Merge pull request #136 from guillegiu/master

fix bug #83
2025-07-29 08:44:58 +02:00 · 2018-01-17 22:10:28 -03:00 · 2018-01-17 22:10:28 -03:00 · f211bd9cea
commit f211bd9cea
parent f12dfc3754 f09f86f7b3
4 changed files with 34 additions and 22 deletions
--- a/server/controllers/system/add-department.php
+++ b/server/controllers/system/add-department.php
@ -16,7 +16,6 @@ use Respect\Validation\Validator as DataValidator;
 * @apiParam {String} name Name of the new department.
 *
 * @apiUse NO_PERMISSION
- * @apiUse INVALID_NAME
 *
 * @apiSuccess {Object} data Empty object
 *
@ -29,17 +28,12 @@ class AddDepartmentController extends Controller {
    public function validations() {
        return [
            'permission' => 'staff_3',
-            'requestData' => [
-                'name' => [
-                    'validation' => DataValidator::alnum(),
-                    'error' => ERRORS::INVALID_NAME
-                ]
-            ]
+            'requestData' => []
        ];
    }

    public function handler() {
-        $name = Controller::request('name');
+        $name = htmlentities(Controller::request('name'));

        $departmentInstance = new Department();

--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@ -85,8 +85,8 @@ class CreateController extends Controller {
    }

    public function handler() {
-        $this->title = Controller::request('title');
-        $this->content = Controller::request('content', true);
+        $this->title = htmlentities(Controller::request('title'));
+        $this->content = htmlentities(Controller::request('content', true));
        $this->departmentId = Controller::request('departmentId');
        $this->language = Controller::request('language');
        $this->email = Controller::request('email');
--- a/server/libs/MailSender.php
+++ b/server/libs/MailSender.php
@ -70,6 +70,7 @@ class MailSender {

            $this->mailerInstance->From = $this->mailOptions['from'];
            $this->mailerInstance->FromName = $this->mailOptions['fromName'];
+            $this->mailerInstance->CharSet = 'UTF-8';

            $this->mailerInstance->isSMTP();
            $this->mailerInstance->SMTPAuth = true;
--- a/tests/system/add-department.rb
+++ b/tests/system/add-department.rb
@ -2,7 +2,7 @@ describe'system/add-department' do
        request('/user/logout')
        Scripts.login($staff[:email], $staff[:password], true)

-        it 'should add department' do
+        it 'should add department with alphanumeric characters' do
            result = request('/system/add-department', {
                csrf_userid: $csrf_userid,
                csrf_token: $csrf_token,
@ -18,4 +18,21 @@ describe'system/add-department' do
            lastLog = $database.getLastRow('log')
            (lastLog['type']).should.equal('ADD_DEPARTMENT')
        end
+
+        it 'should add department with html tag' do
+            result = request('/system/add-department', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+                name: '<b>new department</b>'
+            })
+
+            (result['status']).should.equal('success')
+
+            row = $database.getRow('department', 5, 'id')
+
+            (row['name']).should.equal('&lt;b&gt;new department&lt;/b&gt;')
+
+            lastLog = $database.getLastRow('log')
+            (lastLog['type']).should.equal('ADD_DEPARTMENT')
+        end
 end