From bcd5aacb4c6863a5e5ba6b06e7f64ca382ffd509 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 4 Aug 2022 16:53:58 +0200 Subject: [PATCH 1/8] Fix : Spam db public page --- htdocs/admin/security_other.php | 15 ++++++++++-- htdocs/langs/en_US/admin.lang | 2 ++ htdocs/public/ticket/create_ticket.php | 33 ++++++++++++++++++++++---- htdocs/ticket/class/ticket.class.php | 4 +++- 4 files changed, 47 insertions(+), 7 deletions(-) diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 090e2254541..beffa8d4ea8 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -61,7 +61,7 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { dol_print_error($db); } } elseif ($action == 'updateform') { - $res1 = 1; $res2 = 1; $res3 = 1; + $res1 = 1; $res2 = 1; $res3 = 1; $res4 = 1; if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) { $res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity); } @@ -71,7 +71,10 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) { $res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity); } - if ($res1 && $res2 && $res3) { + if (GETPOSTISSET('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS')) { + $res4 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", GETPOST("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 'alphanohtml'), 'int', 0, '', $conf->entity); + } + if ($res1 && $res2 && $res3 && $res4) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } } @@ -185,6 +188,14 @@ print ''; +print ''.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").''; +print ''; +print ''; +print ' '.strtolower($langs->trans("Posts")); +print ''; +print ''; + /* if (empty($conf->global->MAIN_APPLICATION_TITLE)) { $conf->global->MAIN_APPLICATION_TITLE = ""; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 149668e34a7..d20b8d139d9 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2288,5 +2288,7 @@ NoName=No name ShowAdvancedOptions= Show advanced options HideAdvancedoptions= Hide advanced options Images=Images +Posts=Posts MaxNumberOfImagesInGetPost=Max number of images allowed in GETPOST check +MaxNumberOfPostOnPublicPagesByIP=Max number of posts on public pages with an IP Address CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 1c302c33b2e..dbda57d348f 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -138,6 +138,7 @@ if (empty($reshook) && GETPOST('removedfile', 'alpha') && !GETPOST('save', 'alph if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $error = 0; + $nb_post_ip = 0; $origin_email = GETPOST('email', 'alpha'); if (empty($origin_email)) { $error++; @@ -231,6 +232,21 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $object->type_code = GETPOST("type_code", 'aZ09'); $object->category_code = GETPOST("category_code", 'aZ09'); $object->severity_code = GETPOST("severity_code", 'aZ09'); + $object->ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']); + + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } + } if (!is_object($user)) { $user = new User($db); @@ -289,14 +305,23 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - $id = $object->create($user); - if ($id <= 0) { + if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { $error++; - $errors = ($object->error ? array($object->error) : $object->errors); - array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); + array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); $action = 'create_ticket'; } + if (!$error) { + $id = $object->create($user); + if ($id <= 0) { + $error++; + $errors = ($object->error ? array($object->error) : $object->errors); + array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $action = 'create_ticket'; + } + } + if (!$error && $id > 0) { if ($usertoassign > 0) { $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 82c2142d786..5c1ba2e5dde 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -459,7 +459,8 @@ class Ticket extends CommonObject $sql .= "date_read,"; $sql .= "date_close,"; $sql .= "entity,"; - $sql .= "notify_tiers_at_create"; + $sql .= "notify_tiers_at_create,"; + $sql .= "ip"; $sql .= ") VALUES ("; $sql .= " ".(!isset($this->ref) ? '' : "'".$this->db->escape($this->ref)."'").","; $sql .= " ".(!isset($this->track_id) ? 'NULL' : "'".$this->db->escape($this->track_id)."'").","; @@ -484,6 +485,7 @@ class Ticket extends CommonObject $sql .= " ".(!isset($this->date_close) || dol_strlen($this->date_close) == 0 ? 'NULL' : "'".$this->db->idate($this->date_close)."'").""; $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!isset($this->notify_tiers_at_create) ? '1' : "'".$this->db->escape($this->notify_tiers_at_create)."'"); + $sql .= ", ".(!isset($this->ip) ? 'unknown' : "'".$this->db->escape($this->ip)."'"); $sql .= ")"; $this->db->begin(); From 872602594e472df69c731cbde02da1cc619400f7 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 5 Aug 2022 12:34:16 +0200 Subject: [PATCH 2/8] fix CI error --- htdocs/ticket/class/ticket.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 5c1ba2e5dde..edda0dd4ee5 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -485,7 +485,7 @@ class Ticket extends CommonObject $sql .