v1.11.0 updates

bugfixes Rating functionality correction Apply fixes from StyleCI Due date client panel correction
ladybirdweb · Mar 16, 2021 · 4752081 · 4752081
1 parent f572755
commit 4752081
Show file tree

Hide file tree

Showing 20 changed files with 138 additions and 38 deletions.
diff --git a/DB/demodatabase.sql b/DB/demodatabase.sql
@@ -1457,7 +1457,7 @@ CREATE TABLE `settings_system` (
 --
 
 INSERT INTO `settings_system` (`id`, `status`, `url`, `name`, `department`, `page_size`, `log_level`, `purge_log`, `api_enable`, `api_key_mandatory`, `api_key`, `name_format`, `time_farmat`, `date_format`, `date_time_format`, `day_date_time`, `time_zone`, `content`, `version`, `created_at`, `updated_at`) VALUES
-(1, 1, '', '', '1', '', '', '', 0, 0, '', '', NULL, NULL, 1, '', 32, '', '1.10.7', '2016-12-13 03:19:29', '2016-12-13 03:19:29');
+(1, 1, '', '', '1', '', '', '', 0, 0, '', '', NULL, NULL, 1, '', 32, '', '1.11.0', '2016-12-13 03:19:29', '2016-12-13 03:19:29');
 
 -- --------------------------------------------------------
 

diff --git a/DB/dummy-data.sql b/DB/dummy-data.sql
@@ -1457,7 +1457,7 @@ CREATE TABLE `settings_system` (
 --
 
 INSERT INTO `settings_system` (`id`, `status`, `url`, `name`, `department`, `page_size`, `log_level`, `purge_log`, `api_enable`, `api_key_mandatory`, `api_key`, `name_format`, `time_farmat`, `date_format`, `date_time_format`, `day_date_time`, `time_zone`, `content`, `version`, `created_at`, `updated_at`) VALUES
-(1, 1, '', '', '1', '', '', '', 0, 0, '', '', NULL, NULL, 1, '', 32, '', '1.10.7', '2016-12-13 03:19:29', '2016-12-13 03:19:29');
+(1, 1, '', '', '1', '', '', '', 0, 0, '', '', NULL, NULL, 1, '', 32, '', '1.11.0', '2016-12-13 03:19:29', '2016-12-13 03:19:29');
 
 -- --------------------------------------------------------
 

diff --git a/app/Http/Controllers/Agent/helpdesk/ReportController.php b/app/Http/Controllers/Agent/helpdesk/ReportController.php
@@ -263,6 +263,6 @@ public function helptopicPdf(Request $request)
         $html = view('themes.default1.agent.helpdesk.report.pdf', compact('table_datas', 'table_help_topic'))->render();
         $html1 = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8');
 
-        return PDF::load($html1)->show();
+        return @PDF::load($html1)->show();
     }
 }
diff --git a/app/Http/Controllers/Agent/helpdesk/TicketController.php b/app/Http/Controllers/Agent/helpdesk/TicketController.php
@@ -125,7 +125,7 @@ public function post_newticket(CreateTicketRequest $request, CountryCode $code,
             $source = Ticket_source::where('name', '=', 'agent')->first();
             $headers = null;
             $help = Help_topic::where('id', '=', $helptopic)->first();
-            $form_data = $request->except('name', 'phone', 'email', 'subject', 'body', 'helptopic', '_wysihtml5_mode', '_token', 'mobile', 'code', 'priority', 'attachment', 'first_name', 'last_name', 'sla', 'duedate', 'assignto', 'files');//added "files" in exception list because some fool has added a new editor 'summernote' to impress his boss and screwed the functional code with his genius ability. Hence to make world capable of handling this genius's work I am adding a shitty workaround for it. After looking for solution everywhere and referring to https://stackoverflow.com/questions/59938588/summernote-adds-files-field-to-post
+            $form_data = $request->except('name', 'phone', 'email', 'subject', 'body', 'helptopic', '_wysihtml5_mode', '_token', 'mobile', 'code', 'priority', 'attachment', 'first_name', 'last_name', 'sla', 'duedate', 'assignto', 'files'); //added "files" in exception list because some genius has added a new editor 'summernote' to impress his boss and screwed the functional code with his genius ability. Hence to make world capable of handling this genius's work I am adding a shitty workaround for it. After looking for solution everywhere and referring to https://stackoverflow.com/questions/59938588/summernote-adds-files-field-to-post
             $auto_response = 0;
             $status = 1;
             if ($phone != null || $mobile_number != null) {
@@ -499,9 +499,10 @@ public function ticket_print($id)
         $html = view('themes.default1.agent.helpdesk.ticket.pdf', compact('id', 'ticket', 'tickets'))->render();
         $html1 = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8');
         /**
-         * This statement throws error with php7.1
+         * This statement throws error with php7.1.
+         *
          * @see https://github.com/dompdf/dompdf/issues/1272
-         * For time bieng we are silencing the error using "@" operator in front of it 
+         * For time bieng we are silencing the error using "@" operator in front of it
          */
         return @PDF::load($html1)->show();
     }
@@ -1923,7 +1924,7 @@ public function rating($id, Request $request, \App\Model\helpdesk\Ratings\Rating
             }
             $ratID = \App\Model\helpdesk\Ratings\Rating::where('name', '=', $ratName)->first();
             $ratingrefs = $rating_ref->where('rating_id', '=', $ratID->id)->where('ticket_id', '=', $id)->first();
-            if ($ratingrefs !== null) {
+            if ($ratingrefs !== null && $ratID->allow_modification) {
                 $ratingrefs->rating_id = $ratID->id;
                 $ratingrefs->ticket_id = $id;
 
