}
}
}
if (!$replymessage) {
$errormessage .= "<li>" . $_LANG['supportticketserrornomessage'];
}
if ($_FILES['attachments']) {
foreach ($_FILES['attachments']['name'] as $num => $filename) {
$filename = trim($filename);
if ($filename) {
$filenameparts = explode(".", $filename);
$extension = end($filenameparts);
$filename = implode(array_slice($filenameparts, 0, 0 - 1));
$filename = preg_replace("/[^a-zA-Z0-9-_ ]/", "", $filename);
$filename .= "." . $extension;
$validextension = checkTicketAttachmentExtension($filename);
if (!$validextension) {
$errormessage .= "<li>" . $_LANG['supportticketsfilenotallowed'];
continue;
}
continue;
}
}
}
if (!$errormessage) {
$attachments = uploadTicketAttachments();
$from = array("name" => $replyname, "email" => $replyemail);
AddReply($id, $_SESSION['uid'], $_SESSION['cid'], $replymessage, "", $attachments, $from);
redir("tid=" . $tid . "&c=" . $c);
}
}
function uploadTicketAttachments($admin = false)
{
global $attachments_dir;
$attachments = "";
if ($_FILES['attachments']) {
foreach ($_FILES['attachments']['name'] as $num => $filename) {
if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) {
continue;
}
if (!isFileNameSafe($_FILES['attachments']['name'][$num])) {
exit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters.");
}
$filename = trim($filename);
if ($filename) {
$filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $filename);
$validextension = checkTicketAttachmentExtension($filename);
if ($validextension || $admin) {
mt_srand(time());
$rand = mt_rand(100000, 999999);
$newfilename = $rand . "_" . $filename;
while (file_exists($attachments_dir . $newfilename)) {
mt_srand(time());
$rand = mt_rand(100000, 999999);
$newfilename = $rand . "_" . $filename;
}
move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $attachments_dir . $newfilename);
$attachments .= $newfilename . "|";
continue;
}
continue;
}
}
$attachments = substr($attachments, 0, 0 - 1);
}
return $attachments;
}
$_emailoutput["headers"] = $structure->headers;
interpret_structure($structure);
if ($_emailoutput["body"]["text/plain"]) {
$body = $_emailoutput["body"]["text/plain"];
} else {
if ($_emailoutput["body"]["text/html"]) {
$body = strip_tags($_emailoutput["body"]["text/html"]);
} else {
$body = "No message found.";
}
}
$attachments = "";
if (!empty($_emailoutput["attachments"])) {
foreach ($_emailoutput["attachments"] as $attachment) {
$filename = $attachment["filename"];
if (checkTicketAttachmentExtension($filename)) {
$filenameparts = explode(".", $filename);
$extension = end($filenameparts);
$filename = implode(array_slice($filenameparts, 0, 0 - 1));
$filename = trim(preg_replace("/[^a-zA-Z0-9-_ ]/", "", $filename));
if (!$filename) {
$filename = "attachment";
}
mt_srand(time());
$rand = mt_rand(100000, 999999);
$attachmentfilename = $rand . "_" . $filename . "." . $extension;
$attachments .= $attachmentfilename . "|";
$fp = fopen($attachments_dir . $attachmentfilename, "w");
fwrite($fp, $attachment["data"]);
fclose($fp);
} else {