= " ".(!isset($this->date_close) || dol_strlen($this->date_close) == 0 ? 'NULL' : "'".$this->db->idate($this->date_close)."'").""; $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!isset($this->notify_tiers_at_create) ? '1' : "'".$this->db->escape($this->notify_tiers_at_create)."'"); - $sql .= ", ".(!isset($this->ip) ? 'unknown' : "'".$this->db->escape($this->ip)."'"); + $sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'"); $sql .= ")"; $this->db->begin(); From a3fb4ad03014966faa625798d44cdaedf404486d Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Mon, 29 Aug 2022 10:22:01 +0200 Subject: [PATCH 3/8] use of getUserRemoteIp() --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index dbda57d348f..9720df0881c 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -232,7 +232,7 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $object->type_code = GETPOST("type_code", 'aZ09'); $object->category_code = GETPOST("category_code", 'aZ09'); $object->severity_code = GETPOST("severity_code", 'aZ09'); - $object->ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']); + $object->ip = getUserRemoteIP(); $sql = "SELECT COUNT(ref) as nb_tickets"; $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; From 499720851fc9ce2807beb0d8282b455a7235f3da Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 8 Sep 2022 10:59:24 +0200 Subject: [PATCH 4/8] fix error of brackets + better look code --- htdocs/public/ticket/create_ticket.php | 265 +++++++++++++------------ 1 file changed, 133 insertions(+), 132 deletions(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 75e5dcdb868..79334a5b5f5 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -233,24 +233,24 @@ if (empty($reshook)) { if (!$error) { $object->db->begin(); - $object->type_code = GETPOST("type_code", 'aZ09'); - $object->category_code = GETPOST("category_code", 'aZ09'); - $object->severity_code = GETPOST("severity_code", 'aZ09'); - $object->ip = getUserRemoteIP(); + $object->type_code = GETPOST("type_code", 'aZ09'); + $object->category_code = GETPOST("category_code", 'aZ09'); + $object->severity_code = GETPOST("severity_code", 'aZ09'); + $object->ip = getUserRemoteIP(); - $sql = "SELECT COUNT(ref) as nb_tickets"; - $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; - $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; - $resql = $db->query($sql); - if ($resql) { - $num = $db->num_rows($resql); - $i = 0; - while ($i < $num) { - $i++; - $obj = $db->fetch_object($resql); - $nb_post_ip = $obj->nb_tickets; + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } } - } $object->track_id = generate_random_id(16); @@ -320,122 +320,81 @@ if (empty($reshook)) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { - $error++; - $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); - array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); - $action = 'create_ticket'; - } - - if (!$error) { - $id = $object->create($user); - if ($id <= 0) { + if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { $error++; - $errors = ($object->error ? array($object->error) : $object->errors); - array_push($object->errors, $object->error ? array($object->error) : $object->errors); - $action = 'create_ticket'; - } - } - - if (!$error && $id > 0) { - if ($usertoassign > 0) { - $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); - } - - if (!$error) { - $object->db->commit(); - $action = "infos_success"; - } else { - $object->db->rollback(); - setEventMessages($object->error, $object->errors, 'errors'); + $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); + array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); $action = 'create_ticket'; } if (!$error) { - $res = $object->fetch($id); - if ($res) { - // Create form object - include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $formmail = new FormMail($db); + $id = $object->create($user); + if ($id <= 0) { + $error++; + $errors = ($object->error ? array($object->error) : $object->errors); + array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $action = 'create_ticket'; + } + } - // Init to avoid errors - $filepath = array(); - $filename = array(); - $mimetype = array(); + if (!$error && $id > 0) { + if ($usertoassign > 0) { + $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); + } - $attachedfiles = $formmail->get_attached_files(); - $filepath = $attachedfiles['paths']; - $filename = $attachedfiles['names']; - $mimetype = $attachedfiles['mimes']; + if (!$error) { + $object->db->commit(); + $action = "infos_success"; + } else { + $object->db->rollback(); + setEventMessages($object->error, $object->errors, 'errors'); + $action = 'create_ticket'; + } - // Send email to customer + if (!$error) { + $res = $object->fetch($id); + if ($res) { + // Create form object + include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + $formmail = new FormMail($db); - $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubject', $object->ref, $object->track_id); - $message = ($conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->transnoentities('TicketNewEmailBody')).'

