From 4ac78418824e6e7e1622657b9bc1003ecab6bd74 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Sat, 7 Oct 2023 15:51:58 +0100 Subject: [PATCH 01/12] Email parsing for all domains registered under a client - Add support for email parsing/contact creation for all domains registered under a client in the domains module, rather than just the client main website. - Additionally fix domain_created_at bug and move the new ticket auto-reply message to the email queue instead Future work: Make ticket parsing work with HTML emails (HTML emails break agent notifs) --- client_domains.php | 2 +- cron_ticket_email_parser.php | 55 +++++++++++---------- functions.php | 18 +++---- ticket.php | 94 +++++++++++++++++++----------------- 4 files changed, 86 insertions(+), 83 deletions(-) diff --git a/client_domains.php b/client_domains.php index d4610375..4d9f4a0c 100644 --- a/client_domains.php +++ b/client_domains.php @@ -72,6 +72,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $domain_webhost = intval($row['domain_webhost']); $domain_expire = nullable_htmlentities($row['domain_expire']); $domain_registrar_name = nullable_htmlentities($row['vendor_name']); + $domain_created_at = nullable_htmlentities($row['domain_created_at']); if (empty($domain_registrar_name)) { $domain_registrar_name = "-"; } @@ -82,7 +83,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); if ($row) { $domain_webhost_name = nullable_htmlentities($row['vendor_name']); } - $domain_created_at = nullable_htmlentities($row['domain_created_at']); ?> diff --git a/cron_ticket_email_parser.php b/cron_ticket_email_parser.php index c686c23f..993d91b7 100644 --- a/cron_ticket_email_parser.php +++ b/cron_ticket_email_parser.php @@ -94,9 +94,9 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date // Prep ticket details $message = nl2br($message); - $message = mysqli_real_escape_string($mysqli, "Email from: $contact_email at $date:-

$message"); + $message_escaped = mysqli_real_escape_string($mysqli, "Email from: $contact_email at $date:-

$message"); - mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Pending-Assignment', ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_client_id = $client_id"); + mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message_escaped', ticket_priority = 'Low', ticket_status = 'Pending-Assignment', ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_client_id = $client_id"); $id = mysqli_insert_id($mysqli); // Logging @@ -141,27 +141,16 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date // E-mail client notification that ticket has been created if ($config_ticket_client_general_notifications == 1) { - $email_subject = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"; - $email_body = "##- Please type your reply above this line -##

Hello, $contact_name

Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

Ticket: $config_ticket_prefix$ticket_number
Subject: $subject
Status: Open
https://$config_base_url/portal/ticket.php?id=$id

~
$company_name
Support Department
$config_ticket_from_email
$company_phone"; + // Insert email into queue (first, escape vars) + $contact_email_escaped = sanitizeInput($contact_email); + $contact_name_escaped = sanitizeInput($contact_name); + $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email); + $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name); - $mail = sendSingleEmail( - $config_smtp_host, - $config_smtp_username, - $config_smtp_password, - $config_smtp_encryption, - $config_smtp_port, - $config_ticket_from_email, - $config_ticket_from_name, - $contact_email, - $contact_name, - $email_subject, - $email_body - ); + $subject_escaped = mysqli_escape_string($mysqli, "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"); + $body_escaped = mysqli_escape_string($mysqli, "##- Please type your reply above this line -##

Hello, $contact_name

Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

Ticket: $config_ticket_prefix$ticket_number
Subject: $subject
Status: Open
https://$config_base_url/portal/ticket.php?id=$id

~
$company_name
Support Department
$config_ticket_from_email
$company_phone"); - if ($mail !== true) { - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'"); - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail'"); - } + mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$contact_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject_escaped', email_content = '$body_escaped'"); } @@ -173,8 +162,10 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date $client_row = mysqli_fetch_array($client_sql); $client_name = sanitizeInput($client_row['client_name']); - $details = removeEmoji($message); - $email_subject = "ITFlow - New Ticket - $client_name: $subject"; + // TODO: Fix Emojis and HTML opening tags sometimes breaking this "forwarding" + $details = removeEmoji($message_escaped); + + $email_subject = mysqli_escape_string($mysqli, "ITFlow - New Ticket - $client_name: $subject"); $email_body = "Hello,

This is a notification that a new ticket has been raised in ITFlow.
Client: $client_name
Priority: Low (email parsed)
Link: https://$config_base_url/ticket.php?ticket_id=$id

