Menu
▾
▴
[Helpmeict-cvs] Helpdesk issue.php,1.40,1.41
|
From: Scott P. <wht...@us...> - 2007-09-10 00:23:32
|
Update of /cvsroot/helpmeict/Helpdesk In directory sc8-pr-cvs17:/tmp/cvs-serv3881 Modified Files: issue.php Log Message: Cleaned up magic_quotes detection and input santizing. Fixed all undefined variables and constants. Added basic functionality for <a> html tags to show up in remarks. Allows links to show up in remarks if you add a remark like the following: e.g. This is a link i want you to see. <a href="www.google.com">A link I want you to see</a> Index: issue.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v retrieving revision 1.40 retrieving revision 1.41 diff -C2 -d -r1.40 -r1.41 *** issue.php 7 Sep 2007 08:53:50 -0000 1.40 --- issue.php 10 Sep 2007 00:23:22 -0000 1.41 *************** *** 66,133 **** // Language selection set_text_domain("issue"); ! //Clean oall POST values foreach($_POST as $key => $val) { // scubbing the field NAME... if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if ($key != "selectremark") { ! $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); } } - // Retrieve Get/Post variables ! ! $act = $_REQUEST['act']; ! $level = $_POST['level']; ! $oldlevel = $_POST['oldlevel']; ! $oldlevelname = $_POST['oldlevelname']; ! $publish = $_POST['publish']; ! $existingkeywords = $_POST['existingkeywords']; ! $status = $_POST['status']; ! $oldstatus = $_POST['oldstatus']; ! $oldstatusname = $_POST['oldstatusname']; ! $site = $_REQUEST['site']; ! $newsite = $_POST['newsite']; ! $sitename = $_REQUEST['sitename']; ! $newsitename = $_POST['newsitename']; ! $createdby = $_REQUEST['createdby']; ! $reportedby = $_REQUEST['reportedby']; ! $assignedto = $_REQUEST['assignedto']; ! $oldassignedto = $_REQUEST['oldassignedto']; ! $oldassignedtoname = $_REQUEST['oldassignedtoname']; ! $details = $_POST['details']; ! $categories = $_POST['categories']; ! $remarkaction = $_POST['remarkaction']; ! $confidential = $_POST['confidential']; ! $selectremark = $_POST['selectremark']; ! $priority = $_POST['priority']; ! $oldpriority = $_POST['oldpriority']; ! $oldpriorityname = $_POST['oldpriorityname']; ! $id = $_REQUEST['id']; ! $delete_attachments = $_POST['delete_attachments']; ! ! if (!get_magic_quotes_gpc()) { ! $contact = addslashes($_POST['contact']); ! $location = addslashes($_POST['location']); ! $summary = addslashes($_POST['summary']); ! $description = addslashes($_POST['description']); ! $solution = addslashes($_POST['solution']); ! $remark = addslashes($_POST['remark']); ! $timehours = addslashes($_POST['timehours']); ! $timeminutes = addslashes($_POST['timeminutes']); ! $keywords = addslashes($_POST['keywords']); } ! ! else { $contact = $_POST['contact']; $location = $_POST['location']; $summary = $_POST['summary']; $description = $_POST['description']; $solution = $_POST['solution']; $remark = $_POST['remark']; $timehours = $_POST['timehours']; $timeminutes = $_POST['timeminutes']; $keywords = $_POST['keywords']; ! } --- 66,205 ---- // Language selection set_text_domain("issue"); ! global $details, $act, $acl_reload, $delete_attachments, $selectremark, $publish, $confidential, $hs, $an_additional, $timeminutes, $timehours; //Clean oall POST values foreach($_POST as $key => $val) { // scubbing the field NAME... if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if ($key != "selectremark" && $key != "attachments" && $key != "delete_attachments" && $key != "existingkeywords") { ! if (!get_magic_quotes_gpc()) { ! $_POST[$key] = addslashes(htmlentities(strip_tags($val, '<a>'), ENT_QUOTES)); ! } ! else { ! $_POST[$key] = htmlentities(strip_tags($val, '<a>'), ENT_QUOTES); ! } ! } ! } ! foreach($_REQUEST as $key => $val) { ! