function staffOnly()
{
global $thisstaff;
if (!$thisstaff || !$thisstaff->isValid()) {
Http::response(401, sprintf(__('Access Denied. IP %s'), $_SERVER['REMOTE_ADDR']));
}
}
function api_exit($code, $msg = '')
{
global $remotehost, $cfg;
if ($code != EX_SUCCESS && $cfg->alertONMailParseError()) {
//Error occured...
$_SESSION['api']['errors'] += 1;
$_SESSION['api']['time'] = time();
$alert = sprintf("Possible issues with the API\n\n Error Code: %d\nErrors: %d\nRemote IP:%s\n\n%s", $code, $_SESSION['api']['errors'], $_SERVER['REMOTE_ADDR'], $msg);
//echo 'API Error(s) '.$msg;
Misc::alertAdmin('API Error(s)', $msg);
}
if ($remotehost) {
switch ($code) {
case EX_SUCCESS:
Http::response(200, $code, 'text/plain');
break;
case EX_UNAVAILABLE:
Http::response(405, $code, 'text/plain');
break;
case EX_NOPERM:
Http::response(403, $code, 'text/plain');
break;
case EX_DATAERR:
case EX_NOINPUT:
default:
Http::response(416, $code, 'text/plain');
}
}
exit($code);
}
function cannedResp($id, $format = '')
{
global $thisstaff, $_GET;
include_once INCLUDE_DIR . 'class.canned.php';
if (!$id || !($canned = Canned::lookup($id)) || !$canned->isEnabled()) {
Http::response(404, 'No such premade reply');
}
//Load ticket.
if ($_GET['tid']) {
include_once INCLUDE_DIR . 'class.ticket.php';
$ticket = Ticket::lookup($_GET['tid']);
}
switch ($format) {
case 'json':
$resp['id'] = $canned->getId();
$resp['ticket'] = $canned->getTitle();
$resp['response'] = $ticket ? $ticket->replaceVars($canned->getResponse()) : $canned->getResponse();
$resp['files'] = $canned->getAttachments();
$response = $this->json_encode($resp);
break;
case 'txt':
default:
$response = $ticket ? $ticket->replaceVars($canned->getResponse()) : $canned->getResponse();
}
return $response;
}
function search()
{
$limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 25;
$items = array();
$ticketid = false;
if (isset($_GET['id'])) {
$WHERE = ' WHERE ticketID LIKE \'' . db_input($_GET['id'], false) . '%\'';
$ticketid = true;
} elseif (isset($_GET['email'])) {
$WHERE = ' WHERE email LIKE \'' . db_input(strtolower($_GET['email']), false) . '%\'';
} else {
Http::response(400, "id or email argument is required");
}
$sql = 'SELECT DISTINCT ticketID,email,name FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit;
$res = db_query($sql);
if ($res && db_num_rows($res)) {
while (list($id, $email, $name) = db_fetch_row($res)) {
$info = $ticketid ? $email : $id;
$id = $ticketid ? $id : $email;
# TODO: Return 'name' from email address if 'email' argument
# specified?
$items[] = array('id' => $id, 'value' => $id, 'info' => $info, 'name' => $name);
}
}
return $this->encode(array('results' => $items));
}
function getTipsJson($namespace, $lang = false)
{
global $ost, $thisstaff;
if (!$lang) {
$lang = $thisstaff ? $thisstaff->getLanguage() : Internationalization::getDefaultLanguage();
}
$i18n = new Internationalization($lang);
$tips = $i18n->getTemplate("help/tips/{$namespace}.yaml");
if (!$tips || !($data = $tips->getData())) {
Http::response(404, 'Help content not available');
}
// Translate links to the root path of this installation
foreach ($data as $tip => &$info) {
if ($ost) {
$info = $ost->replaceTemplateVariables($info, array('config' => $ost->getConfig()));
}
if (isset($info['links'])) {
foreach ($info['links'] as &$l) {
if ($l['href'][0] == '/') {
$l['href'] = ROOT_PATH . substr($l['href'], 1);
}
}
}
}
return $this->json_encode($data);
}
function staffOnly()
{
global $thisstaff;
if (!$thisstaff || !$thisstaff->isValid()) {
Http::response(401, 'Access Denied. IP ' . $_SERVER['REMOTE_ADDR']);
}
}
function api_exit($code, $msg = '')
{
global $remotehost, $cfg;
if ($code != EX_SUCCESS) {
//Error occured...