@@ -1964,7 +1965,7 @@ public function ratingReply($id, Request $request, \App\Model\helpdesk\Ratings\R
             $ratID = \App\Model\helpdesk\Ratings\Rating::where('name', '=', $ratName)->first();
             $ratingrefs = $rating_ref->where('rating_id', '=', $ratID->id)->where('thread_id', '=', $key1[1])->first();
 
-            if ($ratingrefs !== null) {
+            if ($ratingrefs !== null && $ratID->allow_modification) {
                 $ratingrefs->rating_id = $ratID->id;
                 $ratingrefs->ticket_id = $id;
 
@@ -2435,9 +2436,10 @@ public function pdfThread($threadid)
             $html = view('themes.default1.agent.helpdesk.ticket.thread-pdf', compact('thread', 'system', 'company', 'ticket'))->render();
             $html1 = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8');
             /**
-             * This statement throws error with php7.1
+             * This statement throws error with php7.1.
+             *
              * @see https://github.com/dompdf/dompdf/issues/1272
-             * For time bieng we are silencing the error using "@" operator in front of it 
+             * For time bieng we are silencing the error using "@" operator in front of it
              */
             return @PDF::load($html1)->show();
         } catch (Exception $ex) {

diff --git a/app/Http/Middleware/CheckRole.php b/app/Http/Middleware/CheckRole.php
@@ -25,6 +25,6 @@ public function handle($request, Closure $next)
             return $next($request);
         }
 
-        return redirect('guest')->with('fails', 'You are not Autherised');
+        return redirect('guest')->with('fails', 'You are not Authorised');
     }
 }
diff --git a/app/Http/Middleware/CheckRoleAgent.php b/app/Http/Middleware/CheckRoleAgent.php
@@ -25,6 +25,6 @@ public function handle($request, Closure $next)
             return $next($request);
         }
 
-        return redirect('/')->with('fails', 'You are not Autherised');
+        return redirect('/')->with('fails', 'You are not Authorised');
     }
 }
diff --git a/app/Http/Middleware/CheckRoleUser.php b/app/Http/Middleware/CheckRoleUser.php
@@ -25,6 +25,6 @@ public function handle($request, Closure $next)
             return $next($request);
         }
 
-        return redirect('guest')->with('fails', 'You are not Autherised');
+        return redirect('guest')->with('fails', 'You are not Authorised');
     }
 }
diff --git a/config/app.php b/config/app.php
@@ -33,7 +33,7 @@
       | This tells about aplication current version.
       |
      */
-    'version' => 'Community 1.10.7',
+    'version' => 'Community 1.11.0',
     /*
       |--------------------------------------------------------------------------
       | Application Name