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if ($key != "selectremark" && $key != "attachments" && $key != "delete_attachments" && $key != "existingkeywords") { ! if (!get_magic_quotes_gpc()) { ! $_REQUEST[$key] = addslashes(htmlentities(strip_tags($val, '<a>'), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key] = htmlentities(strip_tags($val, '<a>'), ENT_QUOTES); ! } } } // Retrieve Get/Post variables ! if(isset($_REQUEST['id'])) { ! $id = $_REQUEST['id']; } ! if(isset($_POST['delete_attachments'])) { ! $delete_attachments = $_POST['delete_attachments']; ! } ! if(isset($_POST['contact'])) { $contact = $_POST['contact']; + } + if(isset($_POST['location'])) { $location = $_POST['location']; + } + if(isset($_POST['summary'])) { $summary = $_POST['summary']; + } + if(isset($_POST['description'])) { $description = $_POST['description']; + } + if(isset($_POST['solution'])) { $solution = $_POST['solution']; + } + if(isset($_POST['remark'])) { $remark = $_POST['remark']; + } + if(isset($_POST['timehours'])) { $timehours = $_POST['timehours']; + } + if(isset($_POST['timeminutes'])) { $timeminutes = $_POST['timeminutes']; + } + if(isset($_POST['keywords'])) { $keywords = $_POST['keywords']; ! } ! if(isset($_REQUEST['act'])) { ! $act = $_REQUEST['act']; ! } ! if(isset($_POST['level'])) { ! $level = $_POST['level']; ! } ! if(isset($_POST['oldlevel'])) { ! $oldlevel = $_POST['oldlevel']; ! } ! if(isset($_POST['oldlevelname'])) { ! $oldlevelname = $_POST['oldlevelname']; ! } ! if(isset($_POST['publish'])) { ! $publish = $_POST['publish']; ! } ! if(isset($_POST['existingkeywords'])) { ! $existingkeywords = $_POST['existingkeywords']; ! } ! if(isset($_POST['status'])) { ! $status = $_POST['status']; ! } ! if(isset($_POST['oldstatus'])) { ! $oldstatus = $_POST['oldstatus']; ! } ! if(isset($_POST['oldstatusname'])) { ! $oldstatusname = $_POST['oldstatusname']; ! } ! if(isset($_REQUEST['site'])) { ! $site = $_REQUEST['site']; ! } ! if(isset($_POST['newsite'])) { ! $newsite = $_POST['newsite']; ! } ! if(isset($_REQUEST['sitename'])) { ! $sitename = $_REQUEST['sitename']; ! } ! if(isset($_POST['newsitename'])) { ! $newsitename = $_POST['newsitename']; ! } ! if(isset($_REQUEST['createdby'])) { ! $createdby = $_REQUEST['createdby']; ! } ! if(isset($_REQUEST['reportedby'])) { ! $reportedby = $_REQUEST['reportedby']; ! } ! if(isset($_REQUEST['assignedto'])) { ! $assignedto = $_REQUEST['assignedto']; ! } ! if(isset($_REQUEST['oldassignedto'])) { ! $oldassignedto = $_REQUEST['oldassignedto']; ! } ! if(isset($_REQUEST['oldassignedtoname'])) { ! $oldassignedtoname = $_REQUEST['oldassignedtoname']; ! } ! if(isset($_POST['details'])) { ! $details = $_POST['details']; ! } ! if(isset($_POST['categories'])) { ! $categories = $_POST['categories']; ! } ! if(isset($_POST['remarkaction'])) { ! $remarkaction = $_POST['remarkaction']; ! } ! if(isset($_POST['confidential'])) { ! $confidential = $_POST['confidential']; ! } ! if(isset($_POST['selectremark'])) { ! $selectremark = $_POST['selectremark']; ! } ! if(isset($_POST['priority'])) { ! $priority = $_POST['priority']; ! } ! if(isset($_POST['oldpriority'])) { ! $oldpriority = $_POST['oldpriority']; ! } ! if(isset($_POST['oldpriorityname'])) { ! $oldpriorityname = $_POST['oldpriorityname']; } *************** *** 173,177 **** // if the above query returns NO result, then the usertypename is BLANK ! if ($acl['denyall']) { print " <h1>".gettext('Error')."</h1>\n <h2 class=\"warning\">".gettext('You cannot view this issue')."</h2><div class=\"block\">\n</div>"; --- 245,249 ---- // if the above query returns NO result, then the usertypename is BLANK ! if (isset($acl['denyall'])) { print " <h1>".gettext('Error')."</h1>\n <h2 class=\"warning\">".gettext('You cannot view this issue')."</h2><div class=\"block\">\n</div>"; *************** *** 700,704 **** */ ! if ($acl['edit_details'] && $num_categories > 0) { $index = 0; foreach ($categoriesRS as $record) { --- 772,776 ---- */ ! if (isset($acl['edit_details']) && $num_categories > 0) { $index = 0; foreach ($categoriesRS as $record) { *************** *** 741,745 **** DetailsList[loop+shift] = new Option(eval('problems_' + i + '[loop*2+1]')); DetailsList[loop+shift].value = eval('problems_' + i + '[loop*2]'); ! if (DetailsList[loop+shift].value == <?php echo $issue[0][detail];?> && initialflag == 1) { DetailsList[loop+shift].selected = true; initialflag = 0; --- 813,817 ---- DetailsList[loop+shift] = new Option(eval('problems_' + i + '[loop*2+1]')); DetailsList[loop+shift].value = eval('problems_' + i + '[loop*2]'); ! if (DetailsList[loop+shift].value == <?php echo $issue[0]['detail'];?