$_SESSION['api']['errors'] += 1;
$_SESSION['api']['time'] = time();
Sys::log(LOG_WARNING, "API error - code #{$code}", $msg);
//echo "API Error:.$msg";
}
if ($remotehost) {
switch ($code) {
case EX_SUCCESS:
Http::response(200, $code, 'text/plain');
break;
case EX_UNAVAILABLE:
Http::response(405, $code, 'text/plain');
break;
case EX_NOPERM:
Http::response(403, $code, 'text/plain');
break;
case EX_DATAERR:
case EX_NOINPUT:
default:
Http::response(416, $code, 'text/plain');
}
}
exit($code);
}
function saveListItemProperties($item_id)
{
if (!($item = DynamicListItem::lookup($item_id))) {
Http::response(404, 'No such list item');
}
if (!$item->setConfiguration()) {
include STAFFINC_DIR . 'templates/list-item-properties.tmpl.php';
} else {
$item->save();
}
}
function cannedResp($id, $format = 'text')
{
global $thisstaff, $cfg;
include_once INCLUDE_DIR . 'class.canned.php';
if (!$id || !($canned = Canned::lookup($id)) || !$canned->isEnabled()) {
Http::response(404, 'No such premade reply');
}
if (!$cfg->isHtmlThreadEnabled()) {
$format .= '.plain';
}
return $canned->getFormattedResponse($format);
}
function createNote($ext_id)
{
global $thisstaff;
if (!$thisstaff) {
Http::response(403, "Login required");
} elseif (!isset($_POST['note']) || !$_POST['note']) {
Http::response(422, "Send `note` parameter");
} elseif (!($note = QuickNote::create(array('staff_id' => $thisstaff->getId(), 'body' => Format::sanitize($_POST['note']), 'created' => new SqlFunction('NOW'), 'ext_id' => $ext_id)))) {
Http::response(500, "Unable to create new note");
} elseif (!$note->save(true)) {
Http::response(500, "Unable to create new note");
}
$show_options = true;
include STAFFINC_DIR . 'templates/note.tmpl.php';
}
function search()
{
if (!isset($_REQUEST['q'])) {
Http::response(400, 'Query argument is required');
}
$limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
$users = array();
$sql = 'SELECT DISTINCT email, name ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' ' . ' ORDER BY created ' . ' LIMIT ' . $limit;
if (($res = db_query($sql)) && db_num_rows($res)) {
while (list($email, $name) = db_fetch_row($res)) {
$users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}");
}
}
return $this->json_encode($users);
}
function upgrade()
{
global $thisstaff, $ost;
if (!$thisstaff or !$thisstaff->isAdmin() or !$ost) {
Http::response(403, 'Access Denied');
}
$upgrader = new Upgrader($ost->getDBSignature(), TABLE_PREFIX, SQL_DIR);
//Just report the next action on the first call.
if (!$_SESSION['ost_upgrader'] || !$_SESSION['ost_upgrader'][$upgrader->getShash()]['progress']) {
$_SESSION['ost_upgrader'][$upgrader->getShash()]['progress'] = $upgrader->getNextAction();
Http::response(200, $upgrader->getNextAction());
exit;
}
if ($upgrader->isAborted()) {
Http::response(416, "We have a problem ... wait a sec.");
exit;
}
if ($upgrader->getNumPendingTasks() && $upgrader->doTasks()) {
//More pending tasks - doTasks returns the number of pending tasks
Http::response(200, $upgrader->getNextAction());
exit;
} elseif ($ost->isUpgradePending()) {
if ($upgrader->isUpgradable()) {
$version = $upgrader->getNextVersion();
if ($upgrader->upgrade()) {
//We're simply reporting progress here - call back will report next action'
Http::response(200, "Upgraded to {$version} ... post-upgrade checks!");
exit;
}
} else {
//Abort: Upgrade pending but NOT upgradable - invalid or wrong hash.
