_notify');
hesk_cleanSessionVars('as_show');
hesk_cleanSessionVars('as_due_date');
hesk_cleanSessionVars('as_language');
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
hesk_cleanSessionVars("as_$k");
@@ -422,5 +489,6 @@ if ($show)
}
else
{
hesk_process_messages($hesklang['new_ticket_submitted'].'. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000,99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
$link = hesk_checkPermission('can_view_tickets',0) ? '<a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000,99999) . '">' . $hesklang['view_ticket'] . '</a>' : '';
hesk_process_messages($hesklang['new_ticket_submitted'].'. ' . $link, 'new_ticket.php', 'SUCCESS');
}

198
hesk/admin/admin_ticket.php
View File

@@ -13,6 +13,7 @@
define('IN_SCRIPT',1);
define('HESK_PATH','../');
define('CALENDAR',1);
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
@@ -61,6 +62,10 @@ define('BACK2TOP',1);
if ($hesk_settings['time_display']) {
define('TIMEAGO',1);
}
if ($hesk_settings['staff_ticket_formatting'] == 2) {
define('WYSIWYG',1);
define('STYLE_CODE',1);
}
/* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1` LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
@@ -91,6 +96,16 @@ else
$ticket = hesk_dbFetchAssoc($res);
}
// Has this ticket been anonymized?
$ticket['anonymized'] = (
$ticket['name'] == $hesklang['anon_name'] &&
$ticket['email'] == $hesklang['anon_email'] &&
$ticket['subject'] == $hesklang['anon_subject'] &&
$ticket['message'] == $hesklang['anon_message'] &&
$ticket['message_html'] == $hesklang['anon_message'] &&
$ticket['ip'] == $hesklang['anon_IP']
) ? true : false;
/* Permission to view this ticket? */
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && ! hesk_checkPermission('can_view_ass_others',0))
{
@@ -387,7 +402,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
/* Notify assigned staff that a note has been added if needed */
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'])
{
$res = hesk_dbQuery("SELECT `email`, `notify_note` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($ticket['owner'])."' LIMIT 1");
$res = hesk_dbQuery("SELECT `email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($ticket['owner'])."' AND `notify_note`='1' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
@@ -407,6 +422,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'attachments' => $myattachments,
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => $ticket['repliername'],
@@ -449,13 +465,46 @@ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['
$time_worked = hesk_getTime($h . ':' . $m . ':' . $s);
/* Update database */
$revision = sprintf($hesklang['thist14'],hesk_date(),$time_worked,$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist14'],hesk_date(),$time_worked,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
/* Show ticket */
hesk_process_messages($hesklang['twu'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Update due date */
if (($can_reply || $can_edit) && isset($_POST['action']) && $_POST['action'] == 'due_date' && hesk_token_check('POST')) {
$new_due_date = hesk_POST('new-due-date');
// MM/DD/YYYY
if ($new_due_date != '' && !preg_match("/^[0-9]{2}\/[0-9]{2}\/[0-9]{4}$/", $new_due_date)) {
hesk_process_messages($hesklang['invalid_due_date'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$sql_overdue_email = '';
if ($new_due_date == '') {
$formatted_date = false;
$revision = sprintf($hesklang['thist20'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
} else {
$date = new DateTime($new_due_date . 'T00:00:00');
$formatted_date = $date->format('Y-m-d');
$revision = sprintf($hesklang['thist19'], hesk_date(), $formatted_date, addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
// If this is a future date, we'll reset the
$current_date = new DateTime();
if ($date > $current_date)
{
$sql_overdue_email = '`overdue_email_sent`=0,';
}
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `due_date` = " . ($formatted_date === false ? 'NULL' : "'".hesk_dbEscape($formatted_date)."'") . ", {$sql_overdue_email} `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND (`due_date` IS " . ($formatted_date === false ? 'NOT NULL' : "NULL OR `due_date` != '".hesk_dbEscape($formatted_date)."'") . ")");
/* Show ticket */
hesk_process_messages($hesklang['due_date_updated'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Delete attachment action */
if (isset($_GET['delatt']) && hesk_token_check())
{
@@ -499,7 +548,7 @@ if (isset($_GET['delatt']) && hesk_token_check())
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'");
/* Update ticket or reply in the database */
$revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
if ($reply)
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."'");
@@ -933,11 +982,11 @@ $options = array(
}
}
if ($ticket['message'] != '')
if ($ticket['message_html'] != '')
{
?>
<div class="block--description">
<p><?php echo $ticket['message']; ?></p>
<div class="block--description browser-default">
<p><?php echo $ticket['message_html']; ?></p>
</div>
<?php
}
@@ -1396,6 +1445,66 @@ $options = array(
<?php
}
?>
<div class="row">
<div class="title"><?php echo $hesklang['due_date']; ?></div>
<?php
$dateformat = substr($hesk_settings['timeformat'], 0, strpos($hesk_settings['timeformat'], ' '));
$due_date = $hesklang['none'];
$datepicker_due_date = '';
if ($ticket['due_date'] != null) {
$datepicker_due_date = hesk_date($ticket['due_date'], false, true, false);
$due_date = date($dateformat, $datepicker_due_date);
$datepicker_due_date = date('m/d/Y', $datepicker_due_date);
}
if ($can_reply || $can_edit)
{
?>
<div class="value">
<a href="javascript:" onclick="hesk_toggleLayerDisplay('modifyduedate')">
<?php echo $due_date; ?>
</a>
<div id="modifyduedate" style="display:none">
<form class="form" method="post" action="admin_ticket.php">
<section class="param calendar">
<div class="calendar--button">
<button type="button">
<svg class="icon icon-calendar">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-calendar"></use>
</svg>
</button>
<input name="new-due-date"
data-datepicker-position="bottom left"
value="<?php echo $datepicker_due_date; ?>"
type="text" class="datepicker">
</div>
<div class="calendar--value" style="<?php echo $datepicker_due_date == '' ? '' : 'display: block'; ?>">
<span><?php echo $datepicker_due_date; ?></span>
<i class="close">
<svg class="icon icon-close">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-close"></use>
</svg>
</i>
</div>
</section>
<button style="display: inline-flex; width: auto; height: 48px; padding: 0 16px" class="btn btn-full" type="submit"><?php echo $hesklang['save']; ?></button>
<a class="btn btn--blue-border" href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('modifyduedate')"><?php echo $hesklang['cancel']; ?></a>
<input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="hidden" name="action" value="due_date">
</form>
</div>
</div>
<?php
} else {
?>
<div class="value">
<?php echo $ticket['due_date']; ?>
</div>
<?php
}
?>
</div>
</div>
</section>
<?php
@@ -1523,7 +1632,7 @@ function hesk_getAdminButtons($isReply=0,$white=1)
if (!$isReply) {
// Print ticket button
$buttons[] = '
<a href="../print.php?track='.$trackingID.'" title="'.$hesklang['btn_print'].'">
<a href="../print.php?track='.$trackingID.'" title="'.$hesklang['btn_print'].'" target="_blank">
<svg class="icon icon-print">
<use xlink:href="' . HESK_PATH .'img/sprite.svg#icon-print"></use>
</svg>
@@ -1577,16 +1686,18 @@ function hesk_getAdminButtons($isReply=0,$white=1)
}
// Resend email notification button
$buttons['more'][] = '
<a id="resendemail" href="resend_notification.php?track='.$trackingID.'&amp;reply='.($isReply && isset($reply['id']) ? intval($reply['id']) : 0).'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['btn_resend'].'">
<svg class="icon icon-mail-small">
<use xlink:href="'. HESK_PATH .'img/sprite.svg#icon-mail-small"></use>
</svg>
'.$hesklang['btn_resend'].'
</a>';
if (!$ticket['anonymized']) {
$buttons['more'][] = '
<a id="resendemail" href="resend_notification.php?track='.$trackingID.'&amp;reply='.($isReply && isset($reply['id']) ? intval($reply['id']) : 0).'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['btn_resend'].'">
<svg class="icon icon-mail-small">
<use xlink:href="'. HESK_PATH .'img/sprite.svg#icon-mail-small"></use>
</svg>
'.$hesklang['btn_resend'].'
</a>';
}
// Import to knowledgebase button
if (!$isReply && $hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb',0))
if (!$isReply && $hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb',0) && !$ticket['anonymized'])
{
$buttons['more'][] = '
<a id="addtoknow" href="manage_knowledgebase.php?a=import_article&amp;track='.$trackingID.'" title="'.$hesklang['import_kb'].'">
@@ -1598,7 +1709,7 @@ function hesk_getAdminButtons($isReply=0,$white=1)
}
// Export ticket
if (!$isReply && $can_export)
if (!$isReply && $can_export && !$ticket['anonymized'])
{
$buttons['more'][] = '
<a id="exportticket" href="export_ticket.php?track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['btn_export'].'">
@@ -1826,8 +1937,8 @@ function hesk_printTicketReplies() {
</div>
<?php echo hesk_getAdminButtons(1, $i); ?>
</div>
<div class="block--description">
<p><?php echo $reply['message']; ?></p>
<div class="block--description browser-default">
<p><?php echo $reply['message_html']; ?></p>
</div>
<?php
@@ -1870,8 +1981,8 @@ function hesk_printTicketReplies() {
</div>
<?php echo hesk_getAdminButtons(1,$i); ?>
</div>
<div class="block--description">
<p><?php echo $reply['message']; ?></p>
<div class="block--description browser-default">
<p><?php echo $reply['message_html']; ?></p>
</div>
<?php
/* Attachments */
@@ -1928,8 +2039,8 @@ function hesk_printTicketReplies() {
</div>
<?php echo hesk_getAdminButtons(1, $i); ?>
</div>
<div class="block--description">
<p><?php echo $reply['message']; ?></p>
<div class="block--description browser-default">
<p><?php echo $reply['message_html']; ?></p>
</div>
<?php
@@ -2100,10 +2211,11 @@ function hesk_printReplyForm() {
// Perhaps a message stored in reply drafts?
else
{
$res = hesk_dbQuery("SELECT `message` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
$db_column = $hesk_settings['staff_ticket_formatting'] == 2 ? 'message_html' : 'message';
$res = hesk_dbQuery("SELECT `{$db_column}` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
echo hesk_dbResult($res);
echo $db_column === 'message_html' ? htmlspecialchars(hesk_dbResult($res)) : hesk_dbResult($res);
}
}
@@ -2111,6 +2223,10 @@ function hesk_printReplyForm() {
</div>
<?php
if ($hesk_settings['staff_ticket_formatting'] == 2) {
hesk_tinymce_init('#message');
}
/* attachments */
if ($hesk_settings['attachments']['use'])
{
@@ -2163,7 +2279,7 @@ function hesk_printReplyForm() {
<input type="checkbox" id="set_priority" name="set_priority" value="1">
<label for="set_priority"><?php echo $hesklang['change_priority']; ?></label>
<div class="dropdown-select center out-close" data-value="low">
<div class="dropdown-select center out-close priority" data-value="low">
<select id="replypriority" name="priority">
<?php echo implode('',$options); ?>
</select>
@@ -2250,10 +2366,13 @@ function hesk_printCanned()
myMsgTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res))
while ($mysaved = hesk_dbFetchAssoc($res))
{
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1]. "</option>\n";
echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
$can_options .= '<option value="' . $mysaved['id'] . '">' . $mysaved['title']. "</option>\n";
$message_text = $hesk_settings['staff_ticket_formatting'] == 2 ? $mysaved['message_html'] : $mysaved['message'];
echo 'myMsgTxt['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($message_text))."';\n";
}
?>
@@ -2266,7 +2385,11 @@ function hesk_printCanned()
{
if (document.form1.mode[1].checked)
{
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("message").setContent('');
<?php else: ?>
document.getElementById('message').value = '';
<?php endif; ?>
$('.ticket .block--message .placeholder').click();
return true;
}
@@ -2288,14 +2411,23 @@ function hesk_printCanned()
}
?>
if (document.getElementById)
{
if (document.getElementById('moderep').checked)
{
if (document.getElementById) {
if (document.getElementById('moderep').checked) {
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, myMsg);
<?php else: ?>
document.getElementById('message-block').innerHTML = '<textarea name="message" id="message" placeholder="<?php echo $hesklang['type_your_message']; ?>">' + myMsg + '</textarea>';
<?php endif; ?>
} else {
var oldMsg = document.getElementById('message').value;
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
var oldMsg = tinymce.get("message").getContent();
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, oldMsg + myMsg);
<?php else: ?>
var oldMsg = escapeHtml(document.getElementById('message').value);
document.getElementById('message-block').innerHTML = '<textarea name="message" id="message" placeholder="<?php echo $hesklang['type_your_message']; ?>">' + oldMsg + myMsg + '</textarea>';
<?php endif; ?>
}
$('.ticket .block--message .placeholder').click();
} else {