> && initialflag == 1) { DetailsList[loop+shift].selected = true; initialflag = 0; *************** *** 752,756 **** <?php } ! if ($acl['show_confidential']) { ?> --- 824,828 ---- <?php } ! if (isset($acl['show_confidential'])) { ?> *************** *** 797,801 **** if (document.mainform.assignedto.value != <?php echo $issue[0]['assignedto'];?> && document.mainform.assignedto.value != <?php echo $_SESSION['_id'];?> && !confirm('<?php echo gettext("Committing this action will re-assign this issue to another support agent.\\n\\nAre you sure you wish to commit?");?>')) flag = false; <?php ! if ($acl['edit_time']) { ?> if (document.mainform.timehours.value >= <?php echo $global_prefs['excessivehours'];?> && !confirm('<?php echo gettext("Committing this action will specify a large amount of time spent on the problem.\\n\\nAre you sure you wish to commit?");?>')) flag = false; --- 869,873 ---- if (document.mainform.assignedto.value != <?php echo $issue[0]['assignedto'];?> && document.mainform.assignedto.value != <?php echo $_SESSION['_id'];?> && !confirm('<?php echo gettext("Committing this action will re-assign this issue to another support agent.\\n\\nAre you sure you wish to commit?");?>')) flag = false; <?php ! if (isset($acl['edit_time'])) { ?> if (document.mainform.timehours.value >= <?php echo $global_prefs['excessivehours'];?> && !confirm('<?php echo gettext("Committing this action will specify a large amount of time spent on the problem.\\n\\nAre you sure you wish to commit?");?>')) flag = false; *************** *** 803,807 **** } ! if ($acl['edit_publish']) { ?> if (document.mainform.publish.checked && !confirm('<?php echo gettext("Committing this action will PUBLICLY publish this issue.\\n\\nAre you sure you wish to commit?");?>')) flag = false; --- 875,879 ---- } ! if (isset($acl['edit_publish'])) { ?> if (document.mainform.publish.checked && !confirm('<?php echo gettext("Committing this action will PUBLICLY publish this issue.\\n\\nAre you sure you wish to commit?");?>')) flag = false; *************** *** 826,830 **** } ! <?php if ($acl['recall_issue']) { ?> function recallSubmit () { if (confirm('<?php echo gettext("Are you sure you wish to recall the issue?");?>')) { --- 898,902 ---- } ! <?php if (isset($acl['recall_issue'])) { ?> function recallSubmit () { if (confirm('<?php echo gettext("Are you sure you wish to recall the issue?");?>')) { *************** *** 837,841 **** </script> ! <h1><?php echo gettext("Issue");?> #<?php echo $issue[0]['id'] . ($issue[0]['published'] == 0 ? ($closedstatus == $issue[0][status] ? ' ('.gettext('Closed').')' : '') : ' ('.gettext('Published').')');?></h1> <?php --- 909,913 ---- </script> ! <h1><?php echo gettext("Issue");?> #<?php echo $issue[0]['id'] . ($issue[0]['published'] == 0 ? ($closedstatus == $issue[0]['status'] ? ' ('.gettext('Closed').')' : '') : ' ('.gettext('Published').')');?></h1> <?php *************** *** 844,850 **** ?> <h2><?php echo gettext('Here is the information pertaining to the knowledge base item.')?> ! <?php if ($acl['view_remarks']) { echo gettext('Please check the <a href="#history">issue history</a> for the audit trail of this issue.');}?></h2> <?php ! } elseif ($issue[0][recalled] == 1) { if ($usertype != 'Client' && $usertype != 'Site Contact') { ?> --- 916,922 ---- ?> <h2><?php echo gettext('Here is the information pertaining to the knowledge base item.')?> ! <?php if (isset($acl['view_remarks'])) { echo gettext('Please check the <a href="#history">issue history</a> for the audit trail of this issue.');}?></h2> <?php ! } elseif ($issue[0]['recalled'] == 1) { if ($usertype != 'Client' && $usertype != 'Site Contact') { ?> *************** *** 864,868 **** <div class="block"> <form name="mainform" id="mainform" method="post" action="" class="login" enctype="multipart/form-data"> ! <?php if ($acl['edit_issue']) {?> <input type="hidden" name="act" value="action" /> <input type="hidden" name="oldlevel" value="<?php echo $issue[0]['level'];?>" /> --- 936,940 ---- <div class="block"> <form name="mainform" id="mainform" method="post" action="" class="login" enctype="multipart/form-data"> ! <?php if (isset($acl['edit_issue'])) {?