-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathadd_note.php
More file actions
173 lines (166 loc) · 8.17 KB
/
add_note.php
File metadata and controls
173 lines (166 loc) · 8.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<?php
/*
8/10/09 initial release
1/27/10 corrections applied to update field
3/16/10 ceck for empty note
7/12/10 <br. -> '\n'
7/28/10 Added inclusion of startup.inc.php for checking of network status and setting of file name variables to support no-maps versions of scripts.
12/1/10 added get_text(disposition)
3/15/11 changed stylesheet.php to stylesheet.php
1/7/2013 added user ident to inserted string, strip_tags as XSS prevention
*/
error_reporting(E_ALL);
@session_start();
session_write_close();
require_once './incs/functions.inc.php'; //7/28/10
if($istest) {
// dump(basename(__FILE__));
print "GET<br />\n";
dump($_GET);
print "POST<br />\n";
dump($_POST);
}
$disposition = get_text("Disposition"); // 12/1/10
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Add Note to Existing Incident</TITLE>
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Cache-Control" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Pragma" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Content-Script-Type" CONTENT="application/x-javascript">
<META HTTP-EQUIV="Script-date" CONTENT="<?php print date("n/j/y G:i", filemtime(basename(__FILE__)));?>">
<LINK REL=StyleSheet HREF="stylesheet.php?version=<?php print time();?>" TYPE="text/css">
<SCRIPT TYPE="application/x-javascript" SRC="./js/jss.js"></SCRIPT>
<SCRIPT TYPE="application/x-javascript" SRC="./js/misc_function.js"></SCRIPT>
<SCRIPT>
var viewportwidth;
var viewportheight;
var outerwidth;
var outerheight;
var colwidth;
var colheight;
String.prototype.trim = function () { // 3/16/10
return this.replace(/^\s*(\S*(\s+\S+)*)\s*$/, "$1");
};
function validate () {
if(document.frm_note.frm_text.value.trim().length==0) {
alert("Enter text - or Cancel");
return false;
}
else {
document.frm_note.submit();
}
}
</SCRIPT>
</HEAD>
<?php
if (empty($_POST)) {
$heading = "Add Note";
?>
<BODY onLoad = "document.frm_note.frm_text.focus();">
<DIV ID='outer'>
<DIV id='button_bar' class='but_container'>
<SPAN CLASS='heading' STYLE='text-align: center; display: inline; font-size: 1.5em;'><?php echo $heading;?>
<SPAN ID='can_but' class='plain text' style='float: right; width: 100px;' onMouseover='do_hover(this.id);' onMouseout='do_plain(this.id);' onClick='window.close();'><SPAN STYLE='float: left;'><?php print get_text("Cancel");?></SPAN><IMG STYLE='float: right;' SRC='./images/cancel_small.png' BORDER=0></SPAN>
<SPAN ID='reset_but' class='plain text' style='float: right; width: 100px;' onMouseover='do_hover(this.id);' onMouseout='do_plain(this.id);' onClick='document.frm_note.reset();'><SPAN STYLE='float: left;'><?php print get_text("Reset");?></SPAN><IMG STYLE='float: right;' SRC='./images/restore_small.png' BORDER=0></SPAN>
<SPAN ID='sub_but' class='plain text' style='float: right; width: 100px;' onMouseover='do_hover(this.id);' onMouseout='do_plain(this.id);' onClick='validate();'><SPAN STYLE='float: left;'><?php print get_text("Next");?></SPAN><IMG STYLE='float: right;' SRC='./images/submit_small.png' BORDER=0></SPAN>
</DIV>
<DIV ID='inner' STYLE="position: relative; top: 70px;">