5
hesk/admin/assign_owner.php
View File

@@ -55,7 +55,7 @@ $owner = intval( hesk_REQUEST('owner') );
/* If ID is -1 the ticket will be unassigned */
if ($owner == -1)
{
$revision = sprintf($hesklang['thist2'],hesk_date(),'<i>'.$hesklang['unas'].'</i>',$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist2'],hesk_date(),'<i>'.$hesklang['unas'].'</i>',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `assignedby`=NULL, `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
hesk_process_messages($hesklang['tunasi2'],$_SERVER['PHP_SELF'],'SUCCESS');
@@ -115,7 +115,7 @@ if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self))
$assignedby = '';
}
$revision = sprintf($hesklang['thist2'],hesk_date(),$row['name'].' ('.$row['user'].')',$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($row['name']).' ('.$row['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner} {$assignedby}, `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others',0))
@@ -146,6 +146,7 @@ $info = array(
'attachments' => $ticket['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => hesk_getReplierName($ticket),

7
hesk/admin/change_status.php
View File

@@ -59,7 +59,7 @@ if ($status == 3) // Closed
}
$action = $hesklang['ticket_been'] . ' ' . $hesklang['closed'];
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist3'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
if ($hesk_settings['custopen'] != 1)
{
@@ -78,6 +78,7 @@ if ($status == 3) // Closed
$ticket = hesk_dbFetchAssoc($result);
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket['due_date'] = hesk_format_due_date($ticket['due_date']);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
// Notify customer
@@ -92,7 +93,7 @@ elseif ($status != 0)
{
$status_name = hesk_get_status_name($status);
$action = sprintf($hesklang['tsst'], $status_name);
$revision = sprintf($hesklang['thist9'],hesk_date(),$status_name,$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist9'],hesk_date(),addslashes($status_name),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
@@ -100,7 +101,7 @@ elseif ($status != 0)
else // Opened
{
$action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
$revision = sprintf($hesklang['thist4'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist4'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';

8
hesk/admin/custom_fields.php
View File

@@ -97,6 +97,7 @@ if ($hesk_settings['num_custom_fields'] >= 50 && $action !== 'edit_cf')
<table id="default-table" class="table sindu-table">
<thead>
<tr>
<th><?php echo $hesklang['id']; ?></th>
<th><?php echo $hesklang['custom_n']; ?></th>
<th><?php echo $hesklang['s_type']; ?></th>
<th><?php echo $hesklang['visibility']; ?></th>
@@ -108,7 +109,7 @@ if ($hesk_settings['num_custom_fields'] >= 50 && $action !== 'edit_cf')
<tbody>
<?php if ($hesk_settings['num_custom_fields'] < 1): ?>
<tr>
<td colspan="6">
<td colspan="7">
<?php echo $hesklang['no_cf']; ?>
</td>
</tr>
@@ -142,14 +143,14 @@ if ($hesk_settings['num_custom_fields'] >= 50 && $action !== 'edit_cf')
if ($first_before_custom_field && $cf['place'] == 0) {
?>
<tr class="title">
<td colspan="6"><?php echo $hesklang['place_before']; ?></td>
<td colspan="7"><?php echo $hesklang['place_before']; ?></td>
</tr>
<?php
$first_before_custom_field = false;
} elseif ($first_after_custom_field && $cf['place'] == 1) {
?>
<tr class="title">
<td colspan="6"><?php echo $hesklang['place_after']; ?></td>
<td colspan="7"><?php echo $hesklang['place_after']; ?></td>
</tr>
<?php
$after = false;
@@ -173,6 +174,7 @@ if ($hesk_settings['num_custom_fields'] >= 50 && $action !== 'edit_cf')
?>
<tr <?php echo $table_row; ?>>
<td><?php echo $tmp_id; ?></td>
<td><?php echo $cf['name']; ?></td>
<td><?php echo $cf['type']; ?></td>
<td><?php echo $cf['use']; ?></td>

9
hesk/admin/delete_tickets.php
View File

@@ -137,7 +137,7 @@ if ( isset($_POST['action-type']) && $_POST['action-type'] == 'assi')
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$revision = sprintf($hesklang['thist2'],hesk_date(),'<i>'.$hesklang['unas'].'</i>',$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist2'],hesk_date(),'<i>'.$hesklang['unas'].'</i>',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0 , `assignedby`=NULL , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1");
$end_message[] = sprintf($hesklang['assign_2'], $this_id);
@@ -181,7 +181,7 @@ if ( isset($_POST['action-type']) && $_POST['action-type'] == 'assi')
}
if ( $owner_data['isadmin'] || in_array($ticket['category'],$owner_data['categories']))
{
$revision = sprintf($hesklang['thist2'],hesk_date(),$owner_data['name'].' ('.$owner_data['user'].')',$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($owner_data['name']).' ('.$owner_data['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner} , `assignedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1");
$end_message[] = sprintf($hesklang['assign_4'], $ticket['trackid'], $owner_data['name']);
@@ -205,6 +205,7 @@ if ( isset($_POST['action-type']) && $_POST['action-type'] == 'assi')
'attachments' => $ticket['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => hesk_getReplierName($ticket),
@@ -267,7 +268,7 @@ if ( array_key_exists($_POST['a'], $priorities) )
hesk_okCategory($ticket['category']);
$revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id}");
$i++;
@@ -574,7 +575,7 @@ else
require(HESK_PATH . 'inc/email_functions.inc.php');
}
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist3'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
foreach ($_POST['id'] as $this_id)
{