diff --git a/public/downloads/en.zip b/public/downloads/en.zip
diff --git a/release-notes.txt b/release-notes.txt
@@ -7,6 +7,39 @@
 |_|  \__,_| \_/ \___|\___/  |_|  |_|\___|_| .__/ \__,_|\___||___/_|\_\
                                           | |                         
                                           |_|                         
+|=====================================================
+| v1.11.0 Urgent security patch and theme update
+|=====================================================
+This is an urgent patch for several security vulnerabilities found and reported by [Securized](https://github.com/securized) in the system. We highly recommend updating the system to get rid of all the security issues in your system and secure your system from vulnerabilities and attackers.
+
+Along with some urgent security updates, this release also updates the frontend framework and theme version to the latest which enhances the UI design of the system, keeping the same user experience.
+
+#### Updates
+- Updated jQuery version to v3
+- Updated Bootstrap version to v4
+- Updated AdminLTE theme to v3
+- Updated Russian translation to cover 80% of the system. Thanks, @maranqz for raising the PR and providing proper translation files.
+
+#### Bugfixes
+- Various UI bugs and issues
+- Generate PDF error
+- Laravel route middleware grouping correction
+- Storage option functionality corrections
+- Clients are not able to change ticket status
+- Report PDF generation
+- Security issues reported by @securized. More details can be found on their [gist](https://gist.github.com/securized/7c702ca002d3d72f3100bc5eb17ec0dd)
+
+**Important**: The system was not generating the unique APP_KEY in the environment which makes your system vulnerable to expose sensitive data due to a hardcoded encryption key. This can simply be fixed by generating your own Laravel APP_KEY using Laravel's artisan commands. 
+Faveo also introduced its own artisan command to alter the APP_KEY to replace your old key with the new key. The advantage of this command is it allows you to update the application's key and updates the required encrypted data in the system so you do not need to update configurations in the system manually. But we still recommend you update system configurations manually to minimize the possibility of attacks on your data. You can use this command from your Faveo root directory as below
+```
+php artisan faveo:secure-key
+```
+
+> NOTE: This security patch requires all agents and admin to login and start their session again. Also, all the old encrypted URLs will be reset and will not work any longer.
+
+Follow this [Upgrade Guide](https://github.com/ladybirdweb/faveo-helpdesk/wiki/General-Faveo-Upgrade-Guide---Manual) to update your system. This update does not require any database update. After the update, we highly recommend running the below commands to secure your Faveo system.
+`php artisan key:generate` or `php artisan faveo:secure-key`
+
 |=====================================================
 | v1.10.7 Security patch
 |=====================================================

diff --git a/resources/views/themes/default1/agent/helpdesk/organization/show.blade.php b/resources/views/themes/default1/agent/helpdesk/organization/show.blade.php
@@ -66,12 +66,6 @@ class="nav-link active"
         <div class="card card-light card-outline">
 
             <div class="card-body box-profile">
-
-                <div class="text-center">
-
-                    <img id="org_img" src="{{asset("lb-faveo/media/images/org.png")}}" alt="Org Image" class="profile-user-img img-fluid img-circle">
-                </div>
-
                 <h3 class="profile-username text-center has-tooltip" title="{{$orgs->name}}">{{str_limit($orgs->name,15)}}</h3> 
 
                 <p class="text-muted text-center">Organization</p> 

diff --git a/resources/views/themes/default1/agent/helpdesk/report/index.blade.php b/resources/views/themes/default1/agent/helpdesk/report/index.blade.php
@@ -237,6 +237,7 @@ class="active"
 <form action="{!! route('help.topic.pdf') !!}" method="POST" id="form_pdf">
     <input type="hidden" name="pdf_form" value="" id="pdf_form">
     <input type="hidden" name="pdf_form_help_topic" value="" id="pdf_form_help_topic">
+    <input type="hidden" name="_token" value="{{ csrf_token() }}" />
     <input type="submit" style="display:none;">
 </form>
 

diff --git a/resources/views/themes/default1/agent/helpdesk/report/pdf.blade.php b/resources/views/themes/default1/agent/helpdesk/report/pdf.blade.php
@@ -65,9 +65,9 @@
             <tbody>
                 <?php
 //dd($table_datas[1]);
-                $table_open = '';
-                $table_closed = '';
-                $table_reopened = '';
+                $table_open = 0;
+                $table_closed = 0;
+                $table_reopened = 0;
                 foreach ($table_datas as $table_data) {
                     echo '<tr>';
                     echo '<td>' . $table_data->date . '</td>';