'; - $message .= $langs->transnoentities('TicketNewEmailBodyInfosTicket').'
'; + // Init to avoid errors + $filepath = array(); + $filename = array(); + $mimetype = array(); - $url_public_ticket = ($conf->global->TICKET_URL_PUBLIC_INTERFACE ? $conf->global->TICKET_URL_PUBLIC_INTERFACE.'/view.php' : dol_buildpath('/public/ticket/view.php', 2)).'?track_id='.$object->track_id; - $infos_new_ticket = $langs->transnoentities('TicketNewEmailBodyInfosTrackId', ''.$object->track_id.'').'
'; - $infos_new_ticket .= $langs->transnoentities('TicketNewEmailBodyInfosTrackUrl').'

'; + $attachedfiles = $formmail->get_attached_files(); + $filepath = $attachedfiles['paths']; + $filename = $attachedfiles['names']; + $mimetype = $attachedfiles['mimes']; - $message .= $infos_new_ticket; - $message .= getDolGlobalString('TICKET_MESSAGE_MAIL_SIGNATURE', $langs->transnoentities('TicketMessageMailSignatureText', $mysoc->name)); + // Send email to customer - $sendto = GETPOST('email', 'alpha'); + $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubject', $object->ref, $object->track_id); + $message = ($conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->transnoentities('TicketNewEmailBody')).'

'; + $message .= $langs->transnoentities('TicketNewEmailBodyInfosTicket').'
'; - $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.getDolGlobalString('TICKET_NOTIFICATION_EMAIL_FROM').'>'; - $replyto = $from; - $sendtocc = ''; - $deliveryreceipt = 0; + $url_public_ticket = ($conf->global->TICKET_URL_PUBLIC_INTERFACE ? $conf->global->TICKET_URL_PUBLIC_INTERFACE.'/view.php' : dol_buildpath('/public/ticket/view.php', 2)).'?track_id='.$object->track_id; + $infos_new_ticket = $langs->transnoentities('TicketNewEmailBodyInfosTrackId', ''.$object->track_id.'').'
'; + $infos_new_ticket .= $langs->transnoentities('TicketNewEmailBodyInfosTrackUrl').'

'; - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; - $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; - } - include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - $mailfile = new CMailFile($subject, $sendto, $from, $message, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); - if ($mailfile->error || $mailfile->errors) { - setEventMessages($mailfile->error, $mailfile->errors, 'errors'); - } else { - $result = $mailfile->sendfile(); - } - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; - } + $message .= $infos_new_ticket; + $message .= getDolGlobalString('TICKET_MESSAGE_MAIL_SIGNATURE', $langs->transnoentities('TicketMessageMailSignatureText', $mysoc->name)); - // Send email to TICKET_NOTIFICATION_EMAIL_TO - $sendto = $conf->global->TICKET_NOTIFICATION_EMAIL_TO; - if ($sendto) { - $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubjectAdmin', $object->ref, $object->track_id); - $message_admin = $langs->transnoentities('TicketNewEmailBodyAdmin', $object->track_id).'