258
hesk/admin/edit_post.php
View File

@@ -38,6 +38,10 @@ require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Load calendar JS and CSS
define('CALENDAR',1);
if ($hesk_settings['staff_ticket_formatting'] == 2) {
define('WYSIWYG',1);
}
$is_reply = 0;
$tmpvar = array();
@@ -74,6 +78,7 @@ if ( hesk_isREQUEST('reply') )
}
$reply = hesk_dbFetchAssoc($result);
$ticket['message'] = $reply['message'];
$ticket['message_html'] = $reply['message_html'];
$is_reply = 1;
}
@@ -106,8 +111,28 @@ if (isset($_POST['save']))
if ($is_reply)
{
$tmpvar['message'] = hesk_input( hesk_POST('message') ) or $hesk_error_buffer[]=$hesklang['enter_message'];
$tmpvar['message_html'] = $tmpvar['message'];
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']);
if (count($hesk_error_buffer))
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']);
$tmpvar['message'] = convert_html_to_text($tmpvar['message_html']);
$tmpvar['message'] = fix_newlines($tmpvar['message']);
} else {
// `message` already contains a HTML friendly version. May as well just re-use it
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
$tmpvar['message_html'] = $tmpvar['message'];
}
if (count($hesk_error_buffer))
{
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use'] && isset($attachments))
@@ -124,9 +149,6 @@ if (isset($_POST['save']))
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
if ($hesk_settings['attachments']['use'] && !empty($attachments))
{
foreach ($attachments as $myatt)
@@ -136,7 +158,7 @@ if (isset($_POST['save']))
}
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `message`='".hesk_dbEscape($tmpvar['message'])."', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."') WHERE `id`='".intval($tmpvar['id'])."' AND `replyto`='".intval($ticket['id'])."'");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `message`='".hesk_dbEscape($tmpvar['message'])."', `message_html`='".hesk_dbEscape($tmpvar['message_html'])."', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."') WHERE `id`='".intval($tmpvar['id'])."' AND `replyto`='".intval($ticket['id'])."'");
}
else
{
@@ -162,10 +184,32 @@ if (isset($_POST['save']))
$tmpvar['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[]=$hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input( hesk_POST('message') );
$tmpvar['message_html'] = $tmpvar['message'];
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '')
{
$hesk_error_buffer[] = $hesklang['enter_message'];
}
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']);
$tmpvar['message'] = convert_html_to_text($tmpvar['message_html']);
$tmpvar['message'] = fix_newlines($tmpvar['message']);
// Re-encode the message
$tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']);
} else {
// `message` already contains a HTML friendly version. May as well just re-use it
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
$tmpvar['message_html'] = $tmpvar['message'];
}
// Demo mode
if ( defined('HESK_DEMO') )
@@ -290,9 +334,6 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
if ($hesk_settings['attachments']['use'] && !empty($attachments))
{
foreach ($attachments as $myatt)
@@ -314,6 +355,7 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
`email`='".hesk_dbEscape( hesk_mb_substr($tmpvar['email'], 0, 1000) )."',
`subject`='".hesk_dbEscape( hesk_mb_substr($tmpvar['subject'], 0, 255) )."',
`message`='".hesk_dbEscape($tmpvar['message'])."',
`message_html`='".hesk_dbEscape($tmpvar['message_html'])."',
`attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."'),
$custom_SQL
WHERE `id`='".intval($ticket['id'])."'");
@@ -356,7 +398,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
<?php
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) {
if ($v['use'] && $v['place']==0 && hesk_is_custom_field_in_category($k, $ticket['category']) ) {
$k_value = $ticket[$k];
if ($v['type'] == 'checkbox') {
@@ -549,10 +591,206 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="form-group">
<label for="edit_message"><?php echo $hesklang['message']; ?>:</label>
<textarea style="height: inherit" class="form-control" id="edit_message" name="message" rows="12" cols="60"><?php echo $ticket['message']; ?></textarea>
<textarea style="height: inherit" class="form-control" id="edit_message" name="message" rows="12" cols="60"><?php echo $hesk_settings['staff_ticket_formatting'] == 2 ? hesk_htmlspecialchars($ticket['message_html']) : $ticket['message']; ?></textarea>
</div>
<?php
if ($hesk_settings['staff_ticket_formatting'] == 2) {
hesk_tinymce_init('#edit_message');
}
if (!$is_reply)
{
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) {
$k_value = $ticket[$k];
if ($v['type'] == 'checkbox') {
$k_value = explode('<br />',$k_value);
}
$v['req'] = $v['req']==2 ? '<span class="important">*</span>' : '';
switch ($v['type']) {
/* Radio box */
case 'radio':
echo '
<div class="form-group">
<label>'.$v['name:'].' '.$v['req'].'</label>
<div class="radio-list">';
$cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : '';
$index = 0;
foreach ($v['value']['radio_options'] as $option)
{
if (strlen($k_value) == 0)
{
$k_value = $option;
$checked = empty($v['value']['no_default']) ? 'checked' : '';
}
elseif ($k_value == $option)
{
$k_value = $option;
$checked = 'checked';
}
else
{
$checked = '';
}
echo '
<div class="radio-custom" style="margin-bottom: 5px">
<input type="radio" id="edit_'.$k.$index.'" name="'.$k.'" value="'.$option.'" '.$checked.' '.$cls.'>
<label for="edit_'.$k.$index.'">'.$option.'</label>
</div>';
$index++;
}
echo '</div>
</div>';
break;
/* Select drop-down box */
case 'select':
$cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<div class="form-group">
<label for="edit_">'.$v['name:'].' '.$v['req'].'</label>
<select name="'.$k.'" id="'.$k.'" '.$cls.'>';
// Show "Click to select"?
if ( ! empty($v['value']['show_select']))
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
foreach ($v['value']['select_options'] as $option)
{
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected';
}
else
{
$selected = '';
}
echo '<option '.$selected.'>'.$option.'</option>';
}
echo '</select>
</div>
<script>
$(\'#'.$k.'\').selectize();
</script>
';
break;
/* Checkbox */
case 'checkbox':
echo '
<div class="form-group">
<label>'.$v['name:'].' '.$v['req'].'</label>';
$cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : '';
$index = 0;
foreach ($v['value']['checkbox_options'] as $option)
{
if (in_array($option,$k_value))
{
$checked = 'checked';
}
else
{
$checked = '';
}
echo '
<div class="checkbox-custom">
<input type="checkbox" id="edit_'.$k.$index.'" name="'.$k.'[]" value="'.$option.'" '.$checked.' '.$cls.'>
<label for="edit_'.$k.$index.'"> '.$option.'</label>
</div>';
$index++;
}
echo '</div>';
break;
/* Large text box */
case 'textarea':
$cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : '';
$k_value = hesk_msgToPlain($k_value,0,0);
echo '
<div class="form-group">
<label>'.$v['name:'].' '.$v['req'].'</label>
<textarea name="'.$k.'" class="form-control'.$cls.'" style="height: inherit" rows="'.intval($v['value']['rows']).'" cols="'.intval($v['value']['cols']).'" >'.$k_value.'</textarea>
</div>';
break;
// Date
case 'date':
$k_value = hesk_custom_date_display_format($k_value, 'm/d/Y');
echo '
<section class="param calendar">
<label>'.$v['name:'].' '.$v['req'].'</label>
<div class="calendar--button">
<button type="button">
<svg class="icon icon-calendar">
<use xlink:href="'. HESK_PATH .'img/sprite.svg#icon-calendar"></use>
</svg>
</button>
<input name="'. $k .'"
value="'. $k_value .'"
type="text" class="datepicker">
</div>
<div class="calendar--value" '. ($k_value ? 'style="display: block"' : '') . '>
<span>'. $k_value .'</span>
<i class="close">
<svg class="icon icon-close">
<use xlink:href="'. HESK_PATH .'img/sprite.svg#icon-close"></use>
</svg>
</i>
</div>
</section>';
break;
// Email
case 'email':
$cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
$suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : '';
echo '
<div class="form-group">
<label>'.$v['name:'].' '.$v['req'].'</label>
<input class="form-control '.$cls.'" type="'.($v['value']['multiple'] ? 'text' : 'email').'" name="'.$k.'" id="'.$k.'" value="'.$k_value.'" size="40" '.$suggest.'>
</div>
<div id="'.$k.'_suggestions"></div>';
break;
// Hidden
// Handle as text fields for staff
/* Default text input */
default:
$k_value = hesk_msgToPlain($k_value,0,0);
$cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
echo '
<div class="form-group">
<label>'.$v['name:'].' '.$v['req'].'</label>
<input class="form-control '.$cls.'" type="text" name="'.$k.'" size="40" maxlength="'.intval($v['value']['max_length']).'" value="'.$k_value.'">
</div>';
}
}
}
} // End if not a reply
// attachments
if ($hesk_settings['attachments']['use'] && $number_of_attachments < $hesk_settings['attachments']['max_number'])
{

3
hesk/admin/email_templates.php
View File

@@ -329,6 +329,9 @@ if ($action == 'edit')
<a href="javascript:" title="%%TIME_WORKED%%" onclick="hesk_insertTag('TIME_WORKED')">
<?php echo $hesklang['ts']; ?>
</a>
<a href="javascript:" title="%%DUE_DATE%%" onclick="hesk_insertTag('DUE_DATE')">
<?php echo $hesklang['due_date']; ?>
</a>
<a href="javascript:" title="%%TRACK_ID%%" onclick="hesk_insertTag('TRACK_ID')">
<?php echo $hesklang['trackID']; ?>
</a>