$upgrader->abort(sprintf('Upgrade Failed: Invalid or wrong hash [%s]', $ost->getDBSignature()));
}
} elseif (!$ost->isUpgradePending()) {
$upgrader->setState('done');
session_write_close();
Http::response(201, "We're done!");
exit;
}
if ($upgrader->isAborted() || $upgrader->getErrors()) {
Http::response(416, "We have a problem ... wait a sec.");
exit;
}
Http::response(200, $upgrader->getNextAction());
}
function getLanguageFile($lang, $key)
{
global $cfg;
$i18n = new Internationalization($lang);
switch ($key) {
case 'js':
$data = $i18n->getTemplate('js/redactor.js')->getRawData();
$data .= $i18n->getTemplate('js/jquery.ui.datepicker.js')->getRawData();
// Strings from various javascript files
$data .= $i18n->getTemplate('js/osticket-strings.js')->getRawData();
header('Content-Type: text/javascript; charset=UTF-8');
break;
default:
Http::response(404, 'No such i18n data');
}
Http::cacheable(md5($data), $cfg->lastModified());
echo $data;
}
function create($format)
{
$this->requireApiKey();
# Parse request body
$data = $this->getRequest($format);
if ($format == "xml") {
$data = $data["ticket"];
}
# Pull off some meta-data
$alert = $data['alert'] ? $data['alert'] : true;
$autorespond = $data['autorespond'] ? $data['autorespond'] : true;
$source = $data['source'] ? $data['source'] : 'API';
$attachments = $data['attachments'] ? $data['attachments'] : array();
# TODO: Handle attachment encoding (base64)
foreach ($attachments as $filename => &$info) {
if ($info["encoding"] == "base64") {
# XXX: May fail on large inputs. See
# http://us.php.net/manual/en/function.base64-decode.php#105512
if (!($info["data"] = base64_decode($info["data"], true))) {
Http::response(400, sprintf("%s: Poorly encoded base64 data", $filename));
}
}
$info['size'] = strlen($info['data']);
}
# Create the ticket with the data (attempt to anyway)
$errors = array();
$ticket = Ticket::create($data, $errors, $source, $autorespond, $alert);
# Return errors (?)
if (count($errors)) {
Http::response(400, "Unable to create new ticket: validation errors:\n" . Format::array_implode(": ", "\n", $errors));
} elseif (!$ticket) {
Http::response(500, "Unable to create new ticket: unknown error");
}
# Save attachment(s)
foreach ($attachments as &$info) {
$ticket->saveAttachment($info, $ticket->getLastMsgId(), "M");
}
# All done. Return HTTP/201 --> Created
Http::response(201, $ticket->getExtId());
}
function upgrade()
{
global $thisstaff, $ost;
if (!$thisstaff or !$thisstaff->isAdmin() or !$ost) {
Http::response(403, 'Access Denied');
}
$upgrader = new Upgrader(TABLE_PREFIX, UPGRADE_DIR . 'streams/');
if ($upgrader->isAborted()) {
Http::response(416, __("We have a problem ... wait a sec."));
exit;
}
if ($upgrader->getTask() && $upgrader->doTask()) {
//More pending tasks - doTasks returns the number of pending tasks
Http::response(200, $upgrader->getNextAction());
exit;
} elseif ($ost->isUpgradePending()) {
if ($upgrader->isUpgradable()) {
$version = $upgrader->getNextVersion();
if ($upgrader->upgrade()) {
//We're simply reporting progress here - call back will report next action'
Http::response(200, sprintf(__("Upgraded to %s ... post-upgrade checks!"), $version));
exit;
}
} else {
//Abort: Upgrade pending but NOT upgradable - invalid or wrong hash.