diff --git a/resources/views/themes/default1/client/helpdesk/ckeckticket.blade.php b/resources/views/themes/default1/client/helpdesk/ckeckticket.blade.php
@@ -167,7 +167,7 @@
                                 $time = $tickets->created_at;
                                 $time = date_create($time);
                                 date_add($time, date_interval_create_from_date_string($SlaPlan->grace_period));
-                                echo UTC::usertimezone(date_format($time, 'd/m/Y H:i:s'));
+                                echo UTC::usertimezone(date_format($time, 'Y-m-d H:i:s'));
                                 ?>
                             </div>
                             <div class="col-md-3">
@@ -594,8 +594,9 @@ function checkFunction() {
         // Close a ticket
         $('#close').on('click', function (e) {
             $.ajax({
-                type: "GET",
+                type: "POST",
                 url: "../ticket/close/{{$tickets->id}}",
+                data:{"_token": "{{ csrf_token() }}"},
                 beforeSend: function () {
                     $("#refresh").hide();
                     $("#loader").show();
@@ -625,8 +626,9 @@ function checkFunction() {
         // Resolved  a ticket
         $('#resolved').on('click', function (e) {
             $.ajax({
-                type: "GET",
+                type: "POST",
                 url: "../ticket/resolve/{{$tickets->id}}",
+                data:{"_token": "{{ csrf_token() }}"},
                 beforeSend: function () {
                     $("#refresh").hide();
                     $("#loader").show();
@@ -655,8 +657,9 @@ function checkFunction() {
         // Open a ticket
         $('#open').on('click', function (e) {
             $.ajax({
-                type: "GET",
+                type: "POST",
                 url: "../ticket/open/{{$tickets->id}}",
+                data:{"_token": "{{ csrf_token() }}"},
                 beforeSend: function () {
                     $("#refresh").hide();
                     $("#loader").show();

diff --git a/routes/web.php b/routes/web.php
@@ -347,17 +347,13 @@
         Route::patch('/ticket/assign/{id}', ['as' => 'assign.ticket', 'uses' => 'Agent\helpdesk\TicketController@assign']); /*  Patch Ticket assigned to whom */
         Route::patch('/ticket/post/edit/{id}', ['as' => 'ticket.post.edit', 'uses' => 'Agent\helpdesk\TicketController@ticketEditPost']); /*  Patchi Ticket Edit */
         Route::get('/ticket/print/{id}', ['as' => 'ticket.print', 'uses' => 'Agent\helpdesk\TicketController@ticket_print']); /*  Get Print Ticket */
-        Route::post('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /*  Get Ticket Close */
-        Route::post('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /*  Get ticket Resolve */
-        Route::post('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /*  Get Ticket Open */
         Route::post('/ticket/delete/{id}', ['as' => 'ticket.delete', 'uses' => 'Agent\helpdesk\TicketController@delete']); /*  Get Ticket Delete */
         Route::get('/email/ban/{id}', ['as' => 'ban.email', 'uses' => 'Agent\helpdesk\TicketController@ban']); /*  Get Ban Email */
         Route::get('/ticket/surrender/{id}', ['as' => 'ticket.surrender', 'uses' => 'Agent\helpdesk\TicketController@surrender']); /*  Get Ticket Surrender */
         Route::get('/aaaa', 'Client\helpdesk\GuestController@ticket_number');
         Route::get('dashboard', ['as' => 'dashboard', 'uses' => 'Agent\helpdesk\DashboardController@index']); /* To show dashboard pages */
 
         Route::get('agen', 'Agent\helpdesk\DashboardController@ChartData');
-        Route::get('image/{id}', ['as' => 'image', 'uses' => 'Agent\helpdesk\MailController@get_data']); /* get image */
         Route::get('thread/auto/{id}', 'Agent\helpdesk\TicketController@autosearch');
         Route::get('auto', 'Agent\helpdesk\TicketController@autosearch2');
         Route::patch('search-user', 'Agent\helpdesk\TicketController@usersearch');
@@ -372,8 +368,6 @@
         Route::patch('/user-org/{id}', 'Agent\helpdesk\UserController@User_Create_Org');
         Route::patch('/head-org/{id}', 'Agent\helpdesk\OrganizationController@Head_Org');
 