--------------------------------

$subject
$details"; mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$config_ticket_new_ticket_notification_email', email_recipient_name = 'ITFlow Agents', email_from = '$config_ticket_from_email', email_from_name = '$config_ticket_from_name', email_subject = '$email_subject', email_content = '$email_body'"); @@ -366,9 +357,17 @@ if ($emails) { $date = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($parser->getHeader('date'))))); $attachments = $parser->getAttachments(); + // Get the message content + // (first try HTML parsing, but switch to plain text if the email is empty/plain-text only) +// $message = $parser->getMessageBody('htmlEmbedded'); +// if (empty($message)) { +// echo "DEBUG: Switching to plain text parsing for this message ($subject)"; +// $message = $parser->getMessageBody('text'); +// } + + // TODO: Default to getting HTML and fallback to plaintext, but HTML emails seem to break the forward/agent notifications + $message = $parser->getMessageBody('text'); - // If below is enabled and up above is enabled text based emails get cut out - //$message = $parser->getMessageBody('htmlEmbedded'); // Check if we can identify a ticket number (in square brackets) if (preg_match("/\[$config_ticket_prefix\d+\]/", $subject, $ticket_number)) { @@ -407,14 +406,14 @@ if ($emails) { // Couldn't match this email to an existing ticket or an existing client contact // Checking to see if the sender domain matches a client website - $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM clients WHERE client_website = '$from_domain' LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain' LIMIT 1")); - if ($row && $from_domain == $row['client_website']) { + if ($row && $from_domain == $row['domain_name']) { // We found a match - create a contact under this client and raise a ticket for them // Client details - $client_id = intval($row['client_id']); + $client_id = intval($row['domain_client_id']); // Contact details $password = password_hash(randomString(), PASSWORD_DEFAULT); diff --git a/functions.php b/functions.php index 11276006..5a047108 100644 --- a/functions.php +++ b/functions.php @@ -516,7 +516,7 @@ function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_ $smtp_auth = true; } - try{ + try { // Mail Server Settings $mail->CharSet = "UTF-8"; // Specify UTF-8 charset to ensure symbols ($/£) load correctly $mail->SMTPDebug = 0; // No Debugging @@ -712,13 +712,13 @@ function shortenClient($client) { // Break into words. $words = explode(' ', trim($cleaned)); - + $shortened = ''; // If there's only one word. if (count($words) == 1) { $word = $words[0]; - + if (strlen($word) <= 3) { return strtoupper($word); } @@ -753,22 +753,22 @@ function roundToNearest15($time) { // Extract hours, minutes, and seconds from the matched time string list(, $hours, $minutes, $seconds) = $matches; - + // Convert everything to seconds for easier calculation $totalSeconds = ($hours * 3600) + ($minutes * 60) + $seconds; - + // Calculate the remainder when divided by 900 seconds (15 minutes) $remainder = $totalSeconds % 900; - + if ($remainder > 450) { // If remainder is more than 7.5 minutes (450 seconds), round up $totalSeconds += (900 - $remainder); } else { // Else round down $totalSeconds -= $remainder; } - + // Convert total seconds to decimal hours $decimalHours = $totalSeconds / 3600; - + // Return the decimal hours return number_format($decimalHours, 2); -} \ No newline at end of file +} diff --git a/ticket.php b/ticket.php index 8228e9fd..1ec5165d 100644 --- a/ticket.php +++ b/ticket.php @@ -327,15 +327,15 @@ if (isset($_GET['ticket_id'])) { - -
-
-
- - + +
+
+
+ + +
-
@@ -483,13 +483,13 @@ if (isset($_GET['ticket_id'])) {

Contact

- +
- + -
+
-
- $ticket_id ORDER BY ticket_id DESC LIMIT 1"; - $row = mysqli_fetch_assoc(mysqli_query($mysqli, $sql_prev_ticket)); + $prev_ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, $sql_prev_ticket)); - $prev_ticket_id = intval($row['ticket_id']); - $prev_ticket_subject = nullable_htmlentities($row['ticket_subject']); - $prev_ticket_status = nullable_htmlentities($row['ticket_status']); - ?> + if ($prev_ticket_row) { + $prev_ticket_id = intval($prev_ticket_row['ticket_id']); + $prev_ticket_subject = nullable_htmlentities($prev_ticket_row['ticket_subject']); + $prev_ticket_status = nullable_htmlentities($prev_ticket_row['ticket_status']); + ?> -
- Previous ticket: - -
-
- +
+
+ Previous ticket: + +
+
Status: - - - Status: - - -
- + + + + + +
+ + +
Add a Contact @@ -565,12 +569,12 @@ if (isset($_GET['ticket_id'])) { $sql_ticket_watchers = mysqli_query($mysqli, "SELECT * FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id ORDER BY watcher_email DESC"); while ($ticket_watcher_row = mysqli_fetch_array($sql_ticket_watchers)) { $ticket_watcher_email = nullable_htmlentities($ticket_watcher_row['watcher_email']); - ?> + ?>
- +
@@ -586,14 +590,14 @@ if (isset($_GET['ticket_id'])) {
Updated:
- + - + $ticket_closed_by_display = nullable_htmlentities($row['user_name']); + ?> +
Closed by:
@@ -601,7 +605,7 @@ if (isset($_GET['ticket_id'])) { Feedback:
- +
Total time worked: @@ -613,13 +617,13 @@ if (isset($_GET['ticket_id'])) {

