diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 1a0c65f3ceb..bec69a7a6e4 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -62,7 +62,7 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { dol_print_error($db); } } elseif ($action == 'updateform') { - $res1 = 1; $res2 = 1; $res3 = 1; + $res1 = 1; $res2 = 1; $res3 = 1; $res4 = 1; if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) { $res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity); } @@ -72,7 +72,10 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) { $res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity); } - if ($res1 && $res2 && $res3) { + if (GETPOSTISSET('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS')) { + $res4 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", GETPOST("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 'alphanohtml'), 'int', 0, '', $conf->entity); + } + if ($res1 && $res2 && $res3 && $res4) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } } @@ -186,6 +189,14 @@ print ''; +print ''.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").''; +print ''; +print ''; +print ' '.strtolower($langs->trans("Posts")); +print ''; +print ''; + /* if (empty($conf->global->MAIN_APPLICATION_TITLE)) { $conf->global->MAIN_APPLICATION_TITLE = ""; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index f26c50314d3..02b9ebc839a 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2307,7 +2307,10 @@ MAIN_MAIL_SMTPS_AUTH_TYPE=Authentification method UsePassword=Use a password UseOauth=Use a OAUTH token Images=Images +Posts=Posts MaxNumberOfImagesInGetPost=Max number of images allowed in a HTML field submitted in a form +MaxNumberOfPostOnPublicPagesByIP=Max number of posts on public pages with an IP Address +CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: ScriptIsEmpty=The script is empty ShowHideTheNRequests=Show/hide the %s SQL request(s) DefinedAPathForAntivirusCommandIntoSetup=Define a path for an antivirus program into %s diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index f459a36f909..fa18f855170 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -232,10 +232,35 @@ if (empty($reshook)) { } if (!$error) { - $object->db->begin(); + $object->type_code = GETPOST("type_code", 'aZ09'); + $object->category_code = GETPOST("category_code", 'aZ09'); + $object->severity_code = GETPOST("severity_code", 'aZ09'); + $object->ip = getUserRemoteIP(); + + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + + // Calculate nb of post for IP + $nb_post_ip = 0; + if ($nb_post_max > 0) { // Calculate only if there is a limit to check + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } + } + } $object->track_id = generate_random_id(16); + $object->db->begin(); + $object->subject = GETPOST("subject", "restricthtml"); $object->message = GETPOST("message", "restricthtml"); $object->origin_email = $origin_email; @@ -301,114 +326,81 @@ if (empty($reshook)) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - $id = $object->create($user); - if ($id <= 0) { + if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) { $error++; - $errors = ($object->error ? array($object->error) : $object->errors); - array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); + array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); $action = 'create_ticket'; } + if (!$error) { + $id = $object->create($user); + if ($id <= 0) { + $error++; + $errors = ($object->error ? array($object->error) : $object->errors); + array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $action = 'create_ticket'; + } + } + if (!$error && $id > 0) { if ($usertoassign > 0) { $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); } - } - if (!$error) { - $object->db->commit(); - $action = "infos_success"; - } else { - $object->db->rollback(); - setEventMessages($object->error, $object->errors, 'errors'); - $action = 'create_ticket'; - } + if (!$error) { + $object->db->commit(); + $action = "infos_success"; + } else { + $object->db->rollback(); + setEventMessages($object->error, $object->errors, 'errors'); + $action = 'create_ticket'; + } - if (!$error) { - $res = $object->fetch($id); - if ($res) { - // Create form object - include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $formmail = new FormMail($db); + if (!$error) { + $res = $object->fetch($id); + if ($res) { + // Create form object + include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + $formmail = new FormMail($db); - // Init to avoid errors - $filepath = array(); - $filename = array(); - $mimetype = array(); + // Init to avoid errors + $filepath = array(); + $filename = array(); + $mimetype = array(); - $attachedfiles = $formmail->get_attached_files(); - $filepath = $attachedfiles['paths']; - $filename = $attachedfiles['names']; - $mimetype = $attachedfiles['mimes']; + $attachedfiles = $formmail->get_attached_files(); + $filepath = $attachedfiles['paths']; + $filename = $attachedfiles['names']; + $mimetype = $attachedfiles['mimes']; - // Send email to customer + // Send email to customer - $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubject', $object->ref, $object->track_id); - $message = ($conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->transnoentities('TicketNewEmailBody')).'

'; - $message .= $langs->transnoentities('TicketNewEmailBodyInfosTicket').'
'; + $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubject', $object->ref, $object->track_id); + $message = ($conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->transnoentities('TicketNewEmailBody')).'

'; + $message .= $langs->transnoentities('TicketNewEmailBodyInfosTicket').'
'; - $url_public_ticket = ($conf->global->TICKET_URL_PUBLIC_INTERFACE ? $conf->global->TICKET_URL_PUBLIC_INTERFACE.'/view.php' : dol_buildpath('/public/ticket/view.php', 2)).'?track_id='.$object->track_id; - $infos_new_ticket = $langs->transnoentities('TicketNewEmailBodyInfosTrackId', ''.$object->track_id.'').'
'; - $infos_new_ticket .= $langs->transnoentities('TicketNewEmailBodyInfosTrackUrl').'

'; + $url_public_ticket = ($conf->global->TICKET_URL_PUBLIC_INTERFACE ? $conf->global->TICKET_URL_PUBLIC_INTERFACE.'/view.php' : dol_buildpath('/public/ticket/view.php', 2)).'?track_id='.$object->track_id; + $infos_new_ticket = $langs->transnoentities('TicketNewEmailBodyInfosTrackId', ''.$object->track_id.'').'
'; + $infos_new_ticket .= $langs->transnoentities('TicketNewEmailBodyInfosTrackUrl').'