$upgrader->abort(sprintf(__('Upgrade Failed: Invalid or wrong hash [%s]'), $ost->getDBSignature()));
}
} elseif (!$ost->isUpgradePending()) {
$upgrader->setState('done');
session_write_close();
Http::response(201, __("We're done!"));
exit;
}
if ($upgrader->isAborted() || $upgrader->getErrors()) {
Http::response(416, __("We have a problem ... wait a sec."));
exit;
}
Http::response(200, $upgrader->getNextAction());
}
function upload($id)
{
if (!($field = DynamicFormField::lookup($id))) {
Http::response(400, 'No such field');
}
$impl = $field->getImpl();
if (!$impl instanceof FileUploadField) {
Http::response(400, 'Upload to a non file-field');
}
return JsonDataEncoder::encode(array('id' => $impl->ajaxUpload()));
}
function updateForms($user_id)
{
global $thisstaff;
if (!$thisstaff) {
Http::response(403, "Login required");
} elseif (!($user = User::lookup($user_id))) {
Http::response(404, "No such customer");
} elseif (!isset($_POST['forms'])) {
Http::response(422, "Send updated forms list");
}
// Add new forms
$forms = DynamicFormEntry::forUser($user_id);
foreach ($_POST['forms'] as $sort => $id) {
$found = false;
foreach ($forms as $e) {
if ($e->get('form_id') == $id) {
$e->set('sort', $sort);
$e->save();
$found = true;
break;
}
}
// New form added
if (!$found && ($new = DynamicForm::lookup($id))) {
$user->addForm($new, $sort);
}
}
// Deleted forms
foreach ($forms as $idx => $e) {
if (!in_array($e->get('form_id'), $_POST['forms'])) {
$e->delete();
}
}
Http::response(201, 'Successfully managed');
}
if (!$thisuser || !$thisuser->isValid()) {
Http::response(401, 'Access Denied. IP ' . $_SERVER['REMOTE_ADDR']);
exit;
}
//---------check required global vars --------//
if (!$_REQUEST['api'] || !$_REQUEST['f']) {
Http::response(416, 'Invalid params');
exit;
}
//------Do the AJAX Dance ----------------//
define('OSTAJAXINC', TRUE);
$file = 'ajax.' . Format::file_name(strtolower($_REQUEST['api'])) . '.php';
if (!file_exists(INCLUDE_DIR . $file)) {
Http::response(405, 'invalid method');
exit;
}
$class = ucfirst(strtolower($_REQUEST['api'])) . 'AjaxAPI';
$func = $_REQUEST['f'];
if (is_callable($func)) {
//if the function is callable B4 we include the source file..play with the user...
Http::response(500, 'This is secure ajax assjax ' . $_SERVER['REMOTE_ADDR']);
exit;
}
require INCLUDE_DIR . $file;
if (!is_callable(array($class, $func))) {
Http::response(416, 'invalid method/call ' . Format::htmlchars($func));
exit;
}
$response = @call_user_func(array($class, $func), $_REQUEST);
Http::response(200, $response);
exit;
function getData()
{
# XXX: This is horrible, and is subject to php's memory
# restrictions, etc. Don't use this function!
ob_start();
try {
$this->sendData(false);
} catch (IOException $ex) {
Http::response(404, 'File not found');
}
$data =& ob_get_contents();
ob_end_clean();
return $data;
}
function previewTicket($tid)
{
global $thisstaff;
if (!$thisstaff || !($ticket = Ticket::lookup($tid)) || !$ticket->checkStaffAccess($thisstaff)) {
Http::response(404, 'No such ticket');
}
$staff = $ticket->getStaff();
$lock = $ticket->getLock();
$error = $msg = $warn = null;
if ($lock && $lock->getStaffId() == $thisstaff->getId()) {
$warn .= ' <span class="Icon lockedTicket">Ticket is locked by ' . $lock->getStaffName() . '</span>';
} elseif ($ticket->isOverdue()) {
$warn .= ' <span class="Icon overdueTicket">Marked overdue!</span>';
}
ob_start();
echo sprintf('<div style="width:500px; padding: 2px 2px 0 5px;">
<h2>%s</h2><br>', Format::htmlchars($ticket->getSubject()));
if ($error) {
echo sprintf('<div id="msg_error">%s</div>', $error);
} elseif ($msg) {
echo sprintf('<div id="msg_notice">%s</div>', $msg);
} elseif ($warn) {
echo sprintf('<div id="msg_warning">%s</div>', $warn);
}