Asset

- + - +
Add an Asset
- +
@@ -686,7 +690,7 @@ if (isset($_GET['ticket_id'])) { Ticket: $service_ticket_subject ($service_ticket_status)"; ?>

-
@@ -699,13 +703,13 @@ if (isset($_GET['ticket_id'])) {
- +
- +

Vendor

@@ -784,14 +788,14 @@ if (isset($_GET['ticket_id'])) { Invoice Ticket Close Ticket
- +
From 221a020ec7252549a3cfb0376ddcfaf9f1462cf7 Mon Sep 17 00:00:00 2001 From: Andrew Malsbury Date: Sun, 8 Oct 2023 02:06:54 +0000 Subject: [PATCH 02/12] Update Readme to suggest install script. --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/README.md b/README.md index d08dfe33..08c15859 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,44 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https:// 3. Create a MariaDB Database 4. Point your browser to your HTTPS web server to begin setup + +## Installation via Script (Recommended Method) + + **Security message** + This project is currently in Beta with many ongoing changes. + + Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issues. Use your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc. + Need to report a security issue? Check the [security policy](https://github.com/itflow-org/itflow/security/policy) + + ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law + + ITFlow is self-hosted. There is a full installation guide in the [docs](https://docs.itflow.org/installation), but the TLDR is: + + + **Requirements** + - Clean Install of Debian 12 or Ubuntu 22.04 + - A public IP Address + - Ports 80 (HTTP) and 443 (HTTPS) TCP accessible from the outside in + - A Fully Qualified Domain Name pointing to the public IP Address – example itflow.example.com, NOT itflow.xyz.example.com + + **Process** + - Login as root + - Download Script + ``` + wget https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh + ``` + - Read over script to understand purpose and function + ``` + nano itflow.sh + ``` + - Close nano with `ctrl + 'X'` + - Run Scipt + ``` + bash itflow_install.sh + ``` + - Follow Instructions + - Leave us feedback in the [forum](https://forum.itflow.org/d/11-road-map) + ## Key Features * Client documentation - assets, contacts, domains, docs, files, passwords, and more From 605eda879df1112ef9f0ea2bee0ee2ae2ac22fc2 Mon Sep 17 00:00:00 2001 From: Andrew Malsbury Date: Sun, 8 Oct 2023 02:09:26 +0000 Subject: [PATCH 03/12] Updated wording --- README.md | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 08c15859..127a6414 100644 --- a/README.md +++ b/README.md @@ -83,20 +83,10 @@ * FullCalendar.io -## Getting Started / Installation +## Getting Started -ITFlow is self-hosted. There is a full installation guide in the [docs](https://docs.itflow.org/installation), but the main steps are: +ITFlow is self-hosted. There is a full installation guide in the [docs](https://docs.itflow.org/installation). -1. Install a LAMP stack (Linux, Apache, MariaDB, PHP) - ```sh - sudo apt install git apache2 php libapache2-mod-php php-intl php-imap php-mailparse php-mysqli php-curl mariadb-server - ``` -2. Clone the repo - ```sh - git clone https://github.com/itflow-org/itflow.git /var/www/html - ``` -3. Create a MariaDB Database -4. Point your browser to your HTTPS web server to begin setup ## Installation via Script (Recommended Method) @@ -108,9 +98,6 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https:// Need to report a security issue? Check the [security policy](https://github.com/itflow-org/itflow/security/policy) ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law - - ITFlow is self-hosted. There is a full installation guide in the [docs](https://docs.itflow.org/installation), but the TLDR is: - **Requirements** - Clean Install of Debian 12 or Ubuntu 22.04 From 92eabf1e70c2dee19485d8922590217fbfa3c468 Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 09:02:18 +0100 Subject: [PATCH 04/12] Update README.md / Update readme with install script #737 --- README.md | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 127a6414..fc49952e 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ Report Bug · Request Feature + · + Security