'; - $message .= $infos_new_ticket; - $message .= getDolGlobalString('TICKET_MESSAGE_MAIL_SIGNATURE', $langs->transnoentities('TicketMessageMailSignatureText', $mysoc->name)); + $message .= $infos_new_ticket; + $message .= getDolGlobalString('TICKET_MESSAGE_MAIL_SIGNATURE', $langs->transnoentities('TicketMessageMailSignatureText', $mysoc->name)); - $sendto = GETPOST('email', 'alpha'); + $sendto = GETPOST('email', 'alpha'); - $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.getDolGlobalString('TICKET_NOTIFICATION_EMAIL_FROM').'>'; - $replyto = $from; - $sendtocc = ''; - $deliveryreceipt = 0; - - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; - $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; - } - include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - $mailfile = new CMailFile($subject, $sendto, $from, $message, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); - if ($mailfile->error || !empty($mailfile->errors)) { - setEventMessages($mailfile->error, $mailfile->errors, 'errors'); - } else { - $result = $mailfile->sendfile(); - } - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; - } - - // Send email to TICKET_NOTIFICATION_EMAIL_TO - $sendto = $conf->global->TICKET_NOTIFICATION_EMAIL_TO; - if ($sendto) { - $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubjectAdmin', $object->ref, $object->track_id); - $message_admin = $langs->transnoentities('TicketNewEmailBodyAdmin', $object->track_id).'

'; - $message_admin .= ''; - - $message_admin .= '

'.$langs->trans('Message').' :
'.$object->message.'

'; - $message_admin .= '

'.$langs->trans('SeeThisTicketIntomanagementInterface').'

'; - - $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->TICKET_NOTIFICATION_EMAIL_FROM.'>'; + $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.getDolGlobalString('TICKET_NOTIFICATION_EMAIL_FROM').'>'; $replyto = $from; + $sendtocc = ''; + $deliveryreceipt = 0; if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; } include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); + $mailfile = new CMailFile($subject, $sendto, $from, $message, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); if ($mailfile->error || !empty($mailfile->errors)) { setEventMessages($mailfile->error, $mailfile->errors, 'errors'); } else { @@ -417,32 +409,74 @@ if (empty($reshook)) { if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; } + + // Send email to TICKET_NOTIFICATION_EMAIL_TO + $sendto = $conf->global->TICKET_NOTIFICATION_EMAIL_TO; + if ($sendto) { + $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubjectAdmin', $object->ref, $object->track_id); + $message_admin = $langs->transnoentities('TicketNewEmailBodyAdmin', $object->track_id).'

'; + $message_admin .= ''; + + $message_admin .= '

'.$langs->trans('Message').' :
'.$object->message.'

'; + $message_admin .= '

'.$langs->trans('SeeThisTicketIntomanagementInterface').'

'; + + $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->TICKET_NOTIFICATION_EMAIL_FROM.'>'; + $replyto = $from; + + if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { + $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; + $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; + } + include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; + $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); + if ($mailfile->error || !empty($mailfile->errors)) { + setEventMessages($mailfile->error, $mailfile->errors, 'errors'); + } else { + $result = $mailfile->sendfile(); + } + if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { + $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; + } + } } + + // Copy files into ticket directory + $destdir = $conf->ticket->dir_output.'/'.$object->ref; + if (!dol_is_dir($destdir)) { + dol_mkdir($destdir); + } + foreach ($filename as $i => $val) { + dol_move($filepath[$i], $destdir.'/'.$filename[$i], 0, 1); + $formmail->remove_attached_files($i); + } + + //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); + + // Make a redirect to avoid to have ticket submitted twice if we make back + $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); + $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); + setEventMessages($messagetoshow, null, 'warnings'); + setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); + + header("Location: index.php".(!empty($entity) && isModEnabled('multicompany')?'?entity='.$entity:'')); + exit; } - - // Copy files into ticket directory - $destdir = $conf->ticket->dir_output.'/'.$object->ref; - if (!dol_is_dir($destdir)) { - dol_mkdir($destdir); - } - foreach ($filename as $i => $val) { - dol_move($filepath[$i], $destdir.'/'.$filename[$i], 0, 1); - $formmail->remove_attached_files($i); - } - - //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); - - // Make a redirect to avoid to have ticket submitted twice if we make back - $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); - $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); - setEventMessages($messagetoshow, null, 'warnings'); - setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); - - header("Location: index.php".(!empty($entity) && isModEnabled('multicompany')?'?entity='.$entity:'')); - exit; + } else { + setEventMessages($object->error, $object->errors, 'errors'); } - } else { - setEventMessages($object->error, $object->errors, 'errors'); } } } diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 09ff042b41b..7242fdafa28 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -467,7 +467,8 @@ class Ticket extends CommonObject $sql .= "date_read,"; $sql .= "date_close,"; $sql .= "entity,"; - $sql .= "notify_tiers_at_create"; + $sql .= "notify_tiers_at_create,"; + $sql .= "ip"; $sql .= ") VALUES ("; $sql .= " ".(!isset($this->ref) ? '' : "'".$this->db->escape($this->ref)."'").","; $sql .= " ".(!isset($this->track_id) ? 'NULL' : "'".$this->db->escape($this->track_id)."'").","; @@ -492,6 +493,7 @@ class Ticket extends CommonObject $sql .= " ".(!isset($this->date_close) || dol_strlen($this->date_close) == 0 ? 'NULL' : "'".$this->db->idate($this->date_close)."'").""; $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!isset($this->notify_tiers_at_create) ? '1' : "'".$this->db->escape($this->notify_tiers_at_create)."'"); + $sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'"); $sql .= ")"; $this->db->begin();