'; - $message_admin .= '
  • '.$langs->trans('Title').' : '.$object->subject.'
    • '; - $message_admin .= '
  • '.$langs->trans('Type').' : '.$object->type_label.'
    • '; - $message_admin .= '
  • '.$langs->trans('Category').' : '.$object->category_label.'
    • '; - $message_admin .= '
  • '.$langs->trans('Severity').' : '.$object->severity_label.'
    • '; - $message_admin .= '
  • '.$langs->trans('From').' : '.$object->origin_email.'
    • '; - // Extrafields - $extrafields->fetch_name_optionals_label($object->table_element); - if (is_array($object->array_options) && count($object->array_options) > 0) { - foreach ($object->array_options as $key => $value) { - $key = substr($key, 8); // remove "options_" - $message_admin .= '
  • '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' : '.$extrafields->showOutputField($key, $value, '', $object->table_element).'
    • '; - } - } - $message_admin .= '
'; + $sendto = GETPOST('email', 'alpha'); - $message_admin .= '

'.$langs->trans('Message').' :
'.$object->message.'

'; - $message_admin .= '

'.$langs->trans('SeeThisTicketIntomanagementInterface').'

'; - - $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->TICKET_NOTIFICATION_EMAIL_FROM.'>'; + $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.getDolGlobalString('TICKET_NOTIFICATION_EMAIL_FROM').'>'; $replyto = $from; + $sendtocc = ''; + $deliveryreceipt = 0; if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; } include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); + $mailfile = new CMailFile($subject, $sendto, $from, $message, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); if ($mailfile->error || $mailfile->errors) { setEventMessages($mailfile->error, $mailfile->errors, 'errors'); } else { @@ -444,32 +403,74 @@ if (empty($reshook)) { if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; } + + // Send email to TICKET_NOTIFICATION_EMAIL_TO + $sendto = $conf->global->TICKET_NOTIFICATION_EMAIL_TO; + if ($sendto) { + $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubjectAdmin', $object->ref, $object->track_id); + $message_admin = $langs->transnoentities('TicketNewEmailBodyAdmin', $object->track_id).'

'; + $message_admin .= '
  • '.$langs->trans('Title').' : '.$object->subject.'
    • '; + $message_admin .= '
  • '.$langs->trans('Type').' : '.$object->type_label.'
    • '; + $message_admin .= '
  • '.$langs->trans('Category').' : '.$object->category_label.'
    • '; + $message_admin .= '
  • '.$langs->trans('Severity').' : '.$object->severity_label.'
    • '; + $message_admin .= '
  • '.$langs->trans('From').' : '.$object->origin_email.'
    • '; + // Extrafields + $extrafields->fetch_name_optionals_label($object->table_element); + if (is_array($object->array_options) && count($object->array_options) > 0) { + foreach ($object->array_options as $key => $value) { + $key = substr($key, 8); // remove "options_" + $message_admin .= '
  • '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' : '.$extrafields->showOutputField($key, $value, '', $object->table_element).'
    • '; + } + } + $message_admin .= '
'; + + $message_admin .= '

'.$langs->trans('Message').' :
'.$object->message.'

'; + $message_admin .= '

'.$langs->trans('SeeThisTicketIntomanagementInterface').'

