mirror of https://github.com/itflow-org/itflow
Merge branch 'master' of github.com:johnnyq/itflow
This commit is contained in:
johnnyq
commit
94faa6934a
|
|
@ -16,7 +16,6 @@
|
|||
</div>
|
||||
<?php
|
||||
if($document_tags) {
|
||||
foreach($document_tags as $document_tag) {
|
||||
?>
|
||||
<!-- Document Tags select start -->
|
||||
<div class="form-group">
|
||||
|
|
@ -25,6 +24,9 @@
|
|||
<span class="fa fa-fw fa-tag"></span> <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu">
|
||||
<?php
|
||||
foreach($document_tags as $document_tag) {
|
||||
?>
|
||||
<li>
|
||||
<div class="form-check">
|
||||
<label>
|
||||
|
|
@ -32,12 +34,14 @@
|
|||
</label>
|
||||
</div>
|
||||
</li>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<!-- Document tags select end -->
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
|
|
|
|||
64
post.php
64
post.php
|
|
@ -5209,9 +5209,9 @@ if(isset($_GET['export_client_domains_csv'])){
|
|||
}
|
||||
|
||||
if(isset($_POST['add_ticket'])){
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
|
||||
// Initiate HTML Purifier
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
|
|
@ -5220,8 +5220,7 @@ if(isset($_POST['add_ticket'])){
|
|||
$contact = intval($_POST['contact']);
|
||||
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])));
|
||||
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['priority'])));
|
||||
$dirty_details = mysqli_real_escape_string($mysqli,$_POST['details']);
|
||||
$details = $purifier->purify($dirty_details);
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details']))));
|
||||
$asset_id = intval($_POST['asset']);
|
||||
|
||||
if($client_id > 0 AND $contact == 0){
|
||||
|
|
@ -5247,11 +5246,17 @@ if(isset($_POST['add_ticket'])){
|
|||
}
|
||||
|
||||
if(isset($_POST['add_scheduled_ticket'])){
|
||||
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$client_id = intval($_POST['client']);
|
||||
$contact = intval($_POST['contact']);
|
||||
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])));
|
||||
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['priority'])));
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$_POST['details']));
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details']))));
|
||||
$asset_id = intval($_POST['asset']);
|
||||
$frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
|
||||
$start_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['start_date'])));
|
||||
|
|
@ -5275,11 +5280,17 @@ if(isset($_POST['add_scheduled_ticket'])){
|
|||
}
|
||||
|
||||
if(isset($_POST['edit_scheduled_ticket'])){
|
||||
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$ticket_id = intval($_POST['ticket_id']);
|
||||
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])));
|
||||
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['priority'])));
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$_POST['details']));
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details']))));
|
||||
$asset_id = intval($_POST['asset']);
|
||||
$frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
|
||||
$next_run_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['next_date'])));
|
||||
|
|
@ -5312,12 +5323,17 @@ if(isset($_GET['delete_scheduled_ticket'])){
|
|||
|
||||
if(isset($_POST['edit_ticket'])){
|
||||
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$ticket_id = intval($_POST['ticket_id']);
|
||||
$assigned_to = intval($_POST['assigned_to']);
|
||||
$contact_id = intval($_POST['contact']);
|
||||
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])));
|
||||
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['priority'])));
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$_POST['details']));
|
||||
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details']))));
|
||||
$asset_id = intval($_POST['asset']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE tickets SET ticket_subject = '$subject', ticket_priority = '$priority', ticket_details = '$details', ticket_updated_at = NOW(), ticket_assigned_to = $assigned_to, ticket_contact_id = $contact_id, ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id AND company_id = $session_company_id");
|
||||
|
|
@ -5364,17 +5380,16 @@ if(isset($_GET['delete_ticket'])){
|
|||
}
|
||||
|
||||
if(isset($_POST['add_ticket_reply'])){
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
|
||||
// Initiate HTML Purifier
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$ticket_id = intval($_POST['ticket_id']);
|
||||
$dirty = trim(mysqli_real_escape_string($mysqli,$_POST['ticket_reply']));
|
||||
$ticket_reply = $purifier->purify($dirty);
|
||||
$ticket_status = trim(mysqli_real_escape_string($mysqli,$_POST['status']));
|
||||
$ticket_reply_time_worked = trim(mysqli_real_escape_string($mysqli,$_POST['time']));
|
||||
$ticket_reply = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['ticket_reply']))));
|
||||
$ticket_status = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['status'])));
|
||||
$ticket_reply_time_worked = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['time'])));
|
||||
|
||||
if(isset($_POST['public_reply_type'])){
|
||||
$ticket_reply_type = 'Public';
|
||||
|
|
@ -5449,8 +5464,13 @@ if(isset($_POST['add_ticket_reply'])){
|
|||
|
||||
if(isset($_POST['edit_ticket_reply'])){
|
||||
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$ticket_reply_id = intval($_POST['ticket_reply_id']);
|
||||
$ticket_reply = trim(mysqli_real_escape_string($mysqli,$_POST['ticket_reply']));
|
||||
$ticket_reply = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['ticket_reply']))));
|
||||
|
||||
mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_updated_at = NOW() WHERE ticket_reply_id = $ticket_reply_id AND company_id = $session_company_id") or die(mysqli_error($mysqli));
|
||||
|
||||
|
|
@ -5498,7 +5518,7 @@ if(isset($_GET['merge_ticket_get_json_details'])){
|
|||
if(isset($_POST['merge_ticket'])){
|
||||
$ticket_id = intval($_POST['ticket_id']);
|
||||
$merge_into_ticket_number = intval($_POST['merge_into_ticket_number']);
|
||||
$merge_comment = trim(mysqli_real_escape_string($mysqli,$_POST['merge_comment']));
|
||||
$merge_comment = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['merge_comment'])));
|
||||
$ticket_reply_type = 'Internal';
|
||||
|
||||
//Get current ticket details
|
||||
|
|
@ -5882,10 +5902,15 @@ if(isset($_GET['delete_file'])){
|
|||
|
||||
if(isset($_POST['add_document'])){
|
||||
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
$tags_ids = $_POST['tags_ids'];
|
||||
$content = trim(mysqli_real_escape_string($mysqli,$_POST['content']));
|
||||
$content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content']))));
|
||||
|
||||
// Document add query
|
||||
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_created_at = NOW(), document_client_id = $client_id, company_id = $session_company_id");
|
||||
|
|
@ -5909,10 +5934,15 @@ if(isset($_POST['add_document'])){
|
|||
|
||||
if(isset($_POST['edit_document'])){
|
||||
|
||||
// HTML Purifier
|
||||
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
$document_id = intval($_POST['document_id']);
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
$tags_ids = $_POST['tags_ids'];
|
||||
$content = trim(mysqli_real_escape_string($mysqli,$_POST['content']));
|
||||
$content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content']))));
|
||||
|
||||
// Document edit query
|
||||
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_content = '$content', document_updated_at = NOW() WHERE document_id = $document_id AND company_id = $session_company_id");
|
||||
|
|
|
|||
Loading…
Reference in New Issue