> <input type="hidden" name="act" value="action" /> <input type="hidden" name="oldlevel" value="<?php echo $issue[0]['level'];?>" /> *************** *** 874,880 **** <input type="hidden" name="oldpriorityname" value="<?php echo $issue[0]['priorityname'];?>" /> <input type="hidden" name="oldassignedtoname" value="<?php echo $issue[0]['assignedtoname'];?>" /> ! <?php } elseif ($acl['recall_issue']) {?> <input type="hidden" name="act" value="revoke" /> ! <?php } elseif ($acl['unpublish_issue']) {?> <input type="hidden" name="act" value="unpublish" /> <?php }?> --- 946,952 ---- <input type="hidden" name="oldpriorityname" value="<?php echo $issue[0]['priorityname'];?>" /> <input type="hidden" name="oldassignedtoname" value="<?php echo $issue[0]['assignedtoname'];?>" /> ! <?php } elseif (isset($acl['recall_issue'])) {?> <input type="hidden" name="act" value="revoke" /> ! <?php } elseif (isset($acl['unpublish_issue'])) {?> <input type="hidden" name="act" value="unpublish" /> <?php }?> *************** *** 884,888 **** <?php //if ($usertype != 'Client' && $usertype != 'Site Contact' && $issue[0]['published'] == 0) { ! if ($acl['edit_style']) { // Top submit button, floating inline at the top - right // Note also the closing div tag just before the bottom submit button --- 956,960 ---- <?php //if ($usertype != 'Client' && $usertype != 'Site Contact' && $issue[0]['published'] == 0) { ! if (isset($acl['edit_style'])) { // Top submit button, floating inline at the top - right // Note also the closing div tag just before the bottom submit button *************** *** 890,898 **** <div class="rcolumn"> <div class="buttonpanel"> ! <?php if ($acl['edit_issue']) { ?> <input type="button" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" /> ! <?php } if ($acl['reset_issue']) { ?> <input name="reset" type="reset" id="reset3" value="<?php echo gettext("Reset");?>" onclick="document.location='issue.php?id=<?php echo $issue[0]['id'];?>'" /> ! <?php } if ($acl['recall_issue']) { ?> <input type="button" value="<?php echo gettext("Recall Issue");?>" onclick="recallSubmit()" /> <?php } ?> --- 962,970 ---- <div class="rcolumn"> <div class="buttonpanel"> ! <?php if (isset($acl['edit_issue'])) { ?> <input type="button" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" /> ! <?php } if (isset($acl['reset_issue'])) { ?> <input name="reset" type="reset" id="reset3" value="<?php echo gettext("Reset");?>" onclick="document.location='issue.php?id=<?php echo $issue[0]['id'];?>'" /> ! <?php } if (isset($acl['recall_issue'])) { ?> <input type="button" value="<?php echo gettext("Recall Issue");?>" onclick="recallSubmit()" /> <?php } ?> *************** *** 902,906 **** } ?> ! <?php if ($acl['view_createdby']) { ?> <div class="labelfieldpair"> <div class="name"><?php echo gettext("Created By");?>:</div> --- 974,978 ---- } ?> ! <?php if (isset($acl['view_createdby'])) { ?> <div class="labelfieldpair"> <div class="name"><?php echo gettext("Created By");?>:</div> *************** *** 912,916 **** <div class="value"><?php echo strftime('%d/%m/%y %H:%M',$issue[0]['createdon']);?></div> </div> ! <?php if ($acl['view_reportedby']) { ?> <div class="labelfieldpair"> <div class="name"><?php echo gettext("Reported By");?>:</div> --- 984,988 ---- <div class="value"><?php echo strftime('%d/%m/%y %H:%M',$issue[0]['createdon']);?></div> </div> ! <?php if (isset($acl['view_reportedby'])) { ?> <div class="labelfieldpair"> <div class="name"><?php echo gettext("Reported By");?>:</div> *************** *** 922,926 **** </div> <?php } ?> ! <?php if ($acl['view_site']) { ?> <div class="labelfieldpair"> <div class="name"> --- 994,998 ---- </div> <?php } ?> ! <?php if (isset($acl['view_site'])) { ?> <div class="labelfieldpair"> <div class="name"> *************** *** 928,932 **** </div> <div class="value" id="site"><?php echo $issue[0]['sitename'];?> ! <?php if ($acl['edit_site']) {?> [<a <?php print 'href="issue.php?id=' . $issue[0]['id'] . '&site=' . $issue[0]['site'] . '&sitename=' . $issue[0]['sitename'] . '&assignedto=' . $issue[0]['assignedto'] . '&act=changesite">'.gettext('Change Site');?></a>] <?php }?