function _uploadInlineImage($draft) { if (!isset($_POST['data']) && !isset($_FILES['file'])) { Http::response(422, "File not included properly"); } # Fixup for expected multiple attachments if (isset($_FILES['file'])) { foreach ($_FILES['file'] as $k => $v) { $_FILES['image'][$k] = array($v); } unset($_FILES['file']); $file = AttachmentFile::format($_FILES['image'], true); # TODO: Detect unacceptable attachment extension # TODO: Verify content-type and check file-content to ensure image if (!($ids = $draft->attachments->upload($file))) { if ($file[0]['error']) { return Http::response(403, JsonDataEncoder::encode(array('error' => $file[0]['error']))); } else { return Http::response(500, 'Unable to attach image'); } } $id = $ids[0]; } else { $type = explode('/', $_POST['contentType']); $info = array('data' => base64_decode($_POST['data']), 'name' => Misc::randCode(10) . '.' . $type[1], 'type' => $_POST['contentType']); // TODO: Detect unacceptable filetype // TODO: Verify content-type and check file-content to ensure image $id = $draft->attachments->save($info); } if (!($f = AttachmentFile::lookup($id))) { return Http::response(500, 'Unable to attach image'); } echo JsonDataEncoder::encode(array('content_id' => 'cid:' . $f->getKey(), 'filelink' => sprintf('image.php?h=%s', $f->getDownloadHash()))); }
function _uploadInlineImage($draft) { global $cfg; if (!isset($_POST['data']) && !isset($_FILES['file'])) { Http::response(422, "File not included properly"); } # Fixup for expected multiple attachments if (isset($_FILES['file'])) { foreach ($_FILES['file'] as $k => $v) { $_FILES['image'][$k] = array($v); } unset($_FILES['file']); $file = AttachmentFile::format($_FILES['image']); # TODO: Detect unacceptable attachment extension # TODO: Verify content-type and check file-content to ensure image $type = $file[0]['type']; if (strpos($file[0]['type'], 'image/') !== 0) { return Http::response(403, JsonDataEncoder::encode(array('error' => 'File type is not allowed'))); } # TODO: Verify file size is acceptable if ($file[0]['size'] > $cfg->getMaxFileSize()) { return Http::response(403, JsonDataEncoder::encode(array('error' => 'File is too large'))); } if (!($ids = $draft->attachments->upload($file))) { if ($file[0]['error']) { return Http::response(403, JsonDataEncoder::encode(array('error' => $file[0]['error']))); } else { return Http::response(500, 'Unable to attach image'); } } $id = $ids[0]; } else { $type = explode('/', $_POST['contentType']); $info = array('data' => base64_decode($_POST['data']), 'name' => Misc::randCode(10) . '.' . $type[1], 'type' => $_POST['contentType']); // TODO: Detect unacceptable filetype // TODO: Verify content-type and check file-content to ensure image $id = $draft->attachments->save($info); } if (!($f = AttachmentFile::lookup($id))) { return Http::response(500, 'Unable to attach image'); } echo JsonDataEncoder::encode(array('content_id' => 'cid:' . $f->getKey(), 'filelink' => $f->getDownloadUrl(false, 'inline'))); }
function add($vars, &$errors) { if (!($id = self::create($vars, $errors))) { return false; } if ($faq = self::lookup($id)) { $faq->updateTopics($vars['topics']); if ($_FILES['attachments'] && ($files = AttachmentFile::format($_FILES['attachments']))) { $faq->attachments->upload($files); } // Inline images (attached to the draft) if (isset($vars['draft_id']) && $vars['draft_id']) { if ($draft = Draft::lookup($vars['draft_id'])) { $faq->attachments->upload($draft->getAttachmentIds(), true); } } $faq->reload(); } return $faq; }