<CENTER>
<SPAN CLASS='text text_large text_bold text_center' style='width: 100%; display: block;'>Enter note text</SPAN><BR />
<FORM NAME='frm_note' METHOD='post' ACTION = '<?php print basename(__FILE__);?>'>
<TEXTAREA NAME='frm_text' COLS=60 ROWS = 3></TEXTAREA>
<BR />
<BR />
<SCRIPT>
function set_signal(inval) {
var temp_ary = inval.split("|", 2); // inserted separator
document.frm_note.frm_text.value+=" " + temp_ary[1] + ' ';
document.frm_note.frm_text.focus();
} // end function set_signal()
</SCRIPT>
Signal »
<SELECT NAME='signals' onChange = 'set_signal(this.options[this.selectedIndex].text); this.options[0].selected=true;'> <!-- 11/17/10 -->
<OPTION VALUE=0 SELECTED>Select</OPTION>
<?php
$query = "SELECT * FROM `{$GLOBALS['mysql_prefix']}codes` ORDER BY `sort` ASC, `code` ASC";
$result = db_query($query);
while ($row_sig = stripslashes_deep($result->fetch_assoc())) {
print "\t<OPTION VALUE='{$row_sig['code']}'>{$row_sig['code']}|{$row_sig['text']}</OPTION>\n"; // pipe separator
}
?>
</SELECT>
<B>Apply to</B> :
Description » <INPUT TYPE = 'radio' NAME='frm_add_to' value='0' CHECKED />
<?php print $disposition;?> » <INPUT TYPE = 'radio' NAME='frm_add_to' value='1' />
<INPUT TYPE = 'hidden' NAME = 'frm_ticket_id' VALUE='<?php print htmlspecialchars($_GET['ticket_id'], ENT_QUOTES, 'UTF-8'); ?>' />
</FORM>
</DIV>
</DIV>
<?php
} else {
$field_name = array('description', 'comments');
$frm_ticket_id = sanitize_int($_POST['frm_ticket_id']); // 4/4/14
$query = "SELECT * FROM `{$GLOBALS['mysql_prefix']}ticket` WHERE `id` = ? LIMIT 1"; // 4/4/14
$result = db_query($query, [$frm_ticket_id]);
$row = $result ? stripslashes_deep($result->fetch_assoc()) : null;
$now = (time() - (get_variable('delta_mins')*60));
$format = get_variable('date_format');
$the_date = date($format, $now);
$the_in_str = ($_POST['frm_add_to']=="0")? $row['description'] : $row['comments'] ;
@session_start();
session_write_close();
$the_text = "{$the_in_str} [{$_SESSION['user']}:{$the_date}]" . strip_tags(trim($_POST['frm_text'])) . "\n"; // 1/7/2013
$safe_field = $field_name[sanitize_int($_POST['frm_add_to'])];
$query = "UPDATE `{$GLOBALS['mysql_prefix']}ticket` SET `{$safe_field}`= ? WHERE `id` = ? LIMIT 1";
$result = db_query($query, [$the_text, $frm_ticket_id]);
$quick = (intval(get_variable('quick'))==1); // 12/16/09
if ($quick) {
?>
<BODY onLoad = "opener.location.reload(true); opener.parent.frames['upper'].show_msg ('Note added!'); window.close();">
<?php
} else { // end if ($quick)
?>
<BODY onLoad = "opener.location.reload(true);">
<CENTER>
<BR />
<BR />
<H3>Note added to Incident '<?php print $row['scope'];?>'</H3>
<BR />
<BR />
<SPAN id='fin_but' CLASS='plain text' style='float: none; width: 100px; display: inline-block;' onMouseover='do_hover(this.id);' onMouseout='do_plain(this.id);' onClick="window.close();"><SPAN STYLE='float: left;'><?php print get_text("Finished");?></SPAN><IMG STYLE='float: right;' SRC='./images/finished_small.png' BORDER=0></SPAN>
</CENTER>
<?php
unset($result);
} // end if/else (quick)
} // end if/else (empty())
?>
<SCRIPT>
if (typeof window.innerWidth != 'undefined') {
viewportwidth = window.innerWidth,
viewportheight = window.innerHeight
} else if (typeof document.documentElement != 'undefined' && typeof document.documentElement.clientWidth