Example #1
0
             }
         }
     }
     if (!$replymessage) {
         $errormessage .= "<li>" . $_LANG['supportticketserrornomessage'];
     }
     if ($_FILES['attachments']) {
         foreach ($_FILES['attachments']['name'] as $num => $filename) {
             $filename = trim($filename);
             if ($filename) {
                 $filenameparts = explode(".", $filename);
                 $extension = end($filenameparts);
                 $filename = implode(array_slice($filenameparts, 0, 0 - 1));
                 $filename = preg_replace("/[^a-zA-Z0-9-_ ]/", "", $filename);
                 $filename .= "." . $extension;
                 $validextension = checkTicketAttachmentExtension($filename);
                 if (!$validextension) {
                     $errormessage .= "<li>" . $_LANG['supportticketsfilenotallowed'];
                     continue;
                 }
                 continue;
             }
         }
     }
     if (!$errormessage) {
         $attachments = uploadTicketAttachments();
         $from = array("name" => $replyname, "email" => $replyemail);
         AddReply($id, $_SESSION['uid'], $_SESSION['cid'], $replymessage, "", $attachments, $from);
         redir("tid=" . $tid . "&c=" . $c);
     }
 }
Example #2
0
function uploadTicketAttachments($admin = false)
{
    global $attachments_dir;
    $attachments = "";
    if ($_FILES['attachments']) {
        foreach ($_FILES['attachments']['name'] as $num => $filename) {
            if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) {
                continue;
            }
            if (!isFileNameSafe($_FILES['attachments']['name'][$num])) {
                exit("Invalid upload filename.  Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters.");
            }
            $filename = trim($filename);
            if ($filename) {
                $filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $filename);
                $validextension = checkTicketAttachmentExtension($filename);
                if ($validextension || $admin) {
                    mt_srand(time());
                    $rand = mt_rand(100000, 999999);
                    $newfilename = $rand . "_" . $filename;
                    while (file_exists($attachments_dir . $newfilename)) {
                        mt_srand(time());
                        $rand = mt_rand(100000, 999999);
                        $newfilename = $rand . "_" . $filename;
                    }
                    move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $attachments_dir . $newfilename);
                    $attachments .= $newfilename . "|";
                    continue;
                }
                continue;
            }
        }
        $attachments = substr($attachments, 0, 0 - 1);
    }
    return $attachments;
}
Example #3
0
$_emailoutput["headers"] = $structure->headers;
interpret_structure($structure);
if ($_emailoutput["body"]["text/plain"]) {
    $body = $_emailoutput["body"]["text/plain"];
} else {
    if ($_emailoutput["body"]["text/html"]) {
        $body = strip_tags($_emailoutput["body"]["text/html"]);
    } else {
        $body = "No message found.";
    }
}
$attachments = "";
if (!empty($_emailoutput["attachments"])) {
    foreach ($_emailoutput["attachments"] as $attachment) {
        $filename = $attachment["filename"];
        if (checkTicketAttachmentExtension($filename)) {
            $filenameparts = explode(".", $filename);
            $extension = end($filenameparts);
            $filename = implode(array_slice($filenameparts, 0, 0 - 1));
            $filename = trim(preg_replace("/[^a-zA-Z0-9-_ ]/", "", $filename));
            if (!$filename) {
                $filename = "attachment";
            }
            mt_srand(time());
            $rand = mt_rand(100000, 999999);
            $attachmentfilename = $rand . "_" . $filename . "." . $extension;
            $attachments .= $attachmentfilename . "|";
            $fp = fopen($attachments_dir . $attachmentfilename, "w");
            fwrite($fp, $attachment["data"]);
            fclose($fp);
        } else {