// page refresh or a nice bar popup immediately with // something like "This page is out-of-date", and allow the // user to voluntarily delete their draft // // Delete drafts for all users for this canned response Draft::deleteForNamespace('canned.' . $canned->getId()); } elseif (!$errors['err']) { $errors['err'] = 'Error updating canned response. Try again!'; } break; case 'create': if ($id = Canned::create($_POST, $errors)) { $msg = 'Canned response added successfully'; $_REQUEST['a'] = null; //Upload attachments if ($_FILES['attachments'] && ($c = Canned::lookup($id)) && ($files = AttachmentFile::format($_FILES['attachments']))) { $c->attachments->upload($files); } // Attach inline attachments from the editor if (isset($_POST['draft_id']) && ($draft = Draft::lookup($_POST['draft_id']))) { $c->attachments->upload($draft->getAttachmentIds($_POST['response']), true); } // Delete this user's drafts for new canned-responses Draft::deleteForNamespace('canned', $thisstaff->getId()); } elseif (!$errors['err']) { $errors['err'] = 'Unable to add canned response. Correct error(s) below and try again.'; } break; case 'mass_process': if (!$_POST['ids'] || !is_array($_POST['ids']) || !count($_POST['ids'])) { $errors['err'] = 'You must select at least one canned response';
function updatePagesSettings($vars, &$errors) { global $ost; $f = array(); $f['landing_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['offline_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['thank-you_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); if ($_FILES['logo']) { $error = false; list($logo) = AttachmentFile::format($_FILES['logo']); if (!$logo) { } elseif ($logo['error']) { $errors['logo'] = $logo['error']; } elseif (!($id = AttachmentFile::uploadLogo($logo, $error))) { $errors['logo'] = sprintf(__('Unable to upload logo image: %s'), $error); } } $company = $ost->company; $company_form = $company->getForm(); $company_form->setSource($_POST); if (!$company_form->isValid()) { $errors += $company_form->errors(); } if (!Validator::process($f, $vars, $errors) || $errors) { return false; } $company_form->save(); if (isset($vars['delete-logo'])) { foreach ($vars['delete-logo'] as $id) { if ($vars['selected-logo'] != $id && ($f = AttachmentFile::lookup($id))) { $f->delete(); } } } return $this->updateAll(array('landing_page_id' => $vars['landing_page_id'], 'offline_page_id' => $vars['offline_page_id'], 'thank-you_page_id' => $vars['thank-you_page_id'], 'client_logo_id' => is_numeric($vars['selected-logo']) && $vars['selected-logo'] ? $vars['selected-logo'] : false, 'staff_logo_id' => is_numeric($vars['selected-logo-scp']) && $vars['selected-logo-scp'] ? $vars['selected-logo-scp'] : false)); }
$errors['err'] = 'You do not have permission to delete tickets'; } break; default: $errors['err'] = 'Unknown or unsupported action - get technical help'; } } break; case 'open': $ticket = null; if (!$thisstaff || !$thisstaff->canCreateTickets()) { $errors['err'] = 'You do not have permission to create tickets. Contact admin for such access'; } else { $vars = $_POST; if ($_FILES['attachments']) { $vars['files'] = AttachmentFile::format($_FILES['attachments']); } if ($ticket = Ticket::open($vars, $errors)) { $msg = 'Ticket created successfully'; $_REQUEST['a'] = null; if (!$ticket->checkStaffAccess($thisstaff) || $ticket->isClosed()) { $ticket = null; } } elseif (!$errors['err']) { $errors['err'] = 'Unable to create the ticket. Correct the error(s) and try again'; } } break; } } if (!$errors) {
function add($vars, &$errors) { if (!($id = self::create($vars, $errors))) { return false; } if ($faq = self::lookup($id)) { $faq->updateTopics($vars['topics']); if ($_FILES['attachments'] && ($files = AttachmentFile::format($_FILES['attachments']))) { $faq->uploadAttachments($files); } $faq->reload(); } return $faq; }
function getValue() { $data = $this->field->getSource(); $ids = array(); // Handle manual uploads (IE<10) if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_FILES[$this->name])) { foreach (AttachmentFile::format($_FILES[$this->name]) as $file) { try { $ids[] = $this->field->uploadFile($file); } catch (FileUploadError $ex) { } } return array_merge($ids, parent::getValue() ?: array()); } elseif ($data && is_array($data) && !isset($data[$this->name])) { return array(); } return parent::getValue(); }
