heskPurify($tmpvar['message_html']); $tmpvar['message'] = convert_html_to_text($tmpvar['message_html']); $tmpvar['message'] = fix_newlines($tmpvar['message']); } else { // `message` already contains a HTML friendly version. May as well just re-use it $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message_html'] = $tmpvar['message']; } if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use'] && isset($attachments)) { hesk_removeAttachments($attachments); } $myerror = ''; hesk_error($myerror); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `message`='".hesk_dbEscape($tmpvar['message'])."', `message_html`='".hesk_dbEscape($tmpvar['message_html'])."', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."') WHERE `id`='".intval($tmpvar['id'])."' AND `replyto`='".intval($ticket['id'])."'"); } else { $tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer[]=$hesklang['enter_your_name']; if ($hesk_settings['require_email']) { $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email']; } else { $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); // Not required, but must be valid if it is entered if ($tmpvar['email'] == '') { if (strlen(hesk_POST('email'))) { $hesk_error_buffer['email'] = $hesklang['not_valid_email']; } } } $tmpvar['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[]=$hesklang['enter_ticket_subject']; $tmpvar['message'] = hesk_input( hesk_POST('message') ); $tmpvar['message_html'] = $tmpvar['message']; if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') { $hesk_error_buffer[] = $hesklang['enter_message']; } if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']); $tmpvar['message'] = convert_html_to_text($tmpvar['message_html']); $tmpvar['message'] = fix_newlines($tmpvar['message']); // Re-encode the message $tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']); } else { // `message` already contains a HTML friendly version. May as well just re-use it $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message_html'] = $tmpvar['message']; } // Demo mode if ( defined('HESK_DEMO') ) { $tmpvar['email'] = 'hidden@demo.com'; } // Custom fields foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) { if ($v['type'] == 'checkbox') { $tmpvar[$k]=''; if (isset($_POST[$k]) && is_array($_POST[$k])) { foreach ($_POST[$k] as $myCB) { $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
';; } $tmpvar[$k]=substr($tmpvar[$k],0,-6); } else { if ($v['req'] == 2) { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } $_POST[$k] = ''; } } elseif ($v['type'] == 'date') { $tmpvar[$k] = hesk_POST($k); $_SESSION["as_$k"] = ''; if (preg_match("/^[0-9]{2}\/[0-9]{2}\/[0-9]{4}$/", $tmpvar[$k])) { $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC'); $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false; $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false; $_SESSION["as_$k"] = $tmpvar[$k]; if ($dmin && $dmin > $date) { $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format'])); } elseif ($dmax && $dmax < $date) { $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format'])); } else { $tmpvar[$k] = $date; } } else { if ($v['req'] == 2) { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } } } elseif ($v['type'] == 'email') { $tmp = $hesk_settings['multi_eml']; $hesk_settings['multi_eml'] = $v['value']['multiple']; $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0); $hesk_settings['multi_eml'] = $tmp; if ($tmpvar[$k] != '') { $_SESSION["as_$k"] = hesk_input($tmpvar[$k]); } else { $_SESSION["as_$k"] = ''; if ($v['req'] == 2) { $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']); } } } elseif ($v['req'] == 2) { $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) ))); if ($tmpvar[$k] == '') { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } } else { $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); } } else { $tmpvar[$k] = ''; } } if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use'] && isset($attachments)) { hesk_removeAttachments($attachments); } $myerror = ''; hesk_error($myerror); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } $custom_SQL = ''; for ($i=1; $i<=50; $i++) { $custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ','; } $custom_SQL = rtrim($custom_SQL, ','); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `name`='".hesk_dbEscape( hesk_mb_substr($tmpvar['name'], 0, 255) )."', `email`='".hesk_dbEscape( hesk_mb_substr($tmpvar['email'], 0, 1000) )."', `subject`='".hesk_dbEscape( hesk_mb_substr($tmpvar['subject'], 0, 255) )."', `message`='".hesk_dbEscape($tmpvar['message'])."', `message_html`='".hesk_dbEscape($tmpvar['message_html'])."', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."'), $custom_SQL WHERE `id`='".intval($ticket['id'])."'"); } unset($tmpvar); hesk_cleanSessionVars('tmpvar'); hesk_process_messages($hesklang['edt2'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } $ticket['message'] = hesk_msgToPlain($ticket['message'],0,0); /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

$v) { if ($v['use'] && $v['place']==0 && hesk_is_custom_field_in_category($k, $ticket['category']) ) { $k_value = $ticket[$k]; if ($v['type'] == 'checkbox') { $k_value = explode('
',$k_value); } $v['req'] = $v['req']==2 ? '*' : ''; switch ($v['type']) { /* Radio box */ case 'radio': echo '
'; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['radio_options'] as $option) { if (strlen($k_value) == 0) { $k_value = $option; $checked = empty($v['value']['no_default']) ? 'checked' : ''; } elseif ($k_value == $option) { $k_value = $option; $checked = 'checked'; } else { $checked = ''; } echo '
'; $index++; } echo '
'; break; /* Select drop-down box */ case 'select': $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; echo '
'; break; /* Checkbox */ case 'checkbox': echo '
'; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['checkbox_options'] as $option) { if (in_array($option,$k_value)) { $checked = 'checked'; } else { $checked = ''; } echo '
'; $index++; } echo '
'; break; /* Large text box */ case 'textarea': $cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : ''; $k_value = hesk_msgToPlain($k_value,0,0); echo '
'; break; // Date case 'date': $k_value = hesk_custom_date_display_format($k_value, 'm/d/Y'); echo '
'. $k_value .'
'; break; // Email case 'email': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : ''; echo '
'; break; // Hidden // Handle as text fields for staff /* Default text input */ default: $k_value = hesk_msgToPlain($k_value,0,0); $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
'; } } } ?>
$v) { if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { $k_value = $ticket[$k]; if ($v['type'] == 'checkbox') { $k_value = explode('
',$k_value); } $v['req'] = $v['req']==2 ? '*' : ''; switch ($v['type']) { /* Radio box */ case 'radio': echo '
'; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['radio_options'] as $option) { if (strlen($k_value) == 0) { $k_value = $option; $checked = empty($v['value']['no_default']) ? 'checked' : ''; } elseif ($k_value == $option) { $k_value = $option; $checked = 'checked'; } else { $checked = ''; } echo '
'; $index++; } echo '
'; break; /* Select drop-down box */ case 'select': $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; echo '
'; break; /* Checkbox */ case 'checkbox': echo '
'; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['checkbox_options'] as $option) { if (in_array($option,$k_value)) { $checked = 'checked'; } else { $checked = ''; } echo '
'; $index++; } echo '
'; break; /* Large text box */ case 'textarea': $cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : ''; $k_value = hesk_msgToPlain($k_value,0,0); echo '
'; break; // Date case 'date': $k_value = hesk_custom_date_display_format($k_value, 'm/d/Y'); echo '
'. $k_value .'
'; break; // Email case 'email': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : ''; echo '
'; break; // Hidden // Handle as text fields for staff /* Default text input */ default: $k_value = hesk_msgToPlain($k_value,0,0); $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
'; } } } } // End if not a reply // attachments if ($hesk_settings['attachments']['use'] && $number_of_attachments < $hesk_settings['attachments']['max_number']) { echo '
'; echo ''; for ($i=$number_of_attachments+1;$i<=$hesk_settings['attachments']['max_number'];$i++) { echo '
'; } echo '
'; } ?>