From 3d416f82bdb68fe51febecdb47ea3447e8de3d49 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Fri, 12 Jan 2018 23:08:07 -0300 Subject: [PATCH 1/3] fix bug 83 --- server/controllers/system/add-department.php | 14 ++++---------- tests/system/add-department.rb | 19 ++++++++++++++++++- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/server/controllers/system/add-department.php b/server/controllers/system/add-department.php index 2307b2fc..0d42846b 100755 --- a/server/controllers/system/add-department.php +++ b/server/controllers/system/add-department.php @@ -16,7 +16,6 @@ use Respect\Validation\Validator as DataValidator; * @apiParam {String} name Name of the new department. * * @apiUse NO_PERMISSION - * @apiUse INVALID_NAME * * @apiSuccess {Object} data Empty object * @@ -29,20 +28,15 @@ class AddDepartmentController extends Controller { public function validations() { return [ 'permission' => 'staff_3', - 'requestData' => [ - 'name' => [ - 'validation' => DataValidator::alnum(), - 'error' => ERRORS::INVALID_NAME - ] - ] + 'requestData' => [] ]; } public function handler() { $name = Controller::request('name'); - + $departmentInstance = new Department(); - + $departmentInstance->setProperties([ 'name' => $name, ]); @@ -53,4 +47,4 @@ class AddDepartmentController extends Controller { Response::respondSuccess(); } -} \ No newline at end of file +} diff --git a/tests/system/add-department.rb b/tests/system/add-department.rb index af45e221..a4613026 100644 --- a/tests/system/add-department.rb +++ b/tests/system/add-department.rb @@ -2,7 +2,7 @@ describe'system/add-department' do request('/user/logout') Scripts.login($staff[:email], $staff[:password], true) - it 'should add department' do + it 'should add department with alphanumeric characters' do result = request('/system/add-department', { csrf_userid: $csrf_userid, csrf_token: $csrf_token, @@ -18,4 +18,21 @@ describe'system/add-department' do lastLog = $database.getLastRow('log') (lastLog['type']).should.equal('ADD_DEPARTMENT') end + + it 'should add department with html tag' do + result = request('/system/add-department', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'new department' + }) + + (result['status']).should.equal('success') + + row = $database.getRow('department', 5, 'id') + + (row['name']).should.equal('new department') + + lastLog = $database.getLastRow('log') + (lastLog['type']).should.equal('ADD_DEPARTMENT') + end end From a98d7ecdd1d036229612ae69109bd799c9f357ad Mon Sep 17 00:00:00 2001 From: Guillermo Date: Tue, 16 Jan 2018 01:26:13 -0300 Subject: [PATCH 2/3] Add htmlentities to department name --- server/controllers/system/add-department.php | 2 +- server/controllers/ticket/create.php | 20 ++++++++++---------- tests/system/add-department.rb | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/server/controllers/system/add-department.php b/server/controllers/system/add-department.php index 0d42846b..7ea0ee14 100755 --- a/server/controllers/system/add-department.php +++ b/server/controllers/system/add-department.php @@ -33,7 +33,7 @@ class AddDepartmentController extends Controller { } public function handler() { - $name = Controller::request('name'); + $name = htmlentities(Controller::request('name')); $departmentInstance = new Department(); diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index 891116a0..67dbc123 100755 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -68,7 +68,7 @@ class CreateController extends Controller { ] ] ]; - + if(!Controller::isUserSystemEnabled()) { $validations['permission'] = 'any'; $validations['requestData']['captcha'] = [ @@ -80,13 +80,13 @@ class CreateController extends Controller { 'error' => ERRORS::INVALID_EMAIL ]; } - + return $validations; } public function handler() { - $this->title = Controller::request('title'); - $this->content = Controller::request('content', true); + $this->title = htmlentities(Controller::request('title')); + $this->content = htmlentities(Controller::request('content', true)); $this->departmentId = Controller::request('departmentId'); $this->language = Controller::request('language'); $this->email = Controller::request('email'); @@ -97,7 +97,7 @@ class CreateController extends Controller { if(!Controller::isUserSystemEnabled()) { $this->sendMail(); } - + $staffs = Staff::find('send_email_on_new_ticket = 1'); foreach ($staffs as $staff) { if($staff->sharedDepartmentList->includesId(Controller::request('departmentId'))) { @@ -132,19 +132,19 @@ class CreateController extends Controller { 'authorName' => $this->name, 'authorEmail' => $this->email )); - + if(Controller::isUserSystemEnabled()) { $author->sharedTicketList->add($ticket); $author->tickets++; - + $this->email = $author->email; $this->name = $author->name; - $author->store(); + $author->store(); } - + $ticket->store(); - + $this->ticketNumber = $ticket->ticketNumber; } diff --git a/tests/system/add-department.rb b/tests/system/add-department.rb index a4613026..4da2044b 100644 --- a/tests/system/add-department.rb +++ b/tests/system/add-department.rb @@ -30,7 +30,7 @@ describe'system/add-department' do row = $database.getRow('department', 5, 'id') - (row['name']).should.equal('new department') + (row['name']).should.equal('<b>new department</b>') lastLog = $database.getLastRow('log') (lastLog['type']).should.equal('ADD_DEPARTMENT') From f09f86f7b34fbecfa7c07cd8187eaa0580d85258 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Tue, 16 Jan 2018 23:41:23 -0300 Subject: [PATCH 3/3] fix bug #95 --- server/libs/MailSender.php | 1 + 1 file changed, 1 insertion(+) diff --git a/server/libs/MailSender.php b/server/libs/MailSender.php index 62bbaed3..1d6b2172 100755 --- a/server/libs/MailSender.php +++ b/server/libs/MailSender.php @@ -70,6 +70,7 @@ class MailSender { $this->mailerInstance->From = $this->mailOptions['from']; $this->mailerInstance->FromName = $this->mailOptions['fromName']; + $this->mailerInstance->CharSet = 'UTF-8'; $this->mailerInstance->isSMTP(); $this->mailerInstance->SMTPAuth = true;