Merge branch '6.2.5' into stable

wgm · Mar 1, 2013 · 11dd475 · 11dd475
2 parents 895f39c + 1c9290f
commit 11dd475
Show file tree

Hide file tree

Showing 153 changed files with 25,464 additions and 20 deletions.
diff --git a/api/Application.class.php b/api/Application.class.php
@@ -46,8 +46,8 @@
  * - Jeff Standen, Darren Sugita, Dan Hildebrandt, Scott Luther
  *	 WEBGROUP MEDIA LLC. - Developers of Cerberus Helpdesk
  */
-define("APP_BUILD", 2013021801);
+define("APP_BUILD", 2013022701);
-define("APP_VERSION", '6.2.4');
+define("APP_VERSION", '6.2.5');
 
 define("APP_MAIL_PATH", APP_STORAGE_PATH . '/mail/');
 

diff --git a/features/cerberusweb.core/api/login.classes.php b/features/cerberusweb.core/api/login.classes.php
@@ -80,7 +80,7 @@ function saveWorkerPrefs($worker) {
 
 			// If we're not an imposter, go to the login form
 			if(!$visit->isImposter()) {
-				$session->clearAll();
+				$session->clear();
 				$query = array(
 					'email' => $worker->email,
 				);

diff --git a/features/cerberusweb.core/api/uri/files.php b/features/cerberusweb.core/api/uri/files.php
@@ -31,8 +31,8 @@ function handleRequest(DevblocksHttpRequest $request) {
 
 		$stack = $request->path;				// URLS like: /files/10000/plaintext.txt
 		array_shift($stack);					// files
-		$file_guid = array_shift($stack); 		// GUID
+		$file_guid = array_shift($stack);		// GUID
-		$file_name = array_shift($stack); 		// plaintext.txt
+		$file_name = array_shift($stack);		// plaintext.txt
 
 		// Security
 		if(null == ($active_worker = CerberusApplication::getActiveWorker()))
@@ -70,9 +70,20 @@ function handleRequest(DevblocksHttpRequest $request) {
 //		header("Keep-Alive: timeout=5, max=100");
 //		header("Connection: Keep-Alive");
 		header("Content-Type: " . $file->mime_type);
-		header("Content-Length: " . $file_stats['size']);
 
-		fpassthru($fp);
+		switch(strtolower($file->mime_type)) {
+			case 'text/html':
+				$clean_html = DevblocksPlatform::purifyHTML($fp);
+				header("Content-Length: " . strlen($clean_html));
+				echo $clean_html;
+				break;
+
+			default:
+				header("Content-Length: " . $file_stats['size']);
+				fpassthru($fp);
+				break;
+		}
+
 		fclose($fp);
 
 		exit;

diff --git a/features/cerberusweb.core/api/uri/login.php b/features/cerberusweb.core/api/uri/login.php
@@ -161,7 +161,7 @@ function render() {
 				unset($_COOKIE['cerb_login_email']);
 
 				$url_writer = DevblocksPlatform::getUrlService();
-				setcookie('cerb_login_email', null, time()-3600, $url_writer->write('c=login',false,false));
+				setcookie('cerb_login_email', null, time()-3600, $url_writer->write('c=login',false,false), null, null, true);
 
 				DevblocksPlatform::redirect(new DevblocksHttpRequest(array('login')));
 				break;
@@ -262,7 +262,7 @@ function routerAction() {
 
 			if($remember_me) {
 				$url_writer = DevblocksPlatform::getUrlService();
-				setcookie('cerb_login_email', $email, time()+30*86400, $url_writer->write('c=login',false,false));
+				setcookie('cerb_login_email', $email, time()+30*86400, $url_writer->write('c=login',false,false), null, null, true);
 			}
 
 			$query = array(

diff --git a/features/cerberusweb.core/api/uri/portal.php b/features/cerberusweb.core/api/uri/portal.php
@@ -115,7 +115,10 @@ public static function getFingerprint() {
 					'GroupLoginPassport',
 					serialize(self::$_fingerprint),
 					0,
-					'/'
+					'/',
+					null,
+					null,
+					true
 				);
 			}
 		}

diff --git a/features/cerberusweb.core/templates/tickets/ajax/merge_confirm.tpl b/features/cerberusweb.core/templates/tickets/ajax/merge_confirm.tpl
@@ -25,10 +25,13 @@
 		
 		$this.dialog('option','title',"{'mail.merge'|devblocks_translate|capitalize}");
 		
