<?php $threadContent = ""; if(isset($_REQUEST['thread_id'])&&is_numeric($_REQUEST['thread_id'])) { $thread = ThreadEntry::lookup($_REQUEST['thread_id']); $threadContent = $thread->getMessage(); } ?> <form method="POST" action="/scp/modifyThread.php"> <?php csrf_token(); ?> <input type="hidden" name="ticket_id" value="<?php echo $_REQUEST['ticket_id'];?>"> <input type="hidden" name="thread_id" value="<?php echo $_REQUEST['thread_id'];?>"> <label><b>Original Content:</b></label><br><hr> <?php echo $threadContent; ?><br><hr> <label><b>Input the new content:</b></label> <textarea name="thread_content" style="width:100%;height:150px;"></textarea> <div id="reply_form_attachments" class="attachments"> <?php print $response_form->getField('attachments')->render(); ?> <input type='submit' value="Save"> </form>
/** * Find a thread entry from a message-id created from the * ::asMessageId() method */ function lookupByRefMessageId($mid, $from) { $mid = trim($mid, '<>'); list($ver, $ids, $mails) = explode('$', $mid, 3); // Current version is <null> if ($ver !== '') { return false; } $ids = @unpack('Vthread', base64_decode($ids)); if (!$ids || !$ids['thread']) { return false; } $thread = ThreadEntry::lookup($ids['thread']); if (!$thread) { return false; } if (0 === strcasecmp($thread->asMessageId($from, $ver), $mid)) { return $thread; } }
function postReply($vars, &$errors, $alert = true, $claim = true) { global $thisstaff, $cfg; if (!$vars['poster'] && $thisstaff) { $vars['poster'] = $thisstaff; } if (!$vars['staffId'] && $thisstaff) { $vars['staffId'] = $thisstaff->getId(); } if (!$vars['ip_address'] && $_SERVER['REMOTE_ADDR']) { $vars['ip_address'] = $_SERVER['REMOTE_ADDR']; } $attachments = array(); $response = null; if ($vars['emailreply'] == 2 || $vars['emailreply'] == 1) { $responseBody = null; $finalBody = null; $threadIdList = array(); if (isset($vars['thread_list'])) { $threadIdList = explode(",", $vars['thread_list']); } // $this->logErrors($vars['thread_list']); // $this->logErrors(json_encode($threadIdList)); // if(!($clientThreadEntries = $this->getClientThread())) // return null; // foreach ($clientThreadEntries as $clientThreadEntry) { // if(!($response = ThreadEntry::lookup($clientThreadEntry['id']))) // return null; if ($response = $this->getThread()->addResponse($vars, $errors)) { // $responseBody = $responseBody ."<br>--------------Reply from ".$response->getPoster()."--------------<br>"; $responseBody = $responseBody . $response->ht['body']; if (isset($thisstaff) && $thisstaff->getSignature() && $vars['emailreply'] == 2 && sizeof($threadIdList) > 1) { $responseBody = $responseBody . $thisstaff->getSignature(); } // if($vars['emailreply']==1) $finalThreadBody = $response->ht['body']; $attachments = array_merge($attachments, $response->getAttachments()); } foreach ($threadIdList as $threadId) { if ($threadId != "") { $response = ThreadEntry::lookup(intval($threadId)); // return null; if ($response->getType() == 'M') { $responseBody = $responseBody . "<br>--------------Message from " . $response->getPoster() . "--------------<br>"; if ($response->getUserId() != 0) { if ($user = $response->getUser()) { $responseBody = $responseBody . "<b>Name:</b> " . $user->getFullName() . "<br>"; $responseBody = $responseBody . "<b>Email:</b> " . $user->getEmail() . "<br>"; if ($user->getPhoneNumber() != "") { $responseBody = $responseBody . "<b>Phone number:</b> " . $user->getPhoneNumber() . "<br>"; } } } } else { $responseBody = $responseBody . "<br>--------------Reply from " . $response->getPoster() . "--------------<br>"; if ($response->getStaffId() != 0) { if ($currentThreadStaff = $response->getStaff()) { $responseBody = $responseBody . "<b>Name:</b> " . $currentThreadStaff->getName() . "<br>"; $responseBody = $responseBody . "<b>Email:</b> " . $currentThreadStaff->getEmail() . "<br>"; // if($currentThreadStaff->getPhoneNumber() != "") // $responseBody = $responseBody ."