@@ -89,16 +91,8 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https:// -## Installation via Script (Recommended Method) - - **Security message** - This project is currently in Beta with many ongoing changes. - - Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issues. Use your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc. - Need to report a security issue? Check the [security policy](https://github.com/itflow-org/itflow/security/policy) - - ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law - +### Installation via Script (Recommended Method) + **Requirements** - Clean Install of Debian 12 or Ubuntu 22.04 - A public IP Address @@ -107,20 +101,10 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https:// **Process** - Login as root - - Download Script + - Download & run install script ``` - wget https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh - ``` - - Read over script to understand purpose and function - ``` - nano itflow.sh - ``` - - Close nano with `ctrl + 'X'` - - Run Scipt - ``` - bash itflow_install.sh - ``` - - Follow Instructions + wget https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh && bash itflow_install.sh + - Follow Instructions & navigate to setup URL shown - Leave us feedback in the [forum](https://forum.itflow.org/d/11-road-map) From b9cadd508d1dc0c11227bae0fc01650d310d50d5 Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 09:03:25 +0100 Subject: [PATCH 05/12] Update README.md / Update readme with install script #737 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fc49952e..0bc47c49 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https:// - Download & run install script ``` wget https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh && bash itflow_install.sh + ``` - Follow Instructions & navigate to setup URL shown - Leave us feedback in the [forum](https://forum.itflow.org/d/11-road-map) From 4025cfdceade32cf3555aa1d100609733f8b271e Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 17:28:53 +0100 Subject: [PATCH 06/12] Update support.md Refer bugs/features/support to forum --- .github/ISSUE_TEMPLATE/support.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/support.md b/.github/ISSUE_TEMPLATE/support.md index cd6ca6f3..1dddb5e3 100644 --- a/.github/ISSUE_TEMPLATE/support.md +++ b/.github/ISSUE_TEMPLATE/support.md @@ -1,17 +1,24 @@ --- name: Support -about: Please visit the Forum or Discord for support -title: '' +about: Please request support on the Forum @ https://forum.itflow.org/t/support +title: 'Please visit the Forum for support' labels: Support assignees: '' --- -Please visit the Forum or Discord for support +We're now using GitHub Issues exclusively for development. +- -Forum - https://forum.itflow.org/ +Going forward, GitHub Issues will be used to track confirmed bugs & planned features via Github Projects. This allows us to keep GitHub clean & tidy, whilst maintaining an active and relaxed community experience on the Forum. -Discord - https://discord.gg/ZjCcBzTUDr +Please use the forum for support queries/issues: https://forum.itflow.org/t/support + +All new support requests raised here will be closed. + +Thanks, + +The ITFlow team :) -- From 0f4f670f9c80a2fff51e948ee19659b2a4a36509 Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 17:28:56 +0100 Subject: [PATCH 07/12] Update feature_request.md Refer bugs/features/support to forum --- .github/ISSUE_TEMPLATE/feature_request.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index eb5c5856..926f6522 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,16 +1,25 @@ --- name: Feature request about: Please discuss new features on the Forum @ https://forum.itflow.org/t/features -title: '' +title: 'Please discuss new features on the Forum' labels: Support assignees: '' --- -We're now using GitHub just to track features we're definitely planning to implement (and bugs!). +We're now using GitHub Issues exclusively for development. +- -Please discuss new feature requests on the forum @ https://forum.itflow.org/t/features. This allows us to gather interest & feedback on the features people feel are most important, whilst keeping GitHub cleaner and more about the code. +Going forward, GitHub Issues will be used to track confirmed bugs & planned features via Github Projects. This allows us to keep GitHub clean & tidy, whilst maintaining an active and relaxed community experience on the Forum. -New feature requests here will be closed. +Please discuss new feature requests on the forum @ https://forum.itflow.org/t/features. When creating discussions, try to imagine how your proposed feature would also benefit other users. -Thanks :) +All new feature requests raised here will be closed, unless agreed otherwise. + +Thanks, + +The ITFlow team :) + +-- + +To privately discuss a security issue, please see https://github.com/itflow-org/itflow/security From 57403e17073deab0c49118307d5362f978bb8bcc Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 17:29:01 +0100 Subject: [PATCH 08/12] Update bug_report.md Refer bugs/features/support to forum --- .github/ISSUE_TEMPLATE/bug_report.md | 31 ++++++++-------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index d95efcb2..c12ca08b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,35 +1,22 @@ --- name: Bug report -about: Something not working quite right? Create a report to help us improve! -title: '' -labels: '' +about: Please report bugs on the Forum @ https://forum.itflow.org/t/bug +title: 'Please report bugs on the Forum' +labels: Support assignees: '' --- -**Describe the bug** -A clear and concise description of what the bug is. +We're now using GitHub Issues exclusively for development. +- -**Can you reproduce this on the demo at demo.itflow.org** -Yes/No/NA +Going forward, GitHub Issues will be used to track confirmed bugs & planned features via Github Projects. This allows us to keep GitHub clean & tidy, whilst maintaining an active and relaxed community experience on the Forum. -**Are you on the latest available version of ITFlow, with an up-to-date database structure?