// get job post form
$app->get('/:job_id(/)', 'isBanned', function ($job_id) use($app) {
global $lang;
$token = token();
$seo_title = $lang->t('apply|seo_title') . ' | ' . APP_NAME;
$seo_desc = $lang->t('apply|seo_desc') . ' | ' . APP_NAME;
$seo_url = BASE_URL . 'apply/new';
$job = new Applications($job_id);
$title = $job->getJobTitle();
$app->render(THEME_PATH . 'apply.new.php', array('lang' => $lang, 'seo_url' => $seo_url, 'seo_title' => $seo_title, 'seo_desc' => $seo_desc, 'token' => $token, 'job_id' => $job_id, 'job_title' => $title, 'filestyle' => ACTIVE));
});
// submit job application
$app->post('/submit', 'isValidReferrer', 'isBanned', function () use($app) {
global $lang;
$data = $app->request->post();
if (Banlist::isBanned('email', $data['email']) || Banlist::isBanned('ip', $_SERVER['REMOTE_ADDR'])) {
$app->flash('danger', $lang->t('apply|email_ip_banned'));
$app->redirect(BASE_URL . "apply/{$data['job_id']}");
}
$data = escape($data);
if ($data['trap'] != '') {
$app->redirect(BASE_URL . "apply/{$data['job_id']}");
}
if (isset($_FILES['attachment']) && $_FILES['attachment']['name'] != '') {
$file = $_FILES['attachment'];
$path = ATTACHMENT_PATH;
$attachment = time() . '_' . $file['name'];
$data['attachment_type'] = $file['type'];
$data['attachment_size'] = $file['size'];
if (move_uploaded_file($file['tmp_name'], "{$path}{$attachment}")) {
$data['attachment'] = $attachment;
} elseif (Banlist::add($ticket->getEmail(), $thisuser->getName())) {
$msg = sprintf(_('Email (%s) added to banlist'), $ticket->getEmail());
if ($ticket->isOpen() && $ticket->close()) {
$msg .= ' ' . _('& ticket status set to closed');
$ticket->logActivity(_('Ticket Closed'), $msg);
$page = $ticket = null;
//Going back to main listing.
}
} else {
$errors['err'] = _('Unable to add the email to banlist');
}
break;
case 'unbanemail':
if (!$thisuser->isadmin() && !$thisuser->canManageBanList()) {
$errors['err'] = _('Perm. Denied. You are not allowed to remove emails from banlist.');
} elseif (Banlist::remove($ticket->getEmail())) {
$msg = _('Email removed from banlist');
} else {
$errors['err'] = _('Unable to remove the email from banlist. Try again.');
}
break;
case 'delete':
// Dude what are you trying to hide? bad customer support??
if (!$thisuser->isadmin() && !$thisuser->canDeleteTickets()) {
$errors['err'] = _('Perm. Denied. You are not allowed to DELETE tickets!!');
} else {
if ($ticket->delete()) {
$page = 'tickets.inc.php';
//ticket is gone...go back to the listing.
$msg = _('Ticket Deleted Forever');
$ticket = null;
List of banned email addresses
Peter Rotich <*****@*****.**>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require 'admin.inc.php';
include_once INCLUDE_DIR . 'class.banlist.php';
/* Get the system ban list filter */
if (!($filter = Banlist::getFilter())) {
$warn = 'System ban list is empty.';
} elseif (!$filter->isActive()) {
$warn = 'SYSTEM BAN LIST filter is <b>DISABLED</b> - <a href="filters.php">enable here</a>.';
}
$rule = null;
//ban rule obj.