echo '<table border="0" cellspacing="" cellpadding="1" width="100%" class="ticket_info">';
$ticket_state = sprintf('<span>%s</span>', ucfirst($ticket->getStatus()));
if ($ticket->isOpen()) {
if ($ticket->isOverdue()) {
$ticket_state .= ' — <span>Overdue</span>';
} else {
$ticket_state .= sprintf(' — <span>%s</span>', $ticket->getPriority());
}
}
echo sprintf('
<tr>
<th width="100">Ticket State:</th>
<td>%s</td>
</tr>
<tr>
<th>Create Date:</th>
<td>%s</td>
</tr>', $ticket_state, Format::db_datetime($ticket->getCreateDate()));
if ($ticket->isClosed()) {
echo sprintf('
<tr>
<th>Close Date:</th>
<td>%s <span class="faded">by %s</span></td>
</tr>', Format::db_datetime($ticket->getCloseDate()), $staff ? $staff->getName() : 'staff');
} elseif ($ticket->getDueDate()) {
echo sprintf('
<tr>
<th>Due Date:</th>
<td>%s</td>
</tr>', Format::db_datetime($ticket->getDueDate()));
}
echo '</table>';
echo '<hr>
<table border="0" cellspacing="" cellpadding="1" width="100%" class="ticket_info">';
if ($ticket->isOpen()) {
echo sprintf('
<tr>
<th width="100">Assigned To:</th>
<td>%s</td>
</tr>', $ticket->isAssigned() ? implode('/', $ticket->getAssignees()) : ' <span class="faded">— Unassigned —</span>');
}
echo sprintf(' <tr>
<th width="100">Department:</th>
<td>%s</td>
</tr>
<tr>
<th>Help Topic:</th>
<td>%s</td>
</tr>
<tr>
<th>From:</th>
<td>%s <span class="faded">%s</span></td>
</tr>', Format::htmlchars($ticket->getDeptName()), Format::htmlchars($ticket->getHelpTopic()), Format::htmlchars($ticket->getName()), $ticket->getEmail());
echo '
</table>';
$options[] = array('action' => 'Thread (' . $ticket->getThreadCount() . ')', 'url' => "tickets.php?id={$tid}");
if ($ticket->getNumNotes()) {
$options[] = array('action' => 'Notes (' . $ticket->getNumNotes() . ')', 'url' => "tickets.php?id={$tid}#notes");
}
if ($ticket->isOpen()) {
$options[] = array('action' => 'Reply', 'url' => "tickets.php?id={$tid}#reply");
}
if ($thisstaff->canAssignTickets()) {
$options[] = array('action' => $ticket->isAssigned() ? 'Reassign' : 'Assign', 'url' => "tickets.php?id={$tid}#assign");
}
if ($thisstaff->canTransferTickets()) {
$options[] = array('action' => 'Transfer', 'url' => "tickets.php?id={$tid}#transfer");
}
$options[] = array('action' => 'Post Note', 'url' => "tickets.php?id={$tid}#note");
if ($thisstaff->canEditTickets()) {
$options[] = array('action' => 'Edit Ticket', 'url' => "tickets.php?id={$tid}&a=edit");
}
if ($options) {
echo '<ul class="tip_menu">';
foreach ($options as $option) {
echo sprintf('<li><a href="%s">%s</a></li>', $option['url'], $option['action']);
}
echo '</ul>';
}
echo '</div>';
$resp = ob_get_contents();
ob_end_clean();
return $resp;
}
function clientLoginPage($msg = 'Unauthorized')
{
Http::response(403, 'Must login: ' . Format::htmlchars($msg));
exit;
}
$ferror = null;
$options = array();
if (defined('DBSSLCA')) {
$options['ssl'] = array('ca' => DBSSLCA, 'cert' => DBSSLCERT, 'key' => DBSSLKEY);
}
if (!db_connect(DBHOST, DBUSER, DBPASS, $options)) {
$ferror = 'Unable to connect to the database -' . db_connect_error();
} elseif (!db_select_database(DBNAME)) {
$ferror = 'Unknown or invalid database ' . DBNAME;
} elseif (!($ost = osTicket::start()) || !($cfg = $ost->getConfig())) {
$ferror = 'Unable to load config info from DB. Get tech support.';
}
if ($ferror) {
//Fatal error
//try alerting admin using email in config file
$msg = $ferror . "\n\n" . THISPAGE;
Mailer::sendmail(ADMIN_EMAIL, 'osTicket Fatal Error', $msg, sprintf('"osTicket Alerts"<%s>', ADMIN_EMAIL));
//Display generic error to the user
Http::response(500, "<b>Fatal Error:</b> Contact system administrator.");
}
//Init
$session = $ost->getSession();
//System defaults we might want to make global//
#pagenation default - user can override it!