static function open($vars, &$errors) { global $thisstaff, $cfg; if (!$thisstaff || !$thisstaff->canCreateTickets()) { return false; } if ($vars['source'] && !in_array(strtolower($vars['source']), array('email', 'phone', 'other'))) { $errors['source'] = 'Invalid source - ' . Format::htmlchars($vars['source']); } if (!$vars['uid']) { //Special validation required here if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email'] = 'Valid email required'; } if (!$vars['name']) { $errors['name'] = 'Name required'; } } if (!$thisstaff->canAssignTickets()) { unset($vars['assignId']); } if (!($ticket = Ticket::create($vars, $errors, 'staff', false))) { return false; } $vars['msgId'] = $ticket->getLastMsgId(); // post response - if any $response = null; if ($vars['response'] && $thisstaff->canPostReply()) { // unpack any uploaded files into vars. if ($_FILES['attachments']) { $vars['files'] = AttachmentFile::format($_FILES['attachments']); } $vars['response'] = $ticket->replaceVars($vars['response']); if ($response = $ticket->postReply($vars, $errors, false)) { //Only state supported is closed on response if (isset($vars['ticket_state']) && $thisstaff->canCloseTickets()) { $ticket->setState($vars['ticket_state']); } } } // Not assigned...save optional note if any if (!$vars['assignId'] && $vars['note']) { $ticket->logNote('New Ticket', $vars['note'], $thisstaff, false); } else { // Not assignment and no internal note - log activity $ticket->logActivity('New Ticket by Staff', 'Ticket created by staff -' . $thisstaff->getName()); } $ticket->reload(); if (!$cfg->notifyONNewStaffTicket() || !isset($vars['alertuser']) || !($dept = $ticket->getDept())) { return $ticket; } //No alerts. //Send Notice to user --- if requested AND enabled!! if (($tpl = $dept->getTemplate()) && ($msg = $tpl->getNewTicketNoticeMsgTemplate()) && ($email = $dept->getEmail())) { $message = (string) $ticket->getLastMessage(); if ($response) { $message .= $cfg->isHtmlThreadEnabled() ? "<br><br>" : "\n\n"; $message .= $response->getBody(); } if ($vars['signature'] == 'mine') { $signature = $thisstaff->getSignature(); } elseif ($vars['signature'] == 'dept' && $dept && $dept->isPublic()) { $signature = $dept->getSignature(); } else { $signature = ''; } $attachments = $cfg->emailAttachments() && $response ? $response->getAttachments() : array(); $msg = $ticket->replaceVars($msg->asArray(), array('message' => $message, 'signature' => $signature, 'response' => $response ? $response->getBody() : '', 'recipient' => $ticket->getOwner(), 'staff' => $thisstaff)); $references = $ticket->getLastMessage()->getEmailMessageId(); if (isset($response)) { $references = array($response->getEmailMessageId(), $references); } $options = array('references' => $references, 'thread' => $ticket->getLastMessage()); $email->send($ticket->getEmail(), $msg['subj'], $msg['body'], $attachments, $options); } return $ticket; }
function updatePagesSettings($vars, &$errors) { $f = array(); $f['landing_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['offline_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['thank-you_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); if ($_FILES['logo']) { $error = false; list($logo) = AttachmentFile::format($_FILES['logo']); if (!$logo) { } elseif ($logo['error']) { $errors['logo'] = $logo['error']; } elseif (!($id = AttachmentFile::uploadLogo($logo, $error))) { $errors['logo'] = 'Unable to upload logo image. ' . $error; } } if (!Validator::process($f, $vars, $errors) || $errors) { return false; } if (isset($vars['delete-logo'])) { foreach ($vars['delete-logo'] as $id) { if ($vars['selected-logo'] != $id && ($f = AttachmentFile::lookup($id))) { $f->delete(); } } } return $this->updateAll(array('landing_page_id' => $vars['landing_page_id'], 'offline_page_id' => $vars['offline_page_id'], 'thank-you_page_id' => $vars['thank-you_page_id'], 'client_logo_id' => is_numeric($vars['selected-logo']) && $vars['selected-logo'] ? $vars['selected-logo'] : false)); }