tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-31 01:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add htmlentities to department name

Browse Source
This commit is contained in:
Guillermo 2018-01-16 01:26:13 -03:00
parent 3d416f82bd
commit a98d7ecdd1
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/controllers/system/add-department.php
View File

@ -33,7 +33,7 @@ class AddDepartmentController extends Controller {
} }
public function handler() { public function handler() {
$name = Controller::request('name'); $name = htmlentities(Controller::request('name'));
$departmentInstance = new Department(); $departmentInstance = new Department();

20
server/controllers/ticket/create.php
View File

@ -68,7 +68,7 @@ class CreateController extends Controller {
] ]
] ]
]; ];
if(!Controller::isUserSystemEnabled()) { if(!Controller::isUserSystemEnabled()) {
$validations['permission'] = 'any'; $validations['permission'] = 'any';
$validations['requestData']['captcha'] = [ $validations['requestData']['captcha'] = [
@ -80,13 +80,13 @@ class CreateController extends Controller {
'error' => ERRORS::INVALID_EMAIL 'error' => ERRORS::INVALID_EMAIL
]; ];
} }
return $validations; return $validations;
} }
public function handler() { public function handler() {
$this->title = Controller::request('title'); $this->title = htmlentities(Controller::request('title'));
$this->content = Controller::request('content', true); $this->content = htmlentities(Controller::request('content', true));
$this->departmentId = Controller::request('departmentId'); $this->departmentId = Controller::request('departmentId');
$this->language = Controller::request('language'); $this->language = Controller::request('language');
$this->email = Controller::request('email'); $this->email = Controller::request('email');
@ -97,7 +97,7 @@ class CreateController extends Controller {
if(!Controller::isUserSystemEnabled()) { if(!Controller::isUserSystemEnabled()) {
$this->sendMail(); $this->sendMail();
} }
$staffs = Staff::find('send_email_on_new_ticket = 1'); $staffs = Staff::find('send_email_on_new_ticket = 1');
foreach ($staffs as $staff) { foreach ($staffs as $staff) {
if($staff->sharedDepartmentList->includesId(Controller::request('departmentId'))) { if($staff->sharedDepartmentList->includesId(Controller::request('departmentId'))) {
@ -132,19 +132,19 @@ class CreateController extends Controller {
'authorName' => $this->name, 'authorName' => $this->name,
'authorEmail' => $this->email 'authorEmail' => $this->email
)); ));
if(Controller::isUserSystemEnabled()) { if(Controller::isUserSystemEnabled()) {
$author->sharedTicketList->add($ticket); $author->sharedTicketList->add($ticket);
$author->tickets++; $author->tickets++;
$this->email = $author->email; $this->email = $author->email;
$this->name = $author->name; $this->name = $author->name;
$author->store(); $author->store();
} }
$ticket->store(); $ticket->store();
$this->ticketNumber = $ticket->ticketNumber; $this->ticketNumber = $ticket->ticketNumber;
} }

2
tests/system/add-department.rb
View File

@ -30,7 +30,7 @@ describe'system/add-department' do
row = $database.getRow('department', 5, 'id') row = $database.getRow('department', 5, 'id')
(row['name']).should.equal('<b>new department</b>') (row['name']).should.equal('&lt;b&gt;new department&lt;/b&gt;')
lastLog = $database.getLastRow('log') lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('ADD_DEPARTMENT') (lastLog['type']).should.equal('ADD_DEPARTMENT')