function archiveTicket($id) { $ticket = new Ticket($id); $tid = $ticket->getExtId(); // Delete orphan tickets. $owner = $ticket->getOwner(); if (!$owner) { $ticket->delete(); return; } $o_name = $owner->getName(); $threads = $ticket->getThreadEntries(array('M', 'R', 'N')); $out = ["id" => $tid, "department" => $ticket->getDeptName(), "subject" => $ticket->getSubject(), "opened" => $ticket->getOpenDate(), "closed" => $ticket->getCloseDate(), "owner" => (isset($o_name->name) ? $o_name->name : '') . " <" . $owner->getEmail() . ">", "thread" => []]; $date = date("Y-m-d", strtotime($out["opened"])); $path = TICKET_PATH . "/" . $date . "/"; if (!@file_exists($path)) { @mkdir($path); } // Individual messages. foreach ($threads as $th) { $out["thread"][] = ["id" => $th["id"], "staff_id" => $th["staff_id"], "thread_type" => $th["thread_type"], "poster" => $th["poster"], "title" => $th["title"], "body" => $th["body"], "created" => $th["created"], "updated" => $th["updated"], "attachments" => intval($th["attachments"])]; // Process attachments. if ($th["attachments"] != 0) { $entry = $ticket->getThreadEntry($th['id']); $attachments = $entry->getAttachments(); foreach ($attachments as $a) { $file = Attachment::lookup($a["attach_id"])->getFile(); $ext = $ext = strtolower(substr(strrchr($file->getName(), '.'), 1)); $fname = $tid . "_" . $th["id"] . "." . $ext; @file_put_contents(ATTACHMENT_PATH . "/" . $fname, $file->getData()); } } } // write the ticket to disk file_put_contents($path . $tid, json_encode($out, JSON_PRETTY_PRINT)); // delete the ticket from the db $ticket->delete(); }
/********************************************************************* attachment.php Handles attachment downloads & access validation. Peter Rotich <*****@*****.**> Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require('staff.inc.php'); require_once(INCLUDE_DIR.'class.attachment.php'); //Basic checks if(!$thisstaff || !$_GET['id'] || !$_GET['h'] || !($attachment=Attachment::lookup($_GET['id'])) || !($file=$attachment->getFile())) Http::response(404, __('Unknown or invalid file')); //Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!! $vhash=md5($attachment->getFileId().session_id().strtolower($file->getKey())); if(strcasecmp(trim($_GET['h']),$vhash) || !($ticket=$attachment->getTicket()) || !$ticket->checkStaffAccess($thisstaff)) die(__('Access Denied')); //Download the file.. $file->download(); ?>
<?php /********************************************************************* attachment.php Handles attachment downloads & access validation. Peter Rotich <*****@*****.**> Copyright (c) 2006-2012 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require 'staff.inc.php'; require_once INCLUDE_DIR . 'class.attachment.php'; //Basic checks if (!$thisstaff || !$_GET['id'] || !$_GET['h'] || !($attachment = Attachment::lookup($_GET['id'])) || !($file = $attachment->getFile())) { die('Unknown attachment!'); } //Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!! $vhash = md5($attachment->getFileId() . session_id() . $file->getHash()); if (strcasecmp(trim($_GET['h']), $vhash) || !($ticket = $attachment->getTicket()) || !$ticket->checkStaffAccess($thisstaff)) { die('Access Denied'); } //Download the file.. $file->download();