> --- 1000,1004 ---- </div> <div class="value" id="site"><?php echo $issue[0]['sitename'];?> ! <?php if (isset($acl['edit_site'])) {?> [<a <?php print 'href="issue.php?id=' . $issue[0]['id'] . '&site=' . $issue[0]['site'] . '&sitename=' . $issue[0]['sitename'] . '&assignedto=' . $issue[0]['assignedto'] . '&act=changesite">'.gettext('Change Site');?></a>] <?php }?> *************** *** 934,943 **** </div> <?php } ?> ! <?php if ($acl['view_assignedto']) {?> <div class="labelfieldpair"> <div class="name"> <label for="assignedto"><?php echo gettext("Assigned To");?></label> </div> ! <?php if (! $acl['edit_assignedto']) {?> <div class="value"> <input type="hidden" name="assignedto" id="assignedto" value="<?php echo $issue[0]['assignedto'];?>" /> --- 1006,1015 ---- </div> <?php } ?> ! <?php if (isset($acl['view_assignedto'])) {?> <div class="labelfieldpair"> <div class="name"> <label for="assignedto"><?php echo gettext("Assigned To");?></label> </div> ! <?php if (!isset($acl['edit_assignedto'])) {?> <div class="value"> <input type="hidden" name="assignedto" id="assignedto" value="<?php echo $issue[0]['assignedto'];?>" /> *************** *** 970,974 **** // Set as default if chosen if ($record['id'] == $issue[0]['assignedto']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print " <option value=\"${record[id]}\"$checked>".preg_replace('/\* unassigned \*/',gettext('* unassigned *'),$record['name'])."</option>\n"; } ?> --- 1042,1046 ---- // Set as default if chosen if ($record['id'] == $issue[0]['assignedto']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print " <option value=\"${record['id']}\"$checked>".preg_replace('/\* unassigned \*/',gettext('* unassigned *'),$record['name'])."</option>\n"; } ?> *************** *** 978,987 **** </div> <?php }?> ! <?php if ($acl['view_contactinfo']) { ?> <div class="labelfieldpair"> <div class="name"> <label for="contact"><?php echo gettext("Contact Info");?></label> </div> ! <?php if ($acl['edit_contactinfo']) {?> <div class="field"> <input name="contact" type="text" id="contact" size="60" maxlength="100" value="<?php echo $issue[0]['contact'];?>" /> --- 1050,1059 ---- </div> <?php }?> ! <?php if (isset($acl['view_contactinfo'])) { ?> <div class="labelfieldpair"> <div class="name"> <label for="contact"><?php echo gettext("Contact Info");?></label> </div> ! <?php if (isset($acl['edit_contactinfo'])) {?> <div class="field"> <input name="contact" type="text" id="contact" size="60" maxlength="100" value="<?php echo $issue[0]['contact'];?>" /> *************** *** 995,1004 **** </div> <?php }?> ! <?php if ($acl['view_location']) { ?> <div class="labelfieldpair"> <div class="name"> <label for="location"><?php echo gettext("Location");?></label> </div> ! <?php if ($acl['edit_location']) {?> <div class="field"> <input name="location" type="text" id="location" size="60" maxlength="100" value="<?php echo $issue[0]['location'];?>" /> --- 1067,1076 ---- </div> <?php }?> ! <?php if (isset($acl['view_location'])) { ?> <div class="labelfieldpair"> <div class="name"> <label for="location"><?php echo gettext("Location");?></label> </div> ! <?php if (isset($acl['edit_location'])) {?> <div class="field"> <input name="location" type="text" id="location" size="60" maxlength="100" value="<?php echo $issue[0]['location'];?>" /> *************** *** 1018,1027 **** <label for="categories"><?php echo gettext("Problem Category");?></label> </div> ! <?php if ($num_categories > 1 && $acl['edit_category']) {?> <div class="field"> <select name="categories" id="categories" onchange="SetupDetails()"> <?php foreach ($categoriesRS as $record) { if ($record['id'] == $issue[0]['category']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print (" <option value=\"${record[id]}\"$checked>".gettext($record['description'])."</option>\n"); }?> </select> --- 1090,1099 ---- <label for="categories"><?php echo gettext("Problem Category");?></label> </div> ! <?php if ($num_categories > 1 && isset($acl['edit_category'])) {?> <div class="field"> <select name="categories" id="categories" onchange="SetupDetails()"> <?php foreach ($categoriesRS as $record) { if ($record['id'] == $issue[0]['category']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print (" <option value=\"${record['id']}\"$checked>".gettext($record['description'])."