diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index 090e2254541..beffa8d4ea8 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -61,7 +61,7 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
dol_print_error($db);
}
} elseif ($action == 'updateform') {
- $res1 = 1; $res2 = 1; $res3 = 1;
+ $res1 = 1; $res2 = 1; $res3 = 1; $res4 = 1;
if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) {
$res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
@@ -71,7 +71,10 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) {
$res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity);
}
- if ($res1 && $res2 && $res3) {
+ if (GETPOSTISSET('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS')) {
+ $res4 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", GETPOST("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 'alphanohtml'), 'int', 0, '', $conf->entity);
+ }
+ if ($res1 && $res2 && $res3 && $res4) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
}
}
@@ -185,6 +188,14 @@ print '';
+print '| '.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").' | ';
+print ' | ';
+print '';
+print ' '.strtolower($langs->trans("Posts"));
+print ' | ';
+print '';
+
/*
if (empty($conf->global->MAIN_APPLICATION_TITLE)) {
$conf->global->MAIN_APPLICATION_TITLE = "";
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 149668e34a7..d20b8d139d9 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -2288,5 +2288,7 @@ NoName=No name
ShowAdvancedOptions= Show advanced options
HideAdvancedoptions= Hide advanced options
Images=Images
+Posts=Posts
MaxNumberOfImagesInGetPost=Max number of images allowed in GETPOST check
+MaxNumberOfPostOnPublicPagesByIP=Max number of posts on public pages with an IP Address
CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is:
diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php
index 1c302c33b2e..dbda57d348f 100644
--- a/htdocs/public/ticket/create_ticket.php
+++ b/htdocs/public/ticket/create_ticket.php
@@ -138,6 +138,7 @@ if (empty($reshook) && GETPOST('removedfile', 'alpha') && !GETPOST('save', 'alph
if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) {
$error = 0;
+ $nb_post_ip = 0;
$origin_email = GETPOST('email', 'alpha');
if (empty($origin_email)) {
$error++;
@@ -231,6 +232,21 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) {
$object->type_code = GETPOST("type_code", 'aZ09');
$object->category_code = GETPOST("category_code", 'aZ09');
$object->severity_code = GETPOST("severity_code", 'aZ09');
+ $object->ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']);
+
+ $sql = "SELECT COUNT(ref) as nb_tickets";
+ $sql .= " FROM ".MAIN_DB_PREFIX."ticket";
+ $sql .= " WHERE ip = '".$db->escape($object->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_tickets;
+ }
+ }
if (!is_object($user)) {
$user = new User($db);
@@ -289,14 +305,23 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) {
$object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later
- $id = $object->create($user);
- if ($id <= 0) {
+ if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) {
$error++;
- $errors = ($object->error ? array($object->error) : $object->errors);
- array_push($object->errors, $object->error ? array($object->error) : $object->errors);
+ $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")));
$action = 'create_ticket';
}
+ if (!$error) {
+ $id = $object->create($user);
+ if ($id <= 0) {
+ $error++;
+ $errors = ($object->error ? array($object->error) : $object->errors);
+ array_push($object->errors, $object->error ? array($object->error) : $object->errors);
+ $action = 'create_ticket';
+ }
+ }
+
if (!$error && $id > 0) {
if ($usertoassign > 0) {
$object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0);
diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php
index 82c2142d786..5c1ba2e5dde 100644
--- a/htdocs/ticket/class/ticket.class.php
+++ b/htdocs/ticket/class/ticket.class.php
@@ -459,7 +459,8 @@ class Ticket extends CommonObject
$sql .= "date_read,";
$sql .= "date_close,";
$sql .= "entity,";
- $sql .= "notify_tiers_at_create";
+ $sql .= "notify_tiers_at_create,";
+ $sql .= "ip";
$sql .= ") VALUES (";
$sql .= " ".(!isset($this->ref) ? '' : "'".$this->db->escape($this->ref)."'").",";
$sql .= " ".(!isset($this->track_id) ? 'NULL' : "'".$this->db->escape($this->track_id)."'").",";
@@ -484,6 +485,7 @@ class Ticket extends CommonObject
$sql .= " ".(!isset($this->date_close) || dol_strlen($this->date_close) == 0 ? 'NULL' : "'".$this->db->idate($this->date_close)."'")."";
$sql .= ", ".((int) $conf->entity);
$sql .= ", ".(!isset($this->notify_tiers_at_create) ? '1' : "'".$this->db->escape($this->notify_tiers_at_create)."'");
+ $sql .= ", ".(!isset($this->ip) ? 'unknown' : "'".$this->db->escape($this->ip)."'");
$sql .= ")";
$this->db->begin();