define('DEFAULT_PAGE_LIMIT', $cfg->getPageSize() ? $cfg->getPageSize() : 25);
#Cleanup magic quotes crap.
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$_POST = Format::strip_slashes($_POST);
$_GET = Format::strip_slashes($_GET);
$_REQUEST = Format::strip_slashes($_REQUEST);
}
if (!$thisstaff->isactive() || !$thisstaff->isGroupActive()) {
staffLoginPage('Access Denied. Contact Admin');
exit;
}
//Staff are not allowed to login in offline mode!!
if (!$ost->isSystemOnline() || $ost->isUpgradePending()) {
staffLoginPage('System Offline');
exit;
}
}
//Keep the session activity alive
$thisstaff->refreshSession();
/******* CSRF Protectin *************/
// Enforce CSRF protection for POSTS
if ($_POST && !$ost->checkCSRFToken()) {
Http::response(400, 'Valid CSRF Token Required');
exit;
}
//Add token to the header - used on ajax calls [DO NOT CHANGE THE NAME]
$ost->addExtraHeader('<meta name="csrf_token" content="' . $ost->getCSRFToken() . '" />');
/******* SET STAFF DEFAULTS **********/
//Set staff's timezone offset.
$_SESSION['TZ_OFFSET'] = $thisstaff->getTZoffset();
$_SESSION['TZ_DST'] = $thisstaff->observeDaylight();
define('PAGE_LIMIT', $thisstaff->getPageLimit() ? $thisstaff->getPageLimit() : DEFAULT_PAGE_LIMIT);
//Clear some vars. we use in all pages.
$errors = array();
$msg = $warn = $sysnotice = '';
$tabs = array();
$submenu = array();
$exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php', 'ajax.php', 'logs.php', 'upgrade.php'));
/**
* Called from the ajax handler for async uploads via web clients.
*/
function ajaxUpload($bypass = false)
{
$config = $this->getConfiguration();
$files = AttachmentFile::format($_FILES['upload'], !is_numeric($this->get('id')));
if (count($files) != 1) {
Http::response(400, 'Send one file at a time');
}
$file = array_shift($files);
$file['name'] = urldecode($file['name']);
if (!$bypass && !$this->isValidFileType($file['name'], $file['type'])) {
Http::response(415, 'File type is not allowed');
}
$config = $this->getConfiguration();
if (!$bypass && $file['size'] > $config['size']) {
Http::response(413, 'File is too large');
}
if (!($id = AttachmentFile::upload($file))) {
Http::response(500, 'Unable to store file: ' . $file['error']);
}
return $id;
}
function dispatch($url, $prev_args = null)
{
# Remove named values from the match array
$this->matches = array_flip(array_intersect(array_flip($this->matches), range(0, 31)));
if (@get_class($this->func) == "Dispatcher") {
# Trim the leading match off the $url and call the
# sub-dispatcher. This will be the case for lines in the URL
# file like
# url("^/blah", Dispatcher::include_urls("blah/urls.conf.php"))
# Also, pass arguments matched so far (if any) to the receiving
# resolve() method by merging the $prev_args into $this->matches
# (excluding $this->matches[0], which is the matched URL at this
# level)
return $this->func->resolve(substr($url, strlen($this->matches[0])), array_merge($prev_args ? $prev_args : array(), array_slice($this->matches, 1)));