-        Route::post('rating/{id}', ['as' => 'ticket.rating', 'uses' => 'Agent\helpdesk\TicketController@rating']); /* Get overall Ratings */
-        Route::post('rating2/{id}', ['as' => 'ticket.rating2', 'uses' => 'Agent\helpdesk\TicketController@ratingReply']); /* Get reply Ratings */
         // To check and lock tickets
         Route::get('check/lock/{id}', ['as' => 'lock', 'uses' => 'Agent\helpdesk\TicketController@checkLock']);
         Route::patch('/change-owner/{id}', ['as' => 'change.owner.ticket', 'uses' => 'Agent\helpdesk\TicketController@changeOwner']); /* change owner */
@@ -540,6 +534,12 @@
         Route::post('verify-client-number', ['as' => 'client-verify-number', 'uses' => 'Client\helpdesk\GuestController@resendOTP']);
 
         Route::post('verify-client-number2', ['as' => 'post-client-verify-number', 'uses' => 'Client\helpdesk\GuestController@verifyOTP']);
+        Route::post('/ticket/close/{id}', ['as' => 'ticket.close', 'uses' => 'Agent\helpdesk\TicketController@close']); /*  Get Ticket Close */
+        Route::post('/ticket/resolve/{id}', ['as' => 'ticket.resolve', 'uses' => 'Agent\helpdesk\TicketController@resolve']); /*  Get ticket Resolve */
+        Route::post('/ticket/open/{id}', ['as' => 'ticket.open', 'uses' => 'Agent\helpdesk\TicketController@open']); /*  Get Ticket Open */
+        Route::get('image/{id}', ['as' => 'image', 'uses' => 'Agent\helpdesk\MailController@get_data']); /* get image */
+        Route::post('rating/{id}', ['as' => 'ticket.rating', 'uses' => 'Agent\helpdesk\TicketController@rating']); /* Get overall Ratings */
+        Route::post('rating2/{id}', ['as' => 'ticket.rating2', 'uses' => 'Agent\helpdesk\TicketController@ratingReply']); /* Get reply Ratings */
     });
     //====================================================================================
     Route::get('checkticket', 'Client\helpdesk\ClientTicketController@getCheckTicket'); /* Check your Ticket */

diff --git a/vendor/composer/ClassLoader.php b/vendor/composer/ClassLoader.php
@@ -37,11 +37,13 @@
  *
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Jordi Boggiano <j.boggiano@seld.be>
- * @see    http://www.php-fig.org/psr/psr-0/
- * @see    http://www.php-fig.org/psr/psr-4/
+ * @see    https://www.php-fig.org/psr/psr-0/
+ * @see    https://www.php-fig.org/psr/psr-4/
  */
 class ClassLoader
 {
+    private $vendorDir;
+
     // PSR-4
     private $prefixLengthsPsr4 = array();
     private $prefixDirsPsr4 = array();
@@ -57,10 +59,17 @@ class ClassLoader
     private $missingClasses = array();
     private $apcuPrefix;
 
+    private static $registeredLoaders = array();
+
+    public function __construct($vendorDir = null)
+    {
+        $this->vendorDir = $vendorDir;
+    }
+
     public function getPrefixes()
     {
         if (!empty($this->prefixesPsr0)) {
-            return call_user_func_array('array_merge', $this->prefixesPsr0);
+            return call_user_func_array('array_merge', array_values($this->prefixesPsr0));
         }
 
         return array();
@@ -300,6 +309,17 @@ public function getApcuPrefix()
     public function register($prepend = false)
     {
         spl_autoload_register(array($this, 'loadClass'), true, $prepend);
+
+        if (null === $this->vendorDir) {
+            return;
+        }
+
+        if ($prepend) {
+            self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders;
+        } else {
+            unset(self::$registeredLoaders[$this->vendorDir]);
+            self::$registeredLoaders[$this->vendorDir] = $this;
+        }
     }
 
     /**
@@ -308,6 +328,10 @@ public function register($prepend = false)
     public function unregister()
     {
         spl_autoload_unregister(array($this, 'loadClass'));
+
+        if (null !== $this->vendorDir) {
+            unset(self::$registeredLoaders[$this->vendorDir]);
+        }
     }
 
     /**
@@ -367,6 +391,16 @@ public function findFile($class)
         return $file;
     }
 
+    /**
+     * Returns the currently registered loaders indexed by their corresponding vendor directories.
+     *
+     * @return self[]
+     */
+    public static function getRegisteredLoaders()
+    {
+        return self::$registeredLoaders;
+    }
+
     private function findFileWithExtension($class, $ext)
     {
         // PSR-4 lookup