** -Yes/No +Please raise bugs on the forum @ https://forum.itflow.org/t/bug. Make sure to mention whether you can replicate the bug on demo.itflow.org. -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -4. See error +Thanks, -**Expected behavior** -A clear and concise description of what you expected to happen, if not obvious. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Additional context** -Add any other context about the problem here. +The ITFlow team :) -- From cd006d0625d638880fe3d6e1c4210eb14e504dbd Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 17:32:21 +0100 Subject: [PATCH 09/12] Update first-interaction.yml Refer bugs/features/support to forum --- .github/workflows/first-interaction.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/first-interaction.yml b/.github/workflows/first-interaction.yml index 1ccf5f8a..8c6dbc7f 100644 --- a/.github/workflows/first-interaction.yml +++ b/.github/workflows/first-interaction.yml @@ -16,9 +16,9 @@ jobs: issue-message: | Hello & Welcome! :) - Thanks for taking the time to get in touch. We'll review this issue shortly. + Thanks for taking the time to get in touch. - Whilst you're waiting, please feel free to check out the [forum](https://forum.itflow.org). + We ask that all bugs/feature/support requests are raised via the [forum](https://forum.itflow.org). We'll be in touch shortly to confirm. pr-message: | Hello & Welcome! :) From f241d247be82f032a46b23bac0f8f4b59f9ec88c Mon Sep 17 00:00:00 2001 From: Andrew Malsbury Date: Sun, 8 Oct 2023 13:07:56 -0500 Subject: [PATCH 10/12] Update oneliner to not save the install file. Updated oneliner to pipe the script directly to bash. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0bc47c49..a9cc5dab 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https:// - Login as root - Download & run install script ``` - wget https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh && bash itflow_install.sh + wget -O - https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh | bash ``` - Follow Instructions & navigate to setup URL shown - Leave us feedback in the [forum](https://forum.itflow.org/d/11-road-map) From ac51e6a8ad6c092748c9ecffca07fb7f5468bb12 Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 20:09:17 +0100 Subject: [PATCH 11/12] Update SECURITY.md Reword security policy, include an escalation process (forum private discussion) --- SECURITY.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index e18a4433..0edc6ff6 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,9 @@ # Security Policy +## **Please do NOT report security concerns/vulnerabilities publicly (Github issues/forum)** + +--- + ## In Beta ITFlow is currently in beta and is a work in progress. @@ -14,10 +18,10 @@ We attempt to follow security best practices where possible, including [automate | ------- | ------------------ | | Beta | :white_check_mark: | -## Reporting a Vulnerability - -**Please do not report security vulnerabilities through public GitHub issues.** - -If you have discovered a security issue, please [report it](https://github.com/itflow-org/itflow/security/advisories/new) to us in as much detail as possible, so we can fix it. You should expect to receive an initial acknowledgement within 72 hours. +## Reporting a Vulnerability via GitHub Security Advisories **Security contact: [GitHub Security Advisories](https://github.com/itflow-org/itflow/security/advisories/new)** + +If you have discovered a security issue, please **[report it](https://github.com/itflow-org/itflow/security/advisories/new)** to us in as much detail as possible, so we can fix it. + +You should expect to receive an initial acknowledgement within 72 hours. If you don't receive any feedback, we may have missed the initial email from GitHub (we're human!). Please raise a private forum discussion with johnny and wrongecho quoting ONLY the assigned GHSA ref. From 5b49d35f1a0241060c0f83ee696aa53df2f3c782 Mon Sep 17 00:00:00 2001 From: wrongecho <32306651+wrongecho@users.noreply.github.com> Date: Sun, 8 Oct 2023 20:13:42 +0100 Subject: [PATCH 12/12] Update SECURITY.md Add placeholder for 1.0 --- SECURITY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SECURITY.md b/SECURITY.md index 0edc6ff6..b5f161ca 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -17,6 +17,7 @@ We attempt to follow security best practices where possible, including [automate | Version | Supported | | ------- | ------------------ | | Beta | :white_check_mark: | +| 1.0 | Yet to be released | ## Reporting a Vulnerability via GitHub Security Advisories