</option>\n"); }?> </select> *************** *** 1040,1044 **** <label for="details"><?php echo gettext("Problem Detail");?></label> </div> ! <?php if (count($detailsRS) > 1 && $acl['edit_details']) {?> <div class="field"> <select name="details" id="details"> --- 1112,1116 ---- <label for="details"><?php echo gettext("Problem Detail");?></label> </div> ! <?php if (count($detailsRS) > 1 && isset($acl['edit_details'])) {?> <div class="field"> <select name="details" id="details"> *************** *** 1076,1080 **** </div> <div class="field"> ! <?php if ($acl['edit_summary']) {?> <textarea name="summary" id="summary" cols="60" rows="2"><?php echo $issue[0]['summary'];?></textarea> <?php } else {?> --- 1148,1152 ---- </div> <div class="field"> ! <?php if (isset($acl['edit_summary'])) {?> <textarea name="summary" id="summary" cols="60" rows="2"><?php echo $issue[0]['summary'];?></textarea> <?php } else {?> *************** *** 1090,1094 **** </div> <div class="field"> ! <?php if ($acl['edit_description']) {?> <textarea name="description" id="description" cols="60" rows="6"><?php echo $issue[0]['description'];?></textarea> <?php } else {?> --- 1162,1166 ---- </div> <div class="field"> ! <?php if (isset($acl['edit_description'])) {?> <textarea name="description" id="description" cols="60" rows="6"><?php echo $issue[0]['description'];?></textarea> <?php } else {?> *************** *** 1104,1108 **** </div> <div class="field"> ! <?php if ($acl['edit_solution']) {?> <textarea name="solution" id="solution" cols="60" rows="4"><?php echo $issue[0]['solution'];?></textarea> <?php } else {?> --- 1176,1180 ---- </div> <div class="field"> ! <?php if (isset($acl['edit_solution'])) {?> <textarea name="solution" id="solution" cols="60" rows="4"><?php echo $issue[0]['solution'];?></textarea> <?php } else {?> *************** *** 1112,1116 **** </div> <?php }?> ! <?php if ($acl['edit_publish']) {?> <div class="labelfieldpair"> <div class="name"> </div> --- 1184,1188 ---- </div> <?php }?> ! <?php if (isset($acl['edit_publish'])) {?> <div class="labelfieldpair"> <div class="name"> </div> *************** *** 1121,1125 **** </div> <?php }?> ! <?php if ($acl['view_time']) { if ($is_pgsql) { $userTimes=db_recordset('SELECT SUM(time) AS totaltime FROM tbl_Times, tbl_Users WHERE tbl_Times.userid = tbl_Users.id AND tbl_Times.issue = ' . $issue[0]['id']); --- 1193,1197 ---- </div> <?php }?> ! <?php if (isset($acl['view_time'])) { if ($is_pgsql) { $userTimes=db_recordset('SELECT SUM(time) AS totaltime FROM tbl_Times, tbl_Users WHERE tbl_Times.userid = tbl_Users.id AND tbl_Times.issue = ' . $issue[0]['id']); *************** *** 1145,1149 **** } ?> ! <?php if ($acl['edit_time']) {?> <div class="labelfieldpair"> <div class="name"> --- 1217,1221 ---- } ?> ! <?php if (isset($acl['edit_time'])) {?> <div class="labelfieldpair"> <div class="name"> *************** *** 1158,1162 **** </div> <?php }?> ! <?php if ($acl['view_priority']) { $prioritiesRS = db_recordset("SELECT * FROM tbl_Priorities WHERE (active=1 AND domain=$_SESSION[_domain]) OR id=" . $issue[0]['priority'] . " ORDER BY sortorder"); ?> --- 1230,1234 ---- </div> <?php }?> ! <?php if (isset($acl['view_priority'])) { $prioritiesRS = db_recordset("SELECT * FROM tbl_Priorities WHERE (active=1 AND domain=$_SESSION[_domain]) OR id=" . $issue[0]['priority'] . " ORDER BY sortorder"); ?> *************** *** 1165,1169 **** <label for="priority"><?php echo gettext("Priority");?></label> </div> ! <?php if (count($prioritiesRS) > 1 && $acl['edit_priority']) {?> <div class="field"> <select name="priority" id="priority"> --- 1237,1241 ---- <label for="priority"><?php echo gettext("Priority");?></label> </div> ! <?php if (count($prioritiesRS) > 1 && isset($acl['edit_priority'])) {?> <div class="field"> <select name="priority" id="priority"> *************** *** 1171,1175 **** foreach ($prioritiesRS as $record) { if ($record['id'] == $issue[0]['priority']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print (" <option value=\"${record[id]}\"$checked>". preg_replace('/Ungraded/',gettext('Ungraded'),$record['priority'])."