2
hesk/admin/export.php
View File

@@ -311,7 +311,7 @@ $my_cat = array();
$res2 = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE " . hesk_myCategories('id') . " ORDER BY `cat_order` ASC");
while ($row=hesk_dbFetchAssoc($res2))
{
$my_cat[$row['id']] = hesk_msgToPlain($row['name'], 1);
$my_cat[$row['id']] = hesk_msgToPlain($row['name'], 1, 0);
$row['name'] = (hesk_mb_strlen($row['name']) > 50) ? hesk_mb_substr($row['name'],0,50) . '...' : $row['name'];
$cat_selected = ($row['id'] == $category) ? 'selected="selected"' : '';
$category_options .= '<option value="'.$row['id'].'" '.$cat_selected.'>'.$row['name'].'</option>';

72
hesk/admin/find_tickets.php
View File

@@ -53,11 +53,6 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</div>
<?php
$header_text = '
<section style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 16px">
<h2 style="font-size: 18px; font-weight: bold">'. $hesklang['tickets_found'] .' (%%HESK_TICKET_COUNT%%)</h2>
</section>';
// This SQL code will be used to retrieve results
$sql_final = "SELECT
`id`,
@@ -80,6 +75,7 @@ LEFT(`message`, 400) AS `message`,
`staffreplies`,
`owner`,
`time_worked`,
`due_date`,
`lastreplier`,
`replierid`,
`archive`,
@@ -94,10 +90,14 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
}
}
$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ".hesk_myCategories()." AND ".hesk_myOwnership();
// This code will be used to count number of results
$sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
// This code will be used to count number of results for this specific search
$sql_count = " SELECT COUNT(*) AS `cnt`, `status`,
IF (`owner` = " . intval($_SESSION['id']) . ", 1, IF (`owner` = 0, 0, IF (`assignedby` = " . intval($_SESSION['id']) . ", 3, 2) ) ) AS `assigned_to`,
IF (`due_date` < NOW(), 2, IF (`due_date` BETWEEN NOW() AND (NOW() + INTERVAL ".intval($hesk_settings['due_soon'])." DAY), 1, 0) ) AS `due`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets`
WHERE ".hesk_myCategories()." AND ".hesk_myOwnership();
// This is common SQL for both queries
$sql = "";
@@ -108,18 +108,16 @@ $s_my = array(1=>1,2=>1);
$s_ot = array(1=>1,2=>1);
$s_un = array(1=>1,2=>1);
// Is this a quick link?
$is_quick_link = hesk_GET('ql', false);
// --> TICKET CATEGORY
$category = intval( hesk_GET('category', 0) );
// Make sure user has access to this category
if ($category && hesk_okCategory($category, 0) )
{
$sql .= " `category`='{$category}' ";
}
// No category selected, show only allowed categories
else
{
$sql .= hesk_myCategories();
$sql .= " AND `category`='{$category}' ";
}
// Show only tagged tickets?
@@ -129,6 +127,8 @@ if ( ! empty($_GET['archive']) )
$sql .= " AND `archive`='1' ";
}
$sql_count .= $sql;
// Ticket owner preferences
$fid = 2;
require(HESK_PATH . 'inc/assignment_search.inc.php');
@@ -158,7 +158,8 @@ if ($what == 'seqid' && ! $hesk_settings['sequential'])
// Setup SQL based on searching preferences
if ( ! $no_query)
{
$sql .= " AND ";
$sql_previous = $sql;
$sql = " AND ";
switch ($what)
{
@@ -207,12 +208,16 @@ if ( ! $no_query)
$hesk_error_buffer .= '<br />' . $hesklang['invalid_search'];
}
}
$sql_count .= $sql;
$sql = $sql_previous . $sql;
}
// Owner
if ( $tmp = intval( hesk_GET('owner', 0) ) )
{
$sql .= " AND `owner`={$tmp} ";
$sql_count .= " AND `owner`={$tmp} ";
$owner_input = $tmp;
$hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
}
@@ -242,6 +247,7 @@ if (strlen($dt) == 8)
}
$sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
$sql_count .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
}
else
{
@@ -258,11 +264,19 @@ if (strlen($hesk_error_buffer))
/* This will handle error, success and notice messages */
$handle = hesk_handle_messages();
# echo "$sql<br/>";
// Due date
if ($is_quick_link == 'due')
{
$sql .= " AND `status` != 3 AND `due_date` BETWEEN NOW() AND (NOW() + INTERVAL ".intval($hesk_settings['due_soon'])." DAY) ";
}
elseif ($is_quick_link == 'ovr')
{
$sql .= " AND `status` != 3 AND `due_date` < NOW() ";
}
// That's all the SQL we need for count
$sql_count .= $sql;
// Complete the required SQL queries
$sql = $sql_final . $sql;
$sql_count .= " GROUP BY `assigned_to`, `due`, `status` ";
// Strip extra slashes
$q = stripslashes($q);
@@ -273,6 +287,27 @@ require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
/* If there has been an error message skip searching for tickets */
if ($handle !== FALSE)
{
$totals = array(
'all' => 0,
'open' => 0,
'resolved' => 0,
'filtered' => array(
'all' => 0,
'open' => 0,
'assigned_to_me' => 0,
'assigned_to_others' => 0,
'assigned_to_others_by_me' => 0,
'unassigned' => 0,
'due_soon' => 0,
'overdue' => 0,
'by_status' => array()
),
);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
$can_view_ass_others = hesk_checkPermission('can_view_ass_others',0);
$can_view_ass_by = hesk_checkPermission('can_view_ass_by',0);
$href = 'find_tickets.php';
require_once(HESK_PATH . 'inc/ticket_list.inc.php');
}
@@ -286,5 +321,4 @@ require_once(HESK_PATH . 'inc/show_search_form.inc.php');
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>

11
hesk/admin/index.php
View File

@@ -292,7 +292,7 @@ function print_login()
<label for="regInputUsername"><?php echo $hesklang['username']; ?></label>
<?php
$cls = in_array('user',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
$cls = in_array('user',$_SESSION['a_iserror']) ? 'isError' : '';
if ( defined('HESK_DEMO')) {
$savedUser = 'Demo';
@@ -322,7 +322,7 @@ function print_login()
}
if ($hesk_settings['list_users']) {
echo '<select name="user" '.$cls.'>';
echo '<select name="user" class="'.$cls.'">';
$res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
while ($row=hesk_dbFetchAssoc($res))
{
@@ -332,7 +332,7 @@ function print_login()
echo '</select>';
} else {
echo '<input type="text" class="form-control" id="regInputUsername" name="user" value="'.$savedUser.'" '.$cls.' required>';
echo '<input type="text" class="form-control '.$cls.'" id="regInputUsername" name="user" value="'.$savedUser.'" required>';
}
?>
<div class="form-control__error"><?php echo $hesklang['this_field_is_required']; ?></div>
@@ -445,6 +445,11 @@ function print_login()
</div>
</div>
<script>
$(() => {
$('form :visible[class*=isError]:first').focus();
})
</script>
<?php
hesk_cleanSessionVars('a_iserror');

6
hesk/admin/knowledgebase_private.php
View File

@@ -58,7 +58,7 @@ elseif ($artid)
// Show drafts only to staff who can manage knowledgebase
if ($can_man_kb)
{
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`, t2.`type` AS `cat_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`id` = '{$artid}'
@@ -66,7 +66,7 @@ elseif ($artid)
}
else
{
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`, t2.`type` AS `cat_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`id` = '{$artid}' AND `t1`.`type` IN ('0', '1')
@@ -221,7 +221,7 @@ function hesk_show_kb_article($artid)
<div class="descr">
<?php echo $article['id']; ?>
<?php
if ($article['type'] == 0)
if ($article['type'] == 0 && $article['cat_type'] != 1)
{
echo '<a href="' . $hesk_settings['hesk_url'] . '/knowledgebase.php?article=' . $article['id'] . '">' . $hesklang['public_link'] . '</a>';
}

4
hesk/admin/lock.php
View File

@@ -41,14 +41,14 @@ if (empty($_GET['locked']))
{
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist6'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
}
else
{
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist5'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$closedby_sql = ' , `closedat`=NOW(), `closedby`='.intval($_SESSION['id']).' ';
// Notify customer of closed ticket?

6
hesk/admin/mail.php
View File

@@ -421,8 +421,8 @@ function show_message($actually_show = true)
$hesk_settings['mailtmp']['other'] = 'to';
$hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
$hesk_settings['mailtmp']['outbox'] = '<b>'.$hesklang['outbox'].'</b>';
$hesk_settings['mailtmp']['inbox'] = '<a href="mail.php">'.$hesklang['inbox'].'</a>';
$hesk_settings['mailtmp']['outbox'] = '<a href="mail.php?folder=outbox">'.$hesklang['outbox'].'</a>';
$hesk_settings['mailtmp']['inbox'] = '<a href="mail.php"><li><span>'.$hesklang['inbox'].'</span></li></a>';
$hesk_settings['mailtmp']['outbox'] = '<a href="mail.php?folder=outbox"><li><span>'.$hesklang['outbox'].'</span></li></a>';
}
else
@@ -456,7 +456,7 @@ function show_message($actually_show = true)
</div>
<time><?php echo $pm['dt']; ?></time>
</div>
<div class="body">
<div class="body browser-default">
<?php echo $pm['message']; ?>
</div>
<div class="form">

