AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added Document Template Listing, editing, deletion, move scheduled tickets into tickets

Browse Source
This commit is contained in:
johnnyq
2023-01-18 22:00:45 -05:00
parent 5492e6d3f7
commit 45564d45bc
12 changed files with 344 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
post.php
View File

@@ -6763,20 +6763,10 @@ if(isset($_POST['add_document'])){
$content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content']))));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
$template = intval($_POST['template']);
//Templates don't go into folders
if($template == 0){
$folder = intval($_POST['folder']);
}else{
$folder = 0;
}
//Templates don't have assigned client_ids
if($template == 1){
$client_id = 0;
}
$folder = intval($_POST['folder']);
// Document add query
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_template = $template, document_folder_id = $folder, document_client_id = $client_id, company_id = $session_company_id");
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_client_id = $client_id, company_id = $session_company_id");
$document_id = $mysqli->insert_id;
// Logging
@@ -6788,6 +6778,35 @@ if(isset($_POST['add_document'])){
}
if(isset($_POST['add_document_template'])){
validateTechRole();
// HTML Purifier
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
$client_id = intval($_POST['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content']))));
$content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content']))));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
// Document add query
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_client_id = 0, company_id = $session_company_id");
$document_id = $mysqli->insert_id;
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Create', log_description = 'Created Document Template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = '$client_id', company_id = $session_company_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Document Template created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['add_document_from_template'])){
// ROLE Check
@@ -6824,7 +6843,7 @@ if(isset($_POST['add_document_from_template'])){
$_SESSION['alert_message'] = "Document created from template";
header("Location: client_document_details.php?client_id=$client_id&folder_id=$folder_id&document_id=$document_id");
header("Location: client_document_template_details.php?client_id=$client_id&document_id=$document_id");
}
@@ -6859,6 +6878,35 @@ if(isset($_POST['edit_document'])){
}
if(isset($_POST['edit_document_template'])){
validateTechRole();
// HTML Purifier
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
$document_id = intval($_POST['document_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content']))));
$content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content']))));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
// Document edit query
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw' WHERE document_id = $document_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Modify', log_description = '$name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Document Template updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['delete_document'])){
validateAdminRole();