</option>\n"); } --- 1243,1247 ---- foreach ($prioritiesRS as $record) { if ($record['id'] == $issue[0]['priority']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print (" <option value=\"${record['id']}\"$checked>". preg_replace('/Ungraded/',gettext('Ungraded'),$record['priority'])."</option>\n"); } *************** *** 1185,1189 **** </div> <?php }?> ! <?php if ($acl['view_status']) { $statusesRS = db_recordset("SELECT * FROM tbl_Statuses WHERE (active=1 AND domain=$_SESSION[_domain]) OR id=" . $issue[0]['status'] . " ORDER BY sortorder");?> <div class="labelfieldpair"> --- 1257,1261 ---- </div> <?php }?> ! <?php if (isset($acl['view_status'])) { $statusesRS = db_recordset("SELECT * FROM tbl_Statuses WHERE (active=1 AND domain=$_SESSION[_domain]) OR id=" . $issue[0]['status'] . " ORDER BY sortorder");?> <div class="labelfieldpair"> *************** *** 1191,1201 **** <label for="status"><?php echo gettext("Status");?></label> </div> ! <?php if (count($statusesRS) > 1 && $acl['edit_status']) {?> <div class="field"> <select name="status" id="status"> <?php foreach ($statusesRS as $record) { ! if ($record[id] == $issue[0]['status']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print (" <option value=\"${record[id]}\"$checked>${record[status]}</option>\n"); } ?> --- 1263,1273 ---- <label for="status"><?php echo gettext("Status");?></label> </div> ! <?php if (count($statusesRS) > 1 && isset($acl['edit_status'])) {?> <div class="field"> <select name="status" id="status"> <?php foreach ($statusesRS as $record) { ! if ($record['id'] == $issue[0]['status']) { $checked = ' selected="selected"'; } else { $checked = ''; } ! print (" <option value=\"${record['id']}\"$checked>${record['status']}</option>\n"); } ?> *************** *** 1210,1214 **** </div> <?php }?> ! <?php if ($acl['view_level']) { $levelsRS = db_recordset("SELECT * FROM tbl_Levels WHERE (active=1 AND domain=$_SESSION[_domain]) OR id=" . $issue[0]['level'] . " ORDER BY sortorder");?> <div class="labelfieldpair"> --- 1282,1286 ---- </div> <?php }?> ! <?php if (isset($acl['view_level'])) { $levelsRS = db_recordset("SELECT * FROM tbl_Levels WHERE (active=1 AND domain=$_SESSION[_domain]) OR id=" . $issue[0]['level'] . " ORDER BY sortorder");?> <div class="labelfieldpair"> *************** *** 1320,1332 **** } ! if ($acl['edit_style']) {?> <hr class="hide" /> <div class="buttonpanel"> ! <?php if ($acl['edit_issue']) { ?> <input type="button" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" /> ! <?php } if ($acl['reset_issue']) { ?> <input name="reset" type="reset" id="reset4" value="<?php echo gettext("Reset");?>" onclick="document.location='issue.php?id=<?php echo $issue[0]['id'];?>'" /> <?php ! } elseif ($acl['recall_issue']) { ?> <input type="button" value="<?php echo gettext("Recall Issue");?>" onclick="recallSubmit()" /> --- 1392,1404 ---- } ! if (isset($acl['edit_style'])) {?> <hr class="hide" /> <div class="buttonpanel"> ! <?php if (isset($acl['edit_issue'])) { ?> <input type="button" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" /> ! <?php } if (isset($acl['reset_issue'])) { ?> <input name="reset" type="reset" id="reset4" value="<?php echo gettext("Reset");?>" onclick="document.location='issue.php?id=<?php echo $issue[0]['id'];?>'" /> <?php ! } elseif (isset($acl['recall_issue'])) { ?> <input type="button" value="<?php echo gettext("Recall Issue");?>" onclick="recallSubmit()" /> *************** *** 1339,1343 **** <?php }?> </div><!--1--> ! <?php if ($acl['edit_details'] && $num_categories > 0) { ?> <script language="javascript" type="text/javascript"> --- 1411,1415 ---- <?php }?> </div><!--1--> ! <?php if (isset($acl['edit_details']) && $num_categories > 0) { ?> <script language="javascript" type="text/javascript"> *************** *** 1351,1360 **** </script> <?php } ?> ! <?php if ($acl['view_remarks'] || $acl['add_remark'] || $acl['edit_remark']) { if (count($issue) > 0) { // Get all the remarks for this issue $sql = "SELECT tbl_Remarks.*,tbl_Users.name AS reportedbyname FROM tbl_Remarks,tbl_Users WHERE tbl_Remarks.issue=" . $issue[0]['id'] . " AND tbl_Remarks.reportedby=tbl_Users.id"; //if ($usertype == 'Client' || $usertype == 'Site Contact') { ! if (! $acl['show_confidential']) { $sql .