96
hesk/admin/manage_canned.php
View File

@@ -33,6 +33,10 @@ require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Define required constants
define('LOAD_TABS',1);
if ($hesk_settings['staff_ticket_formatting'] == 2) {
define('WYSIWYG',1);
}
/* What should we do? */
if ( $action = hesk_REQUEST('a') )
{
@@ -57,9 +61,17 @@ else {return false;}
}
function hesk_insertTag(tag) {
var text_to_insert = '%%'+tag+'%%';
hesk_insertAtCursor(document.form1.msg, text_to_insert);
document.form1.msg.focus();
var text_to_insert = '%%'+tag+'%%';
var msg = '';
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
msg = tinymce.get("canned_message").getContent();
tinymce.get("canned_message").setContent('');
tinymce.get("canned_message").execCommand('mceInsertRawHTML', false, msg + text_to_insert);
<?php else: ?>
msg = document.getElementById('canned_message').value;
document.getElementById('canned_message').value = msg + text_to_insert;
<?php endif; ?>
document.form1.msg.focus();
}
function hesk_insertAtCursor(myField, myValue) {
@@ -111,7 +123,7 @@ $num = hesk_dbNumRows($result);
</div>
</div>
</h2>
<div class="btn btn--blue-border" ripple="ripple" data-action="create-template" onclick="diplayAddTitle()"><?php echo $hesklang['canned_add']; ?></div>
<div class="btn btn--blue-border" ripple="ripple" data-action="create-template" onclick="displayAddTitle()"><?php echo $hesklang['canned_add']; ?></div>
</section>
<ul class="response__list">
<?php if ($num < 1): ?>
@@ -133,9 +145,10 @@ $num = hesk_dbNumRows($result);
$options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
$options .= '>'.$mysaved['title'].'</option>';
$message_text = $hesk_settings['staff_ticket_formatting'] == 2 ? $mysaved['message_html'] : $mysaved['message'];
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($message_text) )."';\n";
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($mysaved['title']))."';\n";
echo '
<li '.$table_row.'>
@@ -247,12 +260,17 @@ $num = hesk_dbNumRows($result);
<div class="form-group">
<label for="canned_message"><?php echo $hesklang['message']; ?></label>
<span id="HeskMsg">
<textarea class="form-control <?php echo in_array('msg', $errors) ? 'isError' : ''; ?>" name="msg" rows="15" cols="70" id="canned_message"><?php
<textarea class="form-control <?php echo in_array('msg', $errors) ? 'isError' : ''; ?>" name="msg" rows="40" cols="70" id="canned_message"><?php
if (isset($_SESSION['canned']['msg'])) {
echo stripslashes($_SESSION['canned']['msg']);
}
?></textarea>
</span>
<?php
if ($hesk_settings['staff_ticket_formatting'] == 2) {
hesk_tinymce_init('#canned_message');
}
?>
</div>
<div class="template--tags">
<label><?php echo $hesklang['insert_special']; ?></label>
@@ -312,7 +330,12 @@ echo $javascript_messages;
function setMessage(msgid) {
if (document.getElementById) {
document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" id="canned_message" name="msg" rows="15" cols="70">'+myMsgTxt[msgid]+'</textarea>';
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("canned_message").setContent('');
tinymce.get("canned_message").execCommand('mceInsertRawHTML', false, myMsgTxt[msgid]);
<?php else: ?>
document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" id="canned_message" name="msg" rows="40" cols="70">'+myMsgTxt[msgid]+'</textarea>';
<?php endif; ?>
document.getElementById('HeskTitle').innerHTML='<input type="text" class="form-control" id="canned_title" name="name" maxlength="50" value="'+myTitle[msgid]+'">';
} else {
document.form1.msg.value=myMsgTxt[msgid];
@@ -326,11 +349,14 @@ function setMessage(msgid) {
document.getElementsByClassName('template-create')[0].style.display = 'block';
}
function diplayAddTitle() {
function displayAddTitle() {
document.form1.msg.value = '';
document.form1.name.value = '';
document.form1.saved_replies.value = 0;
document.form1.a.value = 'new';
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("canned_message").setContent('');
<?php endif; ?>
document.getElementById('add-title').style.display = 'block';
document.getElementById('edit-title').style.display = 'none';
}
@@ -388,7 +414,30 @@ function edit_saved()
hesk_process_messages($hesk_error_buffer,'manage_canned.php?saved_replies='.$id);
}
$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."' WHERE `id`='".intval($id)."'");
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$msg_html = hesk_html_entity_decode($msg);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$msg_html = $purifier->heskPurify($msg_html);
$msg = convert_html_to_text($msg_html);
$msg = fix_newlines($msg);
// Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs
$msg = str_replace("\n", "\r\n", $msg);
$msg = str_replace("\r\r\n", "\r\n", $msg);
// Re-encode the message
$msg = hesk_htmlspecialchars($msg);
} else {
$msg_html = hesk_makeURL($msg);
$msg_html = nl2br($msg_html);
}
$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."', `message_html`='".hesk_dbEscape($msg_html)."' WHERE `id`='".intval($id)."'");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']);
@@ -435,12 +484,35 @@ function new_saved()
hesk_process_messages($hesk_error_buffer,'manage_canned.php');
}
/* Get the latest reply_order */
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$msg_html = hesk_html_entity_decode($msg);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$msg_html = $purifier->heskPurify($msg_html);
$msg = convert_html_to_text($msg_html);
$msg = fix_newlines($msg);
// Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs
$msg = str_replace("\n", "\r\n", $msg);
$msg = str_replace("\r\r\n", "\r\n", $msg);
// Re-encode the message
$msg = hesk_htmlspecialchars($msg);
} else {
$msg_html = hesk_makeURL($msg);
$msg_html = nl2br($msg_html);
}
/* Get the latest reply_order */
$result = hesk_dbQuery('SELECT `reply_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'std_replies` ORDER BY `reply_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = isset($row[0]) ? intval($row[0]) + 10 : 10;
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (`title`,`message`,`reply_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".intval($my_order)."')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (`title`,`message`,`message_html`,`reply_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".hesk_dbEscape($msg_html)."','".intval($my_order)."')");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);

21
hesk/admin/manage_categories.php
View File

@@ -84,6 +84,7 @@ if (!hesk_SESSION('error')) {
<table id="default-table" class="table sindu-table">
<thead>
<tr>
<th><?php echo $hesklang['id']; ?></th>
<th><?php echo $hesklang['cat_name']; ?></th>
<th>
<span><?php echo $hesklang['priority']; ?></span>
@@ -167,6 +168,7 @@ if (!hesk_SESSION('error')) {
?>
<tr <?php echo $table_row; ?> data-category-id="<?php echo $mycat['id']; ?>">
<td><?php echo $mycat['id']; ?></td>
<td>
<span class="category-name"><?php echo $mycat['name']; ?></span>
<div class="rename-link tooltype right out-close" data-modal=".rename-category" data-callback="initRenameCategoryModal">
@@ -210,10 +212,10 @@ if (!hesk_SESSION('error')) {
<div class="dropdown-select center out-close">
<form action="manage_categories.php" method="get">
<select name="s" onchange="this.form.submit()">
<option value="0" <?php if ($mycat['type']): ?>selected<?php endif; ?>>
<option value="0" <?php if ($mycat['type'] == 0): ?>selected<?php endif; ?>>
<?php echo $hesklang['cat_public']; ?>
</option>
<option value="1" <?php if ($mycat['type']): ?>selected<?php endif; ?>>
<option value="1" <?php if ($mycat['type'] == 1): ?>selected<?php endif; ?>>
<?php echo $hesklang['cat_private']; ?>
</option>
</select>
@@ -243,7 +245,10 @@ if (!hesk_SESSION('error')) {
</td>
<?php endif; ?>
<td class="nowrap generate">
<a href="javascript:" data-action="generate-link" data-link="<?php echo htmlspecialchars($hesk_settings['hesk_url']) . '/index.php?a=add&catid=' . intval($mycat['id']); ?>"><?php echo $hesklang['geco']; ?></a>
<a href="javascript:"
<?php echo $mycat['type'] == 1 ? 'style="visibility: hidden"' : '' ?>
data-action="generate-link"
data-link="<?php echo htmlspecialchars($hesk_settings['hesk_url']) . '/index.php?a=add&catid=' . intval($mycat['id']); ?>"><?php echo $hesklang['geco']; ?></a>
<?php
if ($num > 1) {
if ($j == 1) {
@@ -336,13 +341,13 @@ if (!hesk_SESSION('error')) {
<h3><?php echo $hesklang['ren_cat']; ?></h3>
<div class="modal__description form">
<div class="form-group">
<label style="text-align: left"><?php echo $hesklang['cat_name']; ?> (<?php echo $hesklang['max_chars']; ?>):</label>
<label style="text-align: left"><?php echo $hesklang['cat_name']; ?>:</label>
<input type="text"
name="name"
id="renamecat"
class="form-control"
size="40"
maxlength="40"
maxlength="100"
<?php if (isset($_SESSION['catname2'])): ?>value="<?php echo $_SESSION['catname2']; ?>"<?php endif; ?>>
<input type="hidden" name="catid">
<input type="hidden" name="a" value="rename">
@@ -375,11 +380,12 @@ if (!hesk_SESSION('error')) {
}
?>
<div class="form-group">
<label><?php echo $hesklang['cat_name']; ?> (<?php echo $hesklang['max_chars']; ?>):</label>
<label><?php echo $hesklang['cat_name']; ?>:</label>
<input type="text"
name="name"
class="form-control"
id="add_cat_name"
maxlength="100"
<?php if (isset($_SESSION['catname'])): ?>value="<?php echo $_SESSION['catname']; ?>"<?php endif; ?>>
</div>
<?php
@@ -593,6 +599,9 @@ function remove()
hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
}
// Don't update resolved tickets "Last modified"
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `category`=1, `lastchange`=`lastchange` WHERE `category`='".intval($mycat)."' AND `status` = '3'");
// For unresolved tickets, update the "Last modified"
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `category`=1 WHERE `category`='".intval($mycat)."'");
hesk_process_messages($hesklang['cat_removed_db'],$_SERVER['PHP_SELF'],'SUCCESS');

