-
Notifications
You must be signed in to change notification settings - Fork 6
/
add_note.php
153 lines (144 loc) · 6.01 KB
/
add_note.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
/**
*
* @package add_note.php
* @author John Doe <[email protected]>
* @since 2009-08-10
* @version 2013-01-07
*/
/*
8/10/09 initial release
1/27/10 corrections applied to update field
3/16/10 ceck for empty note
7/12/10 <br. -> '\n'
7/28/10 Added inclusion of startup.inc.php for checking of network status and setting of file name variables to support no-maps versions of scripts.
12/1/10 added get_text(disposition)
3/15/11 changed stylesheet.php to stylesheet.php
1/7/2013 added user ident to inserted string, strip_tags as XSS prevention
*/
error_reporting(E_ALL);
@session_start();
require_once './incs/functions.inc.php'; //7/28/10
if ($istest) {
// dump(basename(__FILE__));
print "GET<br />\n";
dump($_GET);
print "POST<br />\n";
dump($_POST);
}
$disposition = get_text("Disposition"); // 12/1/10
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE><?php print gettext('Add Note to Existing Incident');?></TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Cache-Control" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Pragma" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Content-Script-Type" CONTENT="text/javascript">
<META HTTP-EQUIV="Script-date" CONTENT="<?php print date("n/j/y G:i", filemtime(basename(__FILE__)));?>"> <!-- 7/7/09 -->
<LINK REL=StyleSheet HREF="stylesheet.php?version=<?php print time();?>" TYPE="text/css"> <!-- 3/15/11 -->
<SCRIPT>
/**
*
* @returns {unresolved}
*/
String.prototype.trim = function () { // 3/16/10
return this.replace(/^\s*(\S*(\s+\S+)*)\s*$/, "$1");
};
/**
*
* @returns {Boolean}
*/
function validate() {
if (document.frm_note.frm_text.value.trim().length==0) {
alert("<?php print gettext('Enter text - or Cancel');?>");
return false;
}
else {
document.frm_note.submit();
}
}
</SCRIPT>
</HEAD>
<?php
if (empty($_POST)) {
?>
<BODY onLoad = "document.frm_note.frm_text.focus();">
<CENTER>
<H4><?php print gettext('Enter note text');?></H4>
<FORM NAME='frm_note' METHOD='post' ACTION = '<?php print basename(__FILE__);?>'>
<TEXTAREA NAME='frm_text' COLS=60 ROWS = 3></TEXTAREA>
<BR />
<SCRIPT>
/**
*
* @param {type} inval
* @returns {undefined}
*/
function set_signal(inval) {
var temp_ary = inval.split("|", 2); // inserted separator
document.frm_note.frm_text.value+=" " + temp_ary[1] + ' ';
document.frm_note.frm_text.focus();
} // end function set_signal()
</SCRIPT>
Signal »
<SELECT NAME='signals' onChange = 'set_signal(this.options[this.selectedIndex].text); this.options[0].selected=true;'> <!-- 11/17/10 -->
<OPTION VALUE=0 SELECTED><?php print gettext('Select');?></OPTION>
<?php
$query = "SELECT * FROM `$GLOBALS[mysql_prefix]codes` ORDER BY `sort` ASC, `code` ASC";
$result = mysql_query($query) or do_error($query, 'mysql query failed', mysql_error(),basename( __FILE__), __LINE__);
while ($row_sig = stripslashes_deep(mysql_fetch_assoc($result))) {
print "\t<OPTION VALUE='{$row_sig['code']}'>{$row_sig['code']}|{$row_sig['text']}</OPTION>\n"; // pipe separator
}
?>
</SELECT><BR /><BR />
<B><?php print gettext('Apply to');?></B> :
<?php print gettext('Description');?> » <INPUT TYPE = 'radio' NAME='frm_add_to' value='0' CHECKED />
<?php print $disposition;?> » <INPUT TYPE = 'radio' NAME='frm_add_to' value='1' /><BR /><BR />
<INPUT TYPE = 'button' VALUE = '<?php print gettext('Cancel');?>' onClick = 'window.close();' />
<INPUT TYPE = 'button' VALUE = '<?php print gettext('Reset');?>' onClick = 'this.form.reset();' />
<INPUT TYPE = 'button' VALUE = '<?php print gettext('Next');?>' onClick = 'validate();' />
<!-- <INPUT TYPE = 'button' VALUE = '<?php print gettext('Next');?>' onClick = 'this.form.submit();' /> -->
<INPUT TYPE = 'hidden' NAME = 'frm_ticket_id' VALUE='<?php print $_GET['ticket_id']; ?>' />
</FORM>
<?php
} // end if (empty($_POST))
else {
$field_name = array('description', 'comments');
$frm_ticket_id=(int)$_POST['frm_ticket_id']; // 4/4/14
$query = "SELECT * FROM `$GLOBALS[mysql_prefix]ticket` WHERE `id` = {$frm_ticket_id} LIMIT 1"; // 4/4/14
// $query = "SELECT * FROM `$GLOBALS[mysql_prefix]ticket` WHERE `id` = {$_POST['frm_ticket_id']} LIMIT 1";
$result = mysql_query($query) or do_error($query, 'mysql query failed', mysql_error(), basename( __FILE__), __LINE__);
$row = stripslashes_deep(mysql_fetch_assoc($result));
$now = (time() - (get_variable('delta_mins')*60));
$format = get_variable('date_format');
$the_date = date($format, $now);
$the_in_str = ($_POST['frm_add_to']=="0")? $row['description'] : $row['comments'] ;
@session_start();
$the_text = "{$the_in_str} [{$_SESSION['user']}:{$the_date}]" . strip_tags(trim($_POST['frm_text'])) . "\n"; // 1/7/2013
$query = "UPDATE `$GLOBALS[mysql_prefix]ticket` SET `{$field_name[$_POST['frm_add_to']]}`= " . quote_smart($the_text) . " WHERE `id` = " . quote_smart($_POST['frm_ticket_id']) ." LIMIT 1";
$result = mysql_query($query) or do_error($query, 'mysql query failed', mysql_error(), __FILE__, __LINE__);
// dump ($query);
$quick = (intval(get_variable('quick'))==1); // 12/16/09
if ($quick) {
?>
<BODY onLoad = "opener.location.reload(true); opener.parent.frames['upper'].show_msg ('Note added!'); window.close();">
</BODY></HTML>
<?php
} // end if ($quick)
else {
?>
<BODY onLoad = "opener.location.reload(true);"><CENTER>
<BR /><BR />
<H3><?php print gettext('Note added to Incident');?> '<?php print $row['scope'];?>'</H3><BR /><BR />
<INPUT TYPE = 'button' VALUE = '<?php print gettext('Finished');?>' onClick = 'window.close();'/>
</CENTER>
</BODY>
</HTML>
<?php
unset($result);
} // end if/else (quick)
} // end if/else (empty())
?>