'; + + $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->TICKET_NOTIFICATION_EMAIL_FROM.'>'; + $replyto = $from; + + if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { + $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; + $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; + } + include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; + $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); + if ($mailfile->error || $mailfile->errors) { + setEventMessages($mailfile->error, $mailfile->errors, 'errors'); + } else { + $result = $mailfile->sendfile(); + } + if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { + $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; + } + } } + + // Copy files into ticket directory + $destdir = $conf->ticket->dir_output.'/'.$object->ref; + if (!dol_is_dir($destdir)) { + dol_mkdir($destdir); + } + foreach ($filename as $i => $val) { + dol_move($filepath[$i], $destdir.'/'.$filename[$i], 0, 1); + $formmail->remove_attached_files($i); + } + + //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); + + // Make a redirect to avoid to have ticket submitted twice if we make back + $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); + $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); + setEventMessages($messagetoshow, null, 'warnings'); + setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); + + header("Location: index.php".(!empty($entity) && isModEnabled('multicompany')?'?entity='.$entity:'')); + exit; } - - // Copy files into ticket directory - $destdir = $conf->ticket->dir_output.'/'.$object->ref; - if (!dol_is_dir($destdir)) { - dol_mkdir($destdir); - } - foreach ($filename as $i => $val) { - dol_move($filepath[$i], $destdir.'/'.$filename[$i], 0, 1); - $formmail->remove_attached_files($i); - } - - //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); - - // Make a redirect to avoid to have ticket submitted twice if we make back - $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); - $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); - setEventMessages($messagetoshow, null, 'warnings'); - setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); - - header("Location: index.php".(!empty($entity) && isModEnabled('multicompany')?'?entity='.$entity:'')); - exit; + } else { + setEventMessages($object->error, $object->errors, 'errors'); } - } else { - setEventMessages($object->error, $object->errors, 'errors'); } } } From d1fbdbb33fb9b7fcb128d34151a9f27b84c54d9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Sep 2022 02:14:02 +0200 Subject: [PATCH 5/8] Update create_ticket.php --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index f1ce166cf81..8ea7de98442 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -438,7 +438,7 @@ if (empty($reshook)) { include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); if ($mailfile->error || $mailfile->errors) { - setEventMessages($mailfile->error, $mailfile->errors, 'errors'); + setEventMessages($mailfile->error, !empty($mailfile->errors), 'errors'); } else { $result = $mailfile->sendfile(); } From c6144df3976be647ae8c2e95f462568ddcb2ce95 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Sep 2022 02:15:31 +0200 Subject: [PATCH 6/8] Update create_ticket.php --- htdocs/public/ticket/create_ticket.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 8ea7de98442..62802744690 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -437,8 +437,8 @@ if (empty($reshook)) { } include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); - if ($mailfile->error || $mailfile->errors) { - setEventMessages($mailfile->error, !empty($mailfile->errors), 'errors'); + if ($mailfile->error || !empty($mailfile->errors)) { + setEventMessages($mailfile->error, $mailfile->errors, 'errors'); } else { $result = $mailfile->sendfile(); } From 7c92a45cd630b615d499b67aff09cf32353f3b57 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Sep 2022 02:21:24 +0200 Subject: [PATCH 7/8] Update create_ticket.php --- htdocs/public/ticket/create_ticket.php | 35 +++++++++++++++----------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 62802744690..107547c9248 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -232,29 +232,34 @@ if (empty($reshook)) { } if (!$error) { - $object->db->begin(); - $object->type_code = GETPOST("type_code", 'aZ09'); $object->category_code = GETPOST("category_code", 'aZ09'); $object->severity_code = GETPOST("severity_code", 'aZ09'); $object->ip = getUserRemoteIP(); - $sql = "SELECT COUNT(ref) as nb_tickets"; - $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; - $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; - $resql = $db->query($sql); - if ($resql) { - $num = $db->num_rows($resql); - $i = 0; - while ($i < $num) { - $i++; - $obj = $db->fetch_object($resql); - $nb_post_ip = $obj->nb_tickets; + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + + // Calculate nb of post for IP + $nb_post_ip = 0; + if ($nb_post_max > 0) { // Calculate only if there is a limit to check + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } } } - + $object->track_id = generate_random_id(16); + $object->db->begin(); $object->subject = GETPOST("subject", "restricthtml"); $object->message = GETPOST("message", "restricthtml"); @@ -321,7 +326,7 @@ if (empty($reshook)) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { + if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) { $error++; $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); From 1579ddea88291cb62b7e4a89a395e8d0029287d2 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 13 Sep 2022 00:26:00 +0000 Subject: [PATCH 8/8] Fixing style errors. --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 107547c9248..75f9fc11bb7 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -256,7 +256,7 @@ if (empty($reshook)) { } } } - + $object->track_id = generate_random_id(16); $object->db->begin();