50
hesk/admin/manage_knowledgebase.php
View File

@@ -371,18 +371,7 @@ if (!isset($_SESSION['hide']['new_article']))
if ($hesk_settings['kb_wysiwyg'])
{
?>
<script>
tinymce.init({
selector: '#content',
convert_urls: false,
branding: false,
browser_spellcheck: true,
toolbar: 'undo redo | styleselect fontselect fontsizeselect | bold italic underline | alignleft aligncenter alignright alignjustify | forecolor backcolor | bullist numlist outdent indent | link unlink image codesample code',
plugins: 'charmap code codesample image link lists table',
});
</script>
<?php
hesk_tinymce_init('#content');
}
// If a category is selected, use it as default for articles and parents
@@ -989,7 +978,7 @@ function remove_kb_att()
$art = hesk_dbFetchAssoc($res);
// Make log entry
$revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
// Remove attachment from article
$art['attachments'] = str_replace($att_id.'#'.$att['real_name'].',','',$art['attachments']);
@@ -1216,7 +1205,7 @@ function save_article()
}
/* Update article in the database */
$revision = sprintf($hesklang['revision2'],$now,$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['revision2'],$now,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET
`catid`=".intval($catid).",
@@ -1275,15 +1264,21 @@ function edit_article()
}
$article = hesk_dbFetchAssoc($result);
if ($hesk_settings['kb_wysiwyg'] || $article['html'])
// If we're in plain text mode, convert any HTML message safely to text
if ( ! $hesk_settings['kb_wysiwyg'] && ! $article['html'])
{
$article['content'] = hesk_htmlspecialchars($article['content']);
}
else
{
$article['content'] = hesk_msgToPlain($article['content']);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$article['content'] = $purifier->heskPurify($article['content']);
$article['content'] = convert_html_to_text($article['content']);
$article['content'] = fix_newlines($article['content']);
}
$article['content'] = hesk_htmlspecialchars($article['content']);
$catid = $article['catid'];
$from = hesk_GET('from');
@@ -1389,18 +1384,7 @@ function edit_article()
if ($hesk_settings['kb_wysiwyg'])
{
?>
<script>
tinymce.init({
selector: '#content',
convert_urls: false,
branding: false,
browser_spellcheck: true,
toolbar: 'undo redo | styleselect fontselect fontsizeselect | bold italic underline | alignleft aligncenter alignright alignjustify | forecolor backcolor | bullist numlist outdent indent | link unlink image codesample code',
plugins: 'charmap code codesample image link lists table',
});
</script>
<?php
hesk_tinymce_init('#content');
}
?>
@@ -2157,7 +2141,7 @@ function new_article()
hesk_process_messages($hesk_error_buffer,'manage_knowledgebase.php');
}
$revision = sprintf($hesklang['revision1'],$now,$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['revision1'],$now,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
/* Add to database */
if ( ! empty($attachments))

83
hesk/admin/manage_ticket_templates.php
View File

@@ -30,6 +30,11 @@ hesk_checkPermission('can_man_ticket_tpl');
// Define required constants
define('LOAD_TABS',1);
if ($hesk_settings['staff_ticket_formatting'] == 2) {
define('WYSIWYG',1);
}
/* What should we do? */
if ( $action = hesk_REQUEST('a') )
{
@@ -84,7 +89,7 @@ $num = hesk_dbNumRows($result);
</div>
</div>
</h2>
<div class="btn btn--blue-border" ripple="ripple" data-action="create-template" onclick="diplayAddTitle()"><?php echo $hesklang['ticket_tpl_add']; ?></div>
<div class="btn btn--blue-border" ripple="ripple" data-action="create-template" onclick="displayAddTitle()"><?php echo $hesklang['ticket_tpl_add']; ?></div>
</section>
<ul class="response__list">
<?php if ($num < 1): ?>
@@ -102,8 +107,10 @@ $num = hesk_dbNumRows($result);
unset($_SESSION['canned']['selcat2']);
}
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
$message_text = $hesk_settings['staff_ticket_formatting'] == 2 ? $mysaved['message_html'] : $mysaved['message'];
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($message_text) )."';\n";
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($mysaved['title']))."';\n";
echo '
<li ' . $table_row . '>
@@ -215,12 +222,17 @@ $num = hesk_dbNumRows($result);
<div class="form-group">
<label for="canned_message"><?php echo $hesklang['message']; ?></label>
<span id="HeskMsg">
<textarea class="form-control <?php echo in_array('msg', $errors) ? 'isError' : ''; ?>" name="msg" rows="15" cols="70" id="canned_message"><?php
<textarea class="form-control <?php echo in_array('msg', $errors) ? 'isError' : ''; ?>" name="msg" rows="40" cols="70" id="canned_message"><?php
if (isset($_SESSION['canned']['msg'])) {
echo stripslashes($_SESSION['canned']['msg']);
}
?></textarea>
</span>
<?php
if ($hesk_settings['staff_ticket_formatting'] == 2) {
hesk_tinymce_init('#canned_message');
}
?>
</div>
<div class="template--submit">
<?php if(isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT'): ?>
@@ -250,7 +262,12 @@ echo $javascript_messages;
function setMessage(msgid) {
if (document.getElementById) {
document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" id="canned_message" name="msg" rows="15" cols="70">'+myMsgTxt[msgid]+'</textarea>';
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("canned_message").setContent('');
tinymce.get("canned_message").execCommand('mceInsertRawHTML', false, myMsgTxt[msgid]);
<?php else: ?>
document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" id="canned_message" name="msg" rows="40" cols="70">'+myMsgTxt[msgid]+'</textarea>';
<?php endif; ?>
document.getElementById('HeskTitle').innerHTML='<input type="text" class="form-control" id="canned_title" name="name" maxlength="50" value="'+myTitle[msgid]+'">';
} else {
document.form1.msg.value=myMsgTxt[msgid];
@@ -264,11 +281,14 @@ function setMessage(msgid) {
document.getElementsByClassName('template-create')[0].style.display = 'block';
}
function diplayAddTitle() {
function displayAddTitle() {
document.form1.msg.value = '';
document.form1.name.value = '';
document.form1.saved_replies.value = 0;
document.form1.a.value = 'new';
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("canned_message").setContent('');
<?php endif; ?>
document.getElementById('add-title').style.display = 'block';
document.getElementById('edit-title').style.display = 'none';
}
@@ -325,7 +345,31 @@ function edit_saved()
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php?saved_replies='.$id);
}
$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."' WHERE `id`='".intval($id)."'");
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$msg_html = hesk_html_entity_decode($msg);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$msg_html = $purifier->heskPurify($msg_html);
$msg = convert_html_to_text($msg_html);
$msg = fix_newlines($msg);
// Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs
$msg = str_replace("\n", "\r\n", $msg);
$msg = str_replace("\r\r\n", "\r\n", $msg);
// Re-encode the message
$msg = hesk_htmlspecialchars($msg);
} else {
$msg_html = hesk_makeURL($msg);
$msg_html = nl2br($msg_html);
}
$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."', `message_html`='".hesk_dbEscape($msg_html)."' WHERE `id`='".intval($id)."'");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']);
@@ -372,12 +416,35 @@ function new_saved()
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php');
}
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$msg_html = hesk_html_entity_decode($msg);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$msg_html = $purifier->heskPurify($msg_html);
$msg = convert_html_to_text($msg_html);
$msg = fix_newlines($msg);
// Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs
$msg = str_replace("\n", "\r\n", $msg);
$msg = str_replace("\r\r\n", "\r\n", $msg);
// Re-encode the message
$msg = hesk_htmlspecialchars($msg);
} else {
$msg_html = hesk_makeURL($msg);
$msg_html = nl2br($msg_html);
}
/* Get the latest tpl_order */
$result = hesk_dbQuery('SELECT `tpl_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = isset($row[0]) ? intval($row[0]) + 10 : 10;
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".intval($my_order)."')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`message_html`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".hesk_dbEscape($msg_html)."','".intval($my_order)."')");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);

