HESK 2.8.4 update

mike-koch · Aug 19, 2019 · a22be0f · a22be0f
1 parent 1dcb43c
commit a22be0f
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 13 deletions.
diff --git a/admin/delete_tickets.php b/admin/delete_tickets.php
@@ -439,6 +439,8 @@
                 color : black;
                 font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
                 font-size : <?php echo $hesk_settings['print_font_size']; ?>px;
+                word-wrap: break-word;
+                word-break: break-word;
             }
             table {
             	border-collapse:collapse;

diff --git a/admin/edit_post.php b/admin/edit_post.php
@@ -286,9 +286,9 @@
         $custom_SQL = rtrim($custom_SQL, ',');
 
         hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET
-		`name`='" . hesk_dbEscape($tmpvar['name']) . "',
-		`email`='" . hesk_dbEscape($tmpvar['email']) . "',
-		`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
+		`name`='" . hesk_dbEscape(hesk_mb_substr($tmpvar['name'], 0, 255)) . "',
+		`email`='" . hesk_dbEscape(hesk_mb_substr($tmpvar['email'], 0, 1000)) . "',
+		`subject`='" . hesk_dbEscape(hesk_mb_substr($tmpvar['subject'], 0, 255)) . "',
 		`message`='" . hesk_dbEscape($tmpvar['message']) . "',
 		`attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."'),
 		`language`='" . hesk_dbEscape($tmpvar['language']) . "',

diff --git a/inc/email_functions.inc.php b/inc/email_functions.inc.php
@@ -532,6 +532,7 @@ function hesk_mail($to, $subject, $message, $htmlMessage, $modsForHesk_settings,
         $headers .= "Return-Path: $hesk_settings[webmaster_mail]\n";
         $headers .= "Date: " . date(DATE_RFC2822) . "\n";
         $headers .= "Message-ID: " . hesk_generateMessageID() . "\n";
+        $headers .= "MIME-Version: 1.0";
         $headers .= "Content-Type: multipart/mixed;boundary=\"" . $outerboundary . "\"";
 
         // Add attachments if necessary
@@ -572,6 +573,7 @@ function hesk_mail($to, $subject, $message, $htmlMessage, $modsForHesk_settings,
         "Subject: " . $subject,
         "Date: " . date(DATE_RFC2822),
         "Message-ID: " . hesk_generateMessageID(),
+        "MIME-Version: 1.0",
     );
     array_push($headersArray, "MIME-Version: 1.0");
     array_push($headersArray, "Content-Type: multipart/mixed;boundary=\"" . $outerboundary . "\"");

diff --git a/inc/posting_functions.inc.php b/inc/posting_functions.inc.php
@@ -103,11 +103,11 @@ function hesk_newTicket($ticket, $isVerified = true)
 	VALUES
 	(
 		'" . hesk_dbEscape($ticket['trackid']) . "',
-		'" . hesk_dbEscape($ticket['name']) . "',
-		'" . hesk_dbEscape($ticket['email']) . "',
+		'" . hesk_dbEscape(hesk_mb_substr($ticket['name'], 0, 255)) . "',
+		'" . hesk_dbEscape(hesk_mb_substr($ticket['email'], 0, 1000)) . "',
 		'" . intval($ticket['category']) . "',
 		'" . intval($ticket['priority']) . "',
-		'" . hesk_dbEscape($ticket['subject']) . "',
+		'" . hesk_dbEscape(hesk_mb_substr($ticket['subject'], 0, 255)) . "',
 		'" . hesk_dbEscape($ticket['message']) . "',
 		NOW(),
 		NOW(),

diff --git a/inc/ticket_list.inc.php b/inc/ticket_list.inc.php
@@ -73,6 +73,7 @@
         $query = 'q=' . $q;
         $query .= '&amp;what=' . $what;
         $query .= '&amp;category=' . $category;
+        $query .= '&amp;owner='.$owner_input;
         $query .= '&amp;dt=' . urlencode($date_input);
         $query .= '&amp;sort=' . $sort;
         $query .= '&amp;asc=' . $asc;
@@ -177,6 +178,7 @@
         $query = 'q=' . $q;
         $query .= '&amp;what=' . $what;
         $query .= '&amp;category=' . $category;
+        $query .= '&amp;owner='.$owner_input;
         $query .= '&amp;dt=' . urlencode($date_input);
         #$query .= '&amp;asc='.$asc;
         $query .= '&amp;limit=' . $maxresults;

diff --git a/install/install_functions.inc.php b/install/install_functions.inc.php
@@ -15,7 +15,7 @@
 if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 
 // We will be installing this HESK version:
-define('HESK_NEW_VERSION','2.8.2');
+define('HESK_NEW_VERSION','2.8.4');
 define('MODS_FOR_HESK_NEW_VERSION','2018.2.0');
 define('REQUIRE_PHP_VERSION','5.3.0');
 define('REQUIRE_MYSQL_VERSION','5.0.7');

diff --git a/submit_ticket.php b/submit_ticket.php
@@ -14,12 +14,6 @@
 define('IN_SCRIPT', 1);
 define('HESK_PATH', './');
 
-// Try to detect some simple SPAM bots
-if (!isset($_POST['hx']) || $_POST['hx'] != 3 || !isset($_POST['hy']) || $_POST['hy'] != '' || isset($_POST['phone'])) {
-    header('HTTP/1.1 403 Forbidden');
-    exit();
-}
-
 // Get all the required files and functions
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
@@ -46,6 +40,12 @@
     hesk_error($hesklang['maxpost']);
 }
 
+// Try to detect some simple SPAM bots
+if (!isset($_POST['hx']) || $_POST['hx'] != 3 || !isset($_POST['hy']) || $_POST['hy'] != '' || isset($_POST['phone'])) {
+    header('HTTP/1.1 403 Forbidden');
+    exit();
+}
+
 // Block obvious spammers trying to inject email headers
 if (preg_match("/\n|\r|\t|%0A|%0D|%08|%09/", hesk_POST('name') . hesk_POST('subject'))) {
     header('HTTP/1.1 403 Forbidden');