if ($filter && $_REQUEST['id'] && !($rule = $filter->getRule($_REQUEST['id']))) {
$errors['err'] = 'Unknown or invalid ban list ID #';
}
if ($_POST && !$errors && $filter) {
switch (strtolower($_POST['do'])) {
case 'update':
if (!$rule) {
$errors['err'] = 'Unknown or invalid ban rule.';
} elseif (!$_POST['val'] || !Validator::is_email($_POST['val'])) {
protected function filterTicketData($origin, $vars, $forms, $user = false)
{
global $cfg;
// Unset all the filter data field data in case things change
// during recursive calls
foreach ($vars as $k => $v) {
if (strpos($k, 'field.') === 0) {
unset($vars[$k]);
}
}
foreach ($forms as $F) {
if ($F) {
$vars += $F->getFilterData();
}
}
if (!$user) {
$interesting = array('name', 'email');
$user_form = UserForm::getUserForm()->getForm($vars);
// Add all the user-entered info for filtering
foreach ($interesting as $F) {
$field = $user_form->getField($F);
$vars[$F] = $field->toString($field->getClean());
}
// Attempt to lookup the user and associated data
$user = User::lookupByEmail($vars['email']);
}
// Add in user and organization data for filtering
if ($user) {
$vars += $user->getFilterData();
$vars['email'] = $user->getEmail();
$vars['name'] = $user->getName()->getOriginal();
if ($org = $user->getOrganization()) {
$vars += $org->getFilterData();
}
} else {
// Unpack all known user info from the request
foreach ($user_form->getFields() as $f) {
$vars['field.' . $f->get('id')] = $f->toString($f->getClean());
}
// Add in organization data if one exists for this email domain
list($mailbox, $domain) = explode('@', $vars['email'], 2);
if ($org = Organization::forDomain($domain)) {
$vars += $org->getFilterData();
}
}
try {
// Make sure the email address is not banned
if (TicketFilter::isBanned($vars['email'])) {
throw new RejectedException(Banlist::getFilter(), $vars);
}
// Init ticket filters...
$ticket_filter = new TicketFilter($origin, $vars);
$ticket_filter->apply($vars);
} catch (FilterDataChanged $ex) {
// Don't pass user recursively, assume the user has changed
return self::filterTicketData($origin, $ex->getData(), $forms);
}
return $vars;
}
$app->group('/ban', function () use($app) {
$app->post('/', 'isValidReferrer', 'validateUser', function () use($app) {
$ban = new Banlist();
$data = $app->request->post();
$ban->addToList($data['type'], $data['value']);
$app->flash('success', "{$data['value']} has been added to the ban list.");
$app->redirect(ADMIN_URL . 'ban');
});
$app->get('/delete/:id', 'validateUser', function ($id) use($app) {
$ban = new Banlist();
$value = $ban->deleteFromList($id);
$app->flash('success', "{$value} has been removed from the ban list.");
$app->redirect(ADMIN_URL . 'ban');
});
$app->get('(/(:page))', 'validateUser', function ($page = 1) use($app) {
$ban = new Banlist();
$start = getPaginationStart($page);
$count = $ban->countBanList();
$number_of_pages = ceil($count / LIMIT);
$list = $ban->showBanList($start, LIMIT);
$app->render(ADMIN_THEME . 'banlist.php', array('list' => $list, 'number_of_pages' => $number_of_pages, 'current_page' => $page, 'page_name' => 'banlist'));
});
});
/*
* Applications group
* Admin job applications routes
*/
$app->group('/applications', function () use($app) {
// show all job applications
$app->get('(/(:page))', 'validateUser', function ($page = 1) use($app) {
$a = new Applications();
/**
* Remove the specified resource from storage.
* @param type int $id
* @param type Banlist $ban
* @return type Response
*/
public function destroy($id, Banlist $ban)
{
try {
$bans = $ban->whereId($id)->first();
/* Success and Falure condition */
if ($bans->delete() == true) {
return redirect('banlist')->with('success', 'Banned Email Deleted sucessfully');
} else {
return redirect('banlist')->with('fails', 'Banned Email can not Delete');
}
} catch (Exception $e) {
return redirect('banlist')->with('fails', 'Banned Email can not Delete');
}
}