} else {
# Drop the first item of the matches array (which is the whole
# matched url). Then merge in any initial arguments.
array_shift($this->matches);
# Prepend received arguments (from a parent Dispatcher). This is
# different from the static args, which are postpended
if (is_array($prev_args)) {
$args = array_merge($prev_args, $this->matches);
} else {
$args = $this->matches;
}
# Add in static args specified in the constructor
$args = array_merge($args, $this->args);
# Apply the $prefix given
list($class, $func) = $this->apply_prefix();
if ($class) {
# Create instance of the class, which is the first item,
# then call the method which is the second item
$func = array(new $class(), $func);
}
if (!is_callable($func)) {
Http::response(500, 'Dispatcher compile error. Function not callable');
}
return call_user_func_array($func, $args);
}
}
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
@chdir(dirname(__FILE__) . '/../');
require_once 'client.inc.php';
require_once INCLUDE_DIR . 'class.format.php';
require_once INCLUDE_DIR . 'class.page.php';
// Determine the requested page
// - Strip extension
$slug = Format::slugify($ost->get_path_info());
// Get the part before the first dash
$first_word = explode('-', $slug);
$first_word = $first_word[0];
$sql = 'SELECT id, name FROM ' . PAGE_TABLE . ' WHERE name LIKE ' . db_input("{$first_word}%");
$page_id = null;
$res = db_query($sql);
while (list($id, $name) = db_fetch_row($res)) {
if (Format::slugify($name) == $slug) {
$page_id = $id;
break;
}
}
if (!$page_id || !($page = Page::lookup($page_id))) {
Http::response(404, __('Page Not Found'));
}
if (!$page->isActive() || $page->getType() != 'other') {
Http::response(404, __('Page Not Found'));
}
require CLIENTINC_DIR . 'header.inc.php';
print $page->getBodyWithImages();
require CLIENTINC_DIR . 'footer.inc.php';
/*********************************************************************
attachment.php
Handles attachment downloads & access validation.
Peter Rotich <*****@*****.**>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('staff.inc.php');
require_once(INCLUDE_DIR.'class.attachment.php');
//Basic checks
if(!$thisstaff || !$_GET['id'] || !$_GET['h']
|| !($attachment=Attachment::lookup($_GET['id']))
|| !($file=$attachment->getFile()))
Http::response(404, __('Unknown or invalid file'));
//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!!
$vhash=md5($attachment->getFileId().session_id().strtolower($file->getKey()));
if(strcasecmp(trim($_GET['h']),$vhash) || !($ticket=$attachment->getTicket()) || !$ticket->checkStaffAccess($thisstaff)) die(__('Access Denied'));
//Download the file..
$file->download();
?>
function response($code, $resp)
{
Http::response($code, $resp);
exit;
}
Jared Hancock <*****@*****.**>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require_once 'staff.inc.php';
//Basic url validation + token check.
# PHP < 5.4.7 will not handle a URL like //host.tld/path correctly
if (!($url=trim($_GET['url'])))
Http::response(422, __('Invalid URL'));
$check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
Http::response(403, __('URL link not authorized'));
elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
Http::redirect($url);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
</head>
<body/>
</html>
function cannedResponse($tid, $cid, $format = 'text')
{
global $thisstaff, $cfg;
if (!($ticket = Ticket::lookup($tid)) || !$ticket->checkStaffAccess($thisstaff)) {
Http::response(404, 'Unknown ticket ID');
}
if ($cid && !is_numeric($cid)) {
if (!($response = $ticket->getThread()->getVar($cid))) {
Http::response(422, 'Unknown ticket variable');
}
// Ticket thread variables are assumed to be quotes
$response = "<br/><blockquote>{$response}</blockquote><br/>";
// Return text if html thread is not enabled
if (!$cfg->isHtmlThreadEnabled()) {
$response = Format::html2text($response, 90);
}
// XXX: assuming json format for now.
return Format::json_encode(array('response' => $response));
}
if (!$cfg->isHtmlThreadEnabled()) {
$format .= '.plain';
}
$varReplacer = function (&$var) use($ticket) {
return $ticket->replaceVars($var);
};
include_once INCLUDE_DIR . 'class.canned.php';
if (!$cid || !($canned = Canned::lookup($cid)) || !$canned->isEnabled()) {
Http::response(404, 'No such premade reply');
}
return $canned->getFormattedResponse($format, $varReplacer);
}