53
hesk/admin/manage_users.php
View File

@@ -96,7 +96,9 @@ $default_userdata = array(
// Notifications
'notify_new_unassigned' => 1,
'notify_overdue_unassigned' => 1,
'notify_new_my' => 1,
'notify_overdue_my' => 1,
'notify_reply_unassigned' => 1,
'notify_reply_my' => 1,
'notify_assigned' => 1,
@@ -226,6 +228,20 @@ if ($hesk_settings['imap'] && hesk_validateEmail($hesk_settings['imap_user'], 'E
}
}
}
// We probably shouldn't have two or more users with the same email address; show a notice if so
$res = hesk_dbQuery('SELECT `email`, COUNT(*) AS `cnt` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` GROUP BY `email` HAVING `cnt` > 1');
if (hesk_dbNumRows($res) > 0)
{
$emails = array();
while ($row = hesk_dbFetchAssoc($res))
{
$emails[$row['email']] = $row['cnt'];
}
//hesk_show_notice($hesklang['uue'] . '<br><br>' . implode('<br>', array_keys($emails)));
hesk_show_notice($hesklang['uue']);
}
?>
<div class="main__content team">
<section class="team__head">
@@ -637,7 +653,9 @@ function new_user()
`notify_customer_reply`,
`show_suggested`,
`notify_new_unassigned`,
`notify_overdue_unassigned`,
`notify_new_my`,
`notify_overdue_my`,
`notify_reply_unassigned`,
`notify_reply_my`,
`notify_assigned`,
@@ -660,7 +678,9 @@ function new_user()
'".($myuser['notify_customer_reply'])."' ,
'".($myuser['show_suggested'])."' ,
'".($myuser['notify_new_unassigned'])."' ,
'".($myuser['notify_overdue_unassigned'])."',
'".($myuser['notify_new_my'])."' ,
'".($myuser['notify_overdue_my'])."' ,
'".($myuser['notify_reply_unassigned'])."' ,
'".($myuser['notify_reply_my'])."' ,
'".($myuser['notify_assigned'])."' ,
@@ -750,7 +770,9 @@ function update_user()
`notify_customer_reply`='".($myuser['notify_customer_reply'])."' ,
`show_suggested`='".($myuser['show_suggested'])."' ,
`notify_new_unassigned`='".($myuser['notify_new_unassigned'])."' ,
`notify_overdue_unassigned`='".($myuser['notify_overdue_unassigned'])."' ,
`notify_new_my`='".($myuser['notify_new_my'])."' ,
`notify_overdue_my`='".($myuser['notify_overdue_my'])."' ,
`notify_reply_unassigned`='".($myuser['notify_reply_unassigned'])."' ,
`notify_reply_my`='".($myuser['notify_reply_my'])."' ,
`notify_assigned`='".($myuser['notify_assigned'])."' ,
@@ -839,6 +861,12 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
}
}
}
// One needs view tickets permissions in one has reply to permission
if (in_array('can_reply_tickets', $myuser['features']))
{
$myuser['features'][] = 'can_view_tickets';
}
}
if (hesk_mb_strlen($myuser['signature'])>1000)
@@ -909,13 +937,15 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
}
/* Notifications */
$myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
$myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
$myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
$myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
$myuser['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1;
$myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$myuser['notify_overdue_my'] = empty($_POST['notify_overdue_my']) ? 0 : 1;
$myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
$myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Save entered info in session so we don't lose it in case of errors */
$_SESSION['userdata'] = $myuser;
@@ -942,6 +972,12 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
$myuser['features'][] = 'can_ban_emails';
}
// "can_unban_ips" feature also enables "can_ban_ips"
if ( in_array('can_unban_ips', $myuser['features']) && ! in_array('can_ban_ips', $myuser['features']) )
{
$myuser['features'][] = 'can_ban_ips';
}
return $myuser;
} // End hesk_validateUserInfo()
@@ -969,6 +1005,9 @@ function remove()
}
/* Un-assign all tickets for this user */
// Don't update resolved tickets "Last modified"
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `lastchange`=`lastchange` WHERE `owner`='".intval($myuser)."' AND `status` = '3'");
// For unresolved tickets, update the "Last modified"
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0 WHERE `owner`='".intval($myuser)."'");
/* Delete user info */

76
hesk/admin/module_escalate.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/reporting_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Check permissions for this feature
hesk_checkPermission('can_run_reports');
/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
hesk_show_notice(sprintf($hesklang['modules_demo'], '<a href="https://www.hesk.com/get/hesk3-escalate">HESK Cloud</a>'), ' ', false);
?>
<div class="main__content reports">
<form action="module_escalate.php" method="get" name="form1">
<div class="reports__head">
<h2>
<?php echo $hesklang['escalate']['page_title']; ?>
<div class="tooltype right out-close">
<svg class="icon icon-info">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-info"></use>
</svg>
<div class="tooltype__content">
<div class="tooltype__wrapper">
<?php echo $hesklang['escalate']['intro']; ?>
</div>
</div>
</div>
</h2>
</div>
</form>
<p><?php echo $hesklang['escalate']['intro']; ?></p>
<ul style="list-style-type: disc ! important; padding-left: 40px ! important; margin-top: 20px; margin-bottom: 20px;">
<li><?php echo $hesklang['escalate']['feat1']; ?>,</li>
<li><?php echo $hesklang['escalate']['feat2']; ?>,</li>
<li><?php echo $hesklang['escalate']['feat3']; ?>,</li>
<li><?php echo $hesklang['escalate']['feat4']; ?>,</li>
<li><?php echo $hesklang['and_more']; ?></li>
</ul>
<p><?php echo sprintf($hesklang['see_demo'], '<a href="https://www.hesk.com/get/hesk3-escalate-demo">HESK Demo</a>'); ?></p>
<img src="<?php echo HESK_PATH; ?>img/escalate.jpg" alt="<?php echo $hesklang['escalate']['tab']; ?>" style="margin-top:35px;">
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

5
hesk/admin/move_category.php
View File

@@ -76,7 +76,7 @@ if (hesk_dbNumRows($res) != 1)
$ticket = hesk_dbFetchAssoc($res);
/* Log that ticket is being moved */
$history = sprintf($hesklang['thist1'],hesk_date(),$row['name'],$_SESSION['name'].' ('.$_SESSION['user'].')');
$history = sprintf($hesklang['thist1'],hesk_date(),addslashes($row['name']),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
/* Is the ticket assigned to someone? If yes, check that the user has access to category or change to unassigned */
$need_to_reassign = 0;
@@ -112,7 +112,7 @@ if ($need_to_reassign || ! $ticket['owner'])
if ($autoassign_owner)
{
$ticket['owner'] = $autoassign_owner['id'];
$history .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')');
$history .= sprintf($hesklang['thist10'],hesk_date(),addslashes($autoassign_owner['name']).' ('.$autoassign_owner['user'].')');
}
else
{
@@ -140,6 +140,7 @@ $info = array(
'attachments' => $ticket['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => hesk_getReplierName($ticket),