<b>Phone number:</b> ".$currentThreadStaff->getPhoneNumber()."<br>"; } } } $responseBody = $responseBody . $response->ht['body']; $responseBody = $responseBody . "<br><br>"; $finalThreadBody = $response->ht['body']; $attachments = array_merge($attachments, $response->getAttachments()); } } $response->setBody(ThreadBody::fromFormattedText($responseBody, $response->ht['format'])); $response->reload(); if (!$this->postReplyFromThread($vars, $errors, $alert = true, $claim = true, $response, $attachments)) { return null; } $response->setBody(ThreadBody::fromFormattedText($finalThreadBody, $response->ht['format'])); $response->reload(); } else { if (!($response = $this->getThread()->addResponse($vars, $errors))) { return null; } if (!$this->postReplyFromThread($vars, $errors, $alert = true, $claim = true, $response, $attachments)) { return null; } } return $response; }
/** * Parameters: * mailinfo (hash<String>) email header information. Must include keys * - "mid" => Message-Id header of incoming mail * - "in-reply-to" => Message-Id the email is a direct response to * - "references" => List of Message-Id's the email is in response * - "subject" => Find external ticket number in the subject line * * seen (by-ref:bool) a flag that will be set if the message-id was * positively found, indicating that the message-id has been * previously seen. This is useful if no thread-id is associated * with the email (if it was rejected for instance). */ function lookupByEmailHeaders($mailinfo, &$seen = false) { // Search for messages using the References header, then the // in-reply-to header $search = 'SELECT message_id, email_mid FROM ' . TICKET_EMAIL_INFO_TABLE . ' WHERE email_mid=%s ORDER BY message_id DESC'; if (list($id, $mid) = db_fetch_row(db_query(sprintf($search, db_input($mailinfo['mid']))))) { $seen = true; return ThreadEntry::lookup($id); } foreach (array('mid', 'in-reply-to', 'references') as $header) { $matches = array(); if (!isset($mailinfo[$header]) || !$mailinfo[$header]) { continue; } elseif (!preg_match_all('/<[^>@]+@[^>]+>/', $mailinfo[$header], $matches)) { continue; } // The References header will have the most recent message-id // (parent) on the far right. // @see rfc 1036, section 2.2.5 // @see http://www.jwz.org/doc/threading.html foreach (array_reverse($matches[0]) as $mid) { $res = db_query(sprintf($search, db_input($mid))); while (list($id) = db_fetch_row($res)) { if ($t = ThreadEntry::lookup($id)) { return $t; } } } } // Search for ticket by the [#123456] in the subject line // This is the last resort - emails must match to avoid message // injection by third-party. $subject = $mailinfo['subject']; $match = array(); if ($subject && $mailinfo['email'] && preg_match("/#(?:[\\p{L}-]+)?([0-9]{1,10})/u", $subject, $match) && ($tid = Ticket::getIdByExtId((int) $match[1], $mailinfo['email']))) { // Return last message for the thread return Message::lastByTicketId($tid); } return null; }
<?php require('staff.inc.php'); require_once(INCLUDE_DIR.'class.attachment.php'); require_once(INCLUDE_DIR.'class.thread.php'); error_reporting(~0); ini_set('display_errors', 1); echo "1111"; if(!isset($_REQUEST['thread_id'])) { echo ("Thread ID not provided"); } elseif(is_numeric($_REQUEST['thread_id'])&&($thread = ThreadEntry::lookup($_REQUEST['thread_id']))) { foreach ($_REQUEST['attach:response'] as $fileID) { $thread->saveAttachment($fileID); } header("Location: /scp/tickets.php?id=".$_REQUEST['ticket_id']); } if($_REQUEST['thread_content']!=null&&$_REQUEST['thread_content']!=""&&$thread->setBody(nl2br($_REQUEST['thread_content']))) { $thread->reload(); header("Location: /scp/tickets.php?id=".$_REQUEST['ticket_id']); } ?>