// get job post form $app->get('/:job_id(/)', 'isBanned', function ($job_id) use($app) { global $lang; $token = token(); $seo_title = $lang->t('apply|seo_title') . ' | ' . APP_NAME; $seo_desc = $lang->t('apply|seo_desc') . ' | ' . APP_NAME; $seo_url = BASE_URL . 'apply/new'; $job = new Applications($job_id); $title = $job->getJobTitle(); $app->render(THEME_PATH . 'apply.new.php', array('lang' => $lang, 'seo_url' => $seo_url, 'seo_title' => $seo_title, 'seo_desc' => $seo_desc, 'token' => $token, 'job_id' => $job_id, 'job_title' => $title, 'filestyle' => ACTIVE)); }); // submit job application $app->post('/submit', 'isValidReferrer', 'isBanned', function () use($app) { global $lang; $data = $app->request->post(); if (Banlist::isBanned('email', $data['email']) || Banlist::isBanned('ip', $_SERVER['REMOTE_ADDR'])) { $app->flash('danger', $lang->t('apply|email_ip_banned')); $app->redirect(BASE_URL . "apply/{$data['job_id']}"); } $data = escape($data); if ($data['trap'] != '') { $app->redirect(BASE_URL . "apply/{$data['job_id']}"); } if (isset($_FILES['attachment']) && $_FILES['attachment']['name'] != '') { $file = $_FILES['attachment']; $path = ATTACHMENT_PATH; $attachment = time() . '_' . $file['name']; $data['attachment_type'] = $file['type']; $data['attachment_size'] = $file['size']; if (move_uploaded_file($file['tmp_name'], "{$path}{$attachment}")) { $data['attachment'] = $attachment;
} elseif (Banlist::add($ticket->getEmail(), $thisuser->getName())) { $msg = sprintf(_('Email (%s) added to banlist'), $ticket->getEmail()); if ($ticket->isOpen() && $ticket->close()) { $msg .= ' ' . _('& ticket status set to closed'); $ticket->logActivity(_('Ticket Closed'), $msg); $page = $ticket = null; //Going back to main listing. } } else { $errors['err'] = _('Unable to add the email to banlist'); } break; case 'unbanemail': if (!$thisuser->isadmin() && !$thisuser->canManageBanList()) { $errors['err'] = _('Perm. Denied. You are not allowed to remove emails from banlist.'); } elseif (Banlist::remove($ticket->getEmail())) { $msg = _('Email removed from banlist'); } else { $errors['err'] = _('Unable to remove the email from banlist. Try again.'); } break; case 'delete': // Dude what are you trying to hide? bad customer support?? if (!$thisuser->isadmin() && !$thisuser->canDeleteTickets()) { $errors['err'] = _('Perm. Denied. You are not allowed to DELETE tickets!!'); } else { if ($ticket->delete()) { $page = 'tickets.inc.php'; //ticket is gone...go back to the listing. $msg = _('Ticket Deleted Forever'); $ticket = null;
List of banned email addresses Peter Rotich <*****@*****.**> Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require 'admin.inc.php'; include_once INCLUDE_DIR . 'class.banlist.php'; /* Get the system ban list filter */ if (!($filter = Banlist::getFilter())) { $warn = 'System ban list is empty.'; } elseif (!$filter->isActive()) { $warn = 'SYSTEM BAN LIST filter is <b>DISABLED</b> - <a href="filters.php">enable here</a>.'; } $rule = null; //ban rule obj. if ($filter && $_REQUEST['id'] && !($rule = $filter->getRule($_REQUEST['id']))) { $errors['err'] = 'Unknown or invalid ban list ID #'; } if ($_POST && !$errors && $filter) { switch (strtolower($_POST['do'])) { case 'update': if (!$rule) { $errors['err'] = 'Unknown or invalid ban rule.'; } elseif (!$_POST['val'] || !Validator::is_email($_POST['val'])) {
protected function filterTicketData($origin, $vars, $forms, $user = false) { global $cfg; // Unset all the filter data field data in case things change // during recursive calls foreach ($vars as $k => $v) { if (strpos($k, 'field.') === 0) { unset($vars[$k]); } } foreach ($forms as $F) { if ($F) { $vars += $F->getFilterData(); } } if (!$user) { $interesting = array('name', 'email'); $user_form = UserForm::getUserForm()->getForm($vars); // Add all the user-entered info for filtering foreach ($interesting as $F) { $field = $user_form->getField($F); $vars[$F] = $field->toString($field->getClean()); } // Attempt to lookup the user and associated data $user = User::lookupByEmail($vars['email']); } // Add in user and organization data for filtering if ($user) { $vars += $user->getFilterData(); $vars['email'] = $user->getEmail(); $vars['name'] = $user->getName()->getOriginal(); if ($org = $user->getOrganization()) { $vars += $org->getFilterData(); } } else { // Unpack all known user info from the request foreach ($user_form->getFields() as $f) { $vars['field.' . $f->get('id')] = $f->toString($f->getClean()); } // Add in organization data if one exists for this email domain list($mailbox, $domain) = explode('@', $vars['email'], 2); if ($org = Organization::forDomain($domain)) { $vars += $org->getFilterData(); } } try { // Make sure the email address is not banned if (TicketFilter::isBanned($vars['email'])) { throw new RejectedException(Banlist::getFilter(), $vars); } // Init ticket filters... $ticket_filter = new TicketFilter($origin, $vars); $ticket_filter->apply($vars); } catch (FilterDataChanged $ex) { // Don't pass user recursively, assume the user has changed return self::filterTicketData($origin, $ex->getData(), $forms); } return $vars; }
$app->group('/ban', function () use($app) { $app->post('/', 'isValidReferrer', 'validateUser', function () use($app) { $ban = new Banlist(); $data = $app->request->post(); $ban->addToList($data['type'], $data['value']); $app->flash('success', "{$data['value']} has been added to the ban list."); $app->redirect(ADMIN_URL . 'ban'); }); $app->get('/delete/:id', 'validateUser', function ($id) use($app) { $ban = new Banlist(); $value = $ban->deleteFromList($id); $app->flash('success', "{$value} has been removed from the ban list."); $app->redirect(ADMIN_URL . 'ban'); }); $app->get('(/(:page))', 'validateUser', function ($page = 1) use($app) { $ban = new Banlist(); $start = getPaginationStart($page); $count = $ban->countBanList(); $number_of_pages = ceil($count / LIMIT); $list = $ban->showBanList($start, LIMIT); $app->render(ADMIN_THEME . 'banlist.php', array('list' => $list, 'number_of_pages' => $number_of_pages, 'current_page' => $page, 'page_name' => 'banlist')); }); }); /* * Applications group * Admin job applications routes */ $app->group('/applications', function () use($app) { // show all job applications $app->get('(/(:page))', 'validateUser', function ($page = 1) use($app) { $a = new Applications();
/** * Remove the specified resource from storage. * @param type int $id * @param type Banlist $ban * @return type Response */ public function destroy($id, Banlist $ban) { try { $bans = $ban->whereId($id)->first(); /* Success and Falure condition */ if ($bans->delete() == true) { return redirect('banlist')->with('success', 'Banned Email Deleted sucessfully'); } else { return redirect('banlist')->with('fails', 'Banned Email can not Delete'); } } catch (Exception $e) { return redirect('banlist')->with('fails', 'Banned Email can not Delete'); } }