-		$this.find('button.submit').click(function() {
+		$this.find('button.submit')
-			ajax.viewTicketsAction('{$view_id}','merge');
+			.click(function() {
-			genericAjaxPopupClose('merge');
+				ajax.viewTicketsAction('{$view_id}','merge');
-		});
+				genericAjaxPopupClose('merge');
+			})
+			.focus()
+			;
 		
 		$this.find('button.cancel').click(function() {
 			genericAjaxPopupClose('merge');

diff --git a/features/wgm.login.password.google_auth/api/App.php b/features/wgm.login.password.google_auth/api/App.php
@@ -77,7 +77,7 @@ function saveWorkerPrefs($worker) {
 
 			// If we're not an imposter, go to the login form
 			if(!$visit->isImposter()) {
-				$session->clearAll();
+				$session->clear();
 				$query = array(
 					'email' => $worker->email,
 					//'url' => '', // [TODO] This prefs URL

diff --git a/features/wgm.login.password.google_auth/templates/login/setup.tpl b/features/wgm.login.password.google_auth/templates/login/setup.tpl
@@ -80,7 +80,14 @@
 </form>
 
 <script type="text/javascript">
-$('#qrcode').qrcode({ width:192, height:192, text:"otpauth://totp/Cerb:{$worker->email}?secret={$seed}" });
+var options = { width:192, height:192, text:"otpauth://totp/Cerb:{$worker->email}?secret={$seed}" };
+var hasCanvasSupport = !!window.CanvasRenderingContext2D;
+
+// If no <canvas> tag, use <table> instead
+if(!hasCanvasSupport)
+	options.render = 'table';
+
+$('#qrcode').qrcode(options);
 
 $('#loginForm').find('input:text').first().focus();
 </script>
diff --git a/libs/devblocks/Devblocks.class.php b/libs/devblocks/Devblocks.class.php
@@ -493,6 +493,34 @@ function($matches) {
 		return $str;
 	}
 
+	static function purifyHTML($dirty_html) {
+		// Register HTMLPurifier
+		require_once(DEVBLOCKS_PATH . 'libs/htmlpurifier/HTMLPurifier.standalone.php');
+
+		// If we're passed a file pointer, load the literal string
+		if(is_resource($dirty_html)) {
+			$fp = $dirty_html;
+			$dirty_html = null;
+			while(!feof($fp))
+				$dirty_html .= fread($fp, 4096);
+		}
+
+		$config = HTMLPurifier_Config::createDefault();
+		$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
+
+		$dir_htmlpurifier_cache = APP_TEMP_PATH . '/cache/htmlpurifier/';
+
+		if(!is_dir($dir_htmlpurifier_cache)) {
+			mkdir($dir_htmlpurifier_cache, 0755);
+		}
+
+		$config->set('Cache.SerializerPath', $dir_htmlpurifier_cache);
+
+		$purifier = new HTMLPurifier($config);
+
+		return $purifier->purify($dirty_html);
+	}
+
 	static function parseMarkdown($text) {
 		static $parser = null;
 

diff --git a/libs/devblocks/api/services/event/event_helper.php b/libs/devblocks/api/services/event/event_helper.php
@@ -307,7 +307,7 @@ static function simulateActionSetCustomField(Model_CustomField $custom_field, $v
 					$dict->$value_key.'_'.$field_id = implode(',',$opts);
 
 					$array =& $dict->$value_key;
-					$array[$field_id] = $value;
+					$array[$field_id] = $opts;
 				}
 
 				break;
@@ -335,7 +335,7 @@ static function simulateActionSetCustomField(Model_CustomField $custom_field, $v
 					$dict->$value_key.'_'.$field_id = $worker_id;
 
 					$array =& $dict->$value_key;
-					$array[$field_id] = $value;
+					$array[$field_id] = $worker_id;
 				}
 				break;
 
@@ -400,7 +400,7 @@ static function runActionSetCustomField(Model_CustomField $custom_field, $value_
 					$dict->$value_key.'_'.$field_id = implode(',',$opts);
 
 					$array =& $dict->$value_key;
-					$array[$field_id] = $value;
+					$array[$field_id] = $opts;
 				}
 
 				break;
@@ -419,7 +419,7 @@ static function runActionSetCustomField(Model_CustomField $custom_field, $value_
 					$dict->$value_key.'_'.$field_id = $worker_id;
 
 					$array =& $dict->$value_key;
-					$array[$field_id] = $value;
+					$array[$field_id] = $worker_id;
 				}
 				break;