100
hesk/admin/new_ticket.php
View File

@@ -33,6 +33,10 @@ require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Load calendar JS and CSS
define('CALENDAR',1);
if ($hesk_settings['staff_ticket_formatting'] == 2) {
define('WYSIWYG',1);
}
// Pre-populate fields
// Customer name
if (isset($_REQUEST['name'])) {
@@ -177,6 +181,22 @@ if ( ! isset($_SESSION['as_priority']))
<h4><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h4>
<form method="post" class="form <?php echo isset($_SESSION['iserror']) && count($_SESSION['iserror']) ? 'invalid' : ''; ?>" action="admin_submit_ticket.php" name="form1" enctype="multipart/form-data">
<?php if ($number_of_categories > 1): ?>
<div class="form-group" style="margin-bottom: 0px;">
<label for="create_name" style="display: inline;">
<?php echo $hesklang['category']; ?>:
</label>
&nbsp;
<button type="submit" class="btn btn--blue-border change_category" name="change_category" value="1" title="<?php echo $hesklang['chg_cat']; ?>"><?php echo hesk_getCategoryName($category); ?>
&nbsp;
<svg class="icon icon-edit">
<use xlink:href="../img/sprite.svg#icon-edit"></use>
</svg>
</button>
</div>
<?php endif; ?>
<div class="form-group">
<label for="create_name">
<?php echo $hesklang['name']; ?>: <span class="important">*</span>
@@ -443,11 +463,12 @@ if ( ! isset($_SESSION['as_priority']))
mySubjectTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res))
while ($mysaved = hesk_dbFetchAssoc($res))
{
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1]. "</option>\n";
echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
echo 'mySubjectTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[1]))."';\n";
$can_options .= '<option value="' . $mysaved['id'] . '">' . $mysaved['title']. "</option>\n";
$message_text = $hesk_settings['staff_ticket_formatting'] == 2 ? $mysaved['message_html'] : $mysaved['message'];
echo 'myMsgTxt['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($message_text))."';\n";
echo 'mySubjectTxt['.$mysaved['id'].']=\''.preg_replace("/\r?\n|\r/","\\r\\n' + \r\n'", addslashes($mysaved['title']))."';\n";
}
?>
@@ -461,7 +482,11 @@ if ( ! isset($_SESSION['as_priority']))
{
if (document.form1.mode[1].checked)
{
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("message").setContent('');
<?php else: ?>
document.getElementById('message').value = '';
<?php endif; ?>
document.getElementById('subject').value = '';
}
return true;
@@ -470,13 +495,24 @@ if ( ! isset($_SESSION['as_priority']))
{
if (document.getElementById('moderep').checked)
{
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, myMsg);
<?php else: ?>
document.getElementById('HeskMsg').innerHTML='<textarea style="height: inherit" class="form-control" name="message" id="message" rows="12" cols="60">'+myMsg+'</textarea>';
<?php endif; ?>
document.getElementById('HeskSub').innerHTML='<input class="form-control" type="text" name="subject" id="subject" maxlength="70" value="'+mySubject+'">';
}
else
{
var oldMsg = document.getElementById('message').value;
<?php if ($hesk_settings['staff_ticket_formatting'] == 2): ?>
var oldMsg = tinymce.get("message").getContent();
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, oldMsg + myMsg);
<?php else: ?>
var oldMsg = escapeHtml(document.getElementById('message').value);
document.getElementById('HeskMsg').innerHTML='<textarea style="height: inherit" class="form-control" name="message" id="message" rows="12" cols="60">'+oldMsg+myMsg+'</textarea>';
<?php endif; ?>
if (document.getElementById('subject').value == '')
{
document.getElementById('HeskSub').innerHTML='<input class="form-control" type="text" name="subject" id="subject" maxlength="70" value="'+mySubject+'">';
@@ -558,11 +594,12 @@ if ( ! isset($_SESSION['as_priority']))
name="message" id="message" rows="12" cols="60"><?php if (isset($_SESSION['as_message'])) {echo stripslashes(hesk_input($_SESSION['as_message']));} ?></textarea>
</span>
</div>
<!-- START CUSTOM AFTER -->
<?php
/* custom fields AFTER comments */
if ($hesk_settings['staff_ticket_formatting'] == 2) {
hesk_tinymce_init('#message');
}
/* custom fields AFTER comments */
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && $v['place']==1 && hesk_is_custom_field_in_category($k, $category) )
@@ -809,12 +846,59 @@ if ( ! isset($_SESSION['as_priority']))
<input type="checkbox" id="create_notify1" name="notify" value="1" <?php echo empty($_SESSION['as_notify']) ? '' : 'checked'; ?>>
<label for="create_notify1"><?php echo $hesklang['seno']; ?></label>
</div>
<?php if (hesk_checkPermission('can_view_tickets',0)): ?>
<div class="checkbox-custom">
<input type="checkbox" id="create_show1" name="show" value="1" <?php echo (!isset($_SESSION['as_show']) || !empty($_SESSION['as_show'])) ? 'checked' : ''; ?>>
<label for="create_show1"><?php echo $hesklang['otas']; ?></label>
</div>
<?php endif; ?>
</div>
</div>
<section class="param calendar">
<label><?php echo $hesklang['due_date']; ?>:</label>
<div class="calendar--button">
<button type="button">
<svg class="icon icon-calendar">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-calendar"></use>
</svg>
</button>
<input name="due_date"
value="<?php if (isset($_SESSION['as_due_date'])) {echo stripslashes(hesk_input($_SESSION['as_due_date']));} ?>"
type="text" class="datepicker">
</div>
<div class="calendar--value" style="<?php echo empty($_SESSION['as_due_date']) ? '' : 'display: block'; ?>">
<span><?php echo isset($_SESSION['as_due_date']) ? stripslashes($_SESSION['as_due_date']) : ''; ?></span>
<i class="close">
<svg class="icon icon-close">
<use xlink:href="<?php echo HESK_PATH; ?>img/sprite.svg#icon-close"></use>
</svg>
</i>
</div>
</section>
<br>
<?php if ($hesk_settings['can_sel_lang']): ?>
<div class="form-group">
<label for="as_language"><?php echo $hesklang['tlan']; ?>:</label>
<select name="as_language" id="as_language">
<?php
if (isset($_SESSION['as_language']) && isset($hesk_settings['languages'][$_SESSION['as_language']]))
{
$hesk_settings['language_copy'] = $hesk_settings['language'];
$hesk_settings['language'] = $_SESSION['as_language'];
hesk_listLanguages();
$hesk_settings['language'] = $hesk_settings['language_copy'];
}
else
{
hesk_listLanguages();
}
?>
</select>
</div>
<script>
$('#as_language').selectize();
</script>
<?php endif; ?>
<?php if (hesk_checkPermission('can_assign_others',0)) { ?>
<div class="form-group">
<label><?php echo $hesklang['asst2']; ?>:</label>

5
hesk/admin/password.php
View File

@@ -317,6 +317,11 @@ $login_wrapper = true;
</div>
</div>
<script>
$(() => {
$('form :visible[class*=isError]:first').focus();
})
</script>
<?php
// Clean session errors
hesk_cleanSessionVars('a_iserror');

2
hesk/admin/priority.php
View File

@@ -47,7 +47,7 @@ $options = array(
3 => $hesklang['low']
);
$revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],$_SESSION['name'].' ('.$_SESSION['user'].')');
$revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
if (hesk_dbAffectedRows() != 1)

18
hesk/admin/profile.php
View File

@@ -313,13 +313,15 @@ function update_profile() {
}
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || ! $can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || ! $can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || ! $can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_overdue_my'] = empty($_POST['notify_overdue_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || ! $can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer))
@@ -348,7 +350,9 @@ function update_profile() {
`notify_customer_reply`='".($_SESSION['new']['notify_customer_reply'])."' ,
`show_suggested`='".($_SESSION['new']['show_suggested'])."' ,
`notify_new_unassigned`='".($_SESSION['new']['notify_new_unassigned'])."' ,
`notify_overdue_unassigned`='".($_SESSION['new']['notify_overdue_unassigned'])."' ,
`notify_new_my`='".($_SESSION['new']['notify_new_my'])."' ,
`notify_overdue_my`='".($_SESSION['new']['notify_overdue_my'])."' ,
`notify_reply_unassigned`='".($_SESSION['new']['notify_reply_unassigned'])."' ,
`notify_reply_my`='".($_SESSION['new']['notify_reply_my'])."' ,
`notify_assigned`='".($_SESSION['new']['notify_assigned'])."' ,

1
hesk/admin/resend_notification.php
View File

@@ -92,6 +92,7 @@ $info = array(
'attachments' => $ticket['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => hesk_getReplierName($ticket),

46
hesk/admin/service_messages.php
View File

@@ -253,18 +253,7 @@ $num = hesk_dbNumRows($res);
<?php
if ($hesk_settings['kb_wysiwyg'])
{
?>
<script>
tinymce.init({
selector: '#content',
convert_urls: false,
branding: false,
browser_spellcheck: true,
toolbar: 'undo redo | styleselect fontselect fontsizeselect | bold italic underline | alignleft aligncenter alignright alignjustify | forecolor backcolor | bullist numlist outdent indent | link unlink image codesample code',
plugins: 'charmap code codesample image link lists table',
});
</script>
<?php
hesk_tinymce_init('#content');
}
?>
<div class="right-bar service-message-create" <?php if ($action === 'edit_sm' || isset($_SESSION['preview_sm']) || hesk_SESSION(array('new_sm','errors'))) {echo 'style="display: block"';} ?>>
@@ -289,7 +278,14 @@ if ($hesk_settings['kb_wysiwyg'])
/* Do we have a service message to preview? */
if (isset($_SESSION['preview_sm'])) {
hesk_service_message($_SESSION['new_sm']);
if (isset($_SESSION['new_sm']['message_preview'])) {
$tmp = $_SESSION['new_sm']['message'];
$_SESSION['new_sm']['message'] = $_SESSION['new_sm']['message_preview'];
hesk_service_message($_SESSION['new_sm']);
$_SESSION['new_sm']['message'] = $tmp;
} else {
hesk_service_message($_SESSION['new_sm']);
}
}
?>
<ul class="step-bar">
@@ -435,7 +431,7 @@ function save_sm()
$language = '';
}
$title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML( hesk_POST('message') );
$message = $hesk_settings['kb_wysiwyg'] ? hesk_getHTML( hesk_POST('message') ) : nl2br( hesk_input( hesk_POST('message') ) );
// Clean the HTML code
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
@@ -480,7 +476,8 @@ function save_sm()
'type' => $type,
'language' => $language,
'title' => $title,
'message' => $message
'message' => hesk_input( hesk_POST('message') ),
'message_preview' => $message
);
header('Location: service_messages.php');
@@ -517,6 +514,20 @@ function edit_sm()
hesk_error($hesklang['sm_not_found']);
}
$sm = hesk_dbFetchAssoc($res);
// If we're in plain text mode, convert any HTML message safely to text
if ( ! $hesk_settings['kb_wysiwyg'])
{
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$sm['message'] = $purifier->heskPurify($sm['message']);
$sm['message'] = convert_html_to_text($sm['message']);
$sm['message'] = fix_newlines($sm['message']);
}
$sm['message'] = hesk_htmlspecialchars($sm['message']);
$_SESSION['smord'] = $id;
@@ -622,7 +633,7 @@ function new_sm()
$language = '';
}
$title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML( hesk_POST('message') );
$message = $hesk_settings['kb_wysiwyg'] ? hesk_getHTML( hesk_POST('message') ) : nl2br( hesk_input( hesk_POST('message') ) );
// Clean the HTML code
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
@@ -662,7 +673,8 @@ function new_sm()
'type' => $type,
'language' => $language,
'title' => $title,
'message' => $message,
'message' => hesk_input( hesk_POST('message') ),
'message_preview' => $message
);
header('Location: service_messages.php');

10
hesk/admin/show_tickets.php
View File

@@ -46,18 +46,10 @@ hesk_handle_messages();
?>
</div>
<?php
$header_text = '
<section style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 16px">
<h2 style="font-size: 18px; font-weight: bold">'. $hesklang['tickets'] .' (%%HESK_TICKET_COUNT%%)</h2>
<div class="checkbox-custom">
<input type="checkbox" id="reloadCB" onclick="toggleAutoRefresh(this);">
<label for="reloadCB">'. $hesklang['arp'] .'</label>&nbsp;<span id="timer"></span>
<script type="text/javascript">heskCheckReloading();</script>
</div>
</section>';
/* Print the list of tickets */
$is_search = 1;
$href = 'show_tickets.php';
require_once(HESK_PATH . 'inc/print_tickets.inc.php');
/* Update staff default settings? */