= " AND tbl_Remarks.confidential=0"; } --- 1423,1432 ---- </script> <?php } ?> ! <?php if (isset($acl['view_remarks']) || isset($acl['add_remark']) || isset($acl['edit_remark'])) { if (count($issue) > 0) { // Get all the remarks for this issue $sql = "SELECT tbl_Remarks.*,tbl_Users.name AS reportedbyname FROM tbl_Remarks,tbl_Users WHERE tbl_Remarks.issue=" . $issue[0]['id'] . " AND tbl_Remarks.reportedby=tbl_Users.id"; //if ($usertype == 'Client' || $usertype == 'Site Contact') { ! if (!isset($acl['show_confidential'])) { $sql .= " AND tbl_Remarks.confidential=0"; } *************** *** 1365,1369 **** <a name="history" id="history"></a><h1><?php echo gettext("Issue History");?></h1> <h2><?php echo gettext("This issue's history can be found below.")?> ! <?php if ($acl['add_remark']) { ?> <?php echo gettext('Please follow this link to <a href="#addremark">add a remark</a>.');?> <?php } ?> --- 1437,1441 ---- <a name="history" id="history"></a><h1><?php echo gettext("Issue History");?></h1> <h2><?php echo gettext("This issue's history can be found below.")?> ! <?php if (isset($acl['add_remark'])) { ?> <?php echo gettext('Please follow this link to <a href="#addremark">add a remark</a>.');?> <?php } ?> *************** *** 1376,1380 **** ?> <p><?php echo gettext("There are no remarks in this history so far.");?></p> ! <?php } else { if ($acl['edit_remark']) {?> <div class="remarklabelfieldpairtop"> <div class="remarklabelright"> --- 1448,1452 ---- ?> <p><?php echo gettext("There are no remarks in this history so far.");?></p> ! <?php } else { if (isset($acl['edit_remark'])) {?> <div class="remarklabelfieldpairtop"> <div class="remarklabelright"> *************** *** 1430,1439 **** }?> </div> ! <?php if ($acl['edit_remark']) {?> <div class="remarklabelright"> <input type="checkbox" name="selectremark[]" id="selectremark<?php echo $record['id'];?>" value="<?php echo $record['id'];?>" onclick="hideConfidentiality(this,'remark<?php echo $record['id'];?>','#FFFFFF')" /> </div> <?php }?> ! <div class="remark"><?php echo ($record['confidential'] == 1?'<strong>['. gettext("Confidential") .']</strong> ':'');?><?php loc_remarks($rmitems, $record['remark']);?></div> </div> <?php --- 1502,1511 ---- }?> </div> ! <?php if (isset($acl['edit_remark'])) {?> <div class="remarklabelright"> <input type="checkbox" name="selectremark[]" id="selectremark<?php echo $record['id'];?>" value="<?php echo $record['id'];?>" onclick="hideConfidentiality(this,'remark<?php echo $record['id'];?>','#FFFFFF')" /> </div> <?php }?> ! <div class="remark"><?php echo ($record['confidential'] == 1?'<strong>['. gettext("Confidential") .']</strong> ':'');?><?php loc_remarks($rmitems, html_entity_decode($record['remark']));?></div> </div> <?php *************** *** 1445,1449 **** <br /> <!-- <form name="historyform" id="historyform" method="post" action=""> --> ! <?php if ($acl['add_remark']) {?> <div class="labelfieldpair"> <div class="name"><label for="remark"><?php echo gettext("Add Remark");?></label></div> --- 1517,1521 ---- <br /> <!-- <form name="historyform" id="historyform" method="post" action=""> --> ! <?php if (isset($acl['add_remark'])) {?> <div class="labelfieldpair"> <div class="name"><label for="remark"><?php echo gettext("Add Remark");?></label></div> *************** *** 1452,1456 **** </div> </div> ! <?php if ($acl['show_confidential']) {?> <div class="labelfieldpair"> <div class="name"> </div> --- 1524,1528 ---- </div> </div> ! <?php if (isset($acl['show_confidential'])) {?> <div class="labelfieldpair"> <div class="name"> </div> *************** *** 1464,1468 **** <?php }?> <?php }?> ! <?php if ($acl['edit_remark'] || $acl['add_remark']) {?> <div class="buttonpanel"> <input name="submitremark" type="button" id="submitremark" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" /> --- 1536,1540 ---- <?php }?> <?php }?> ! <?php if (isset($acl['edit_remark']) || isset($acl['add_remark'])) {?> <div class="buttonpanel"> <input name="submitremark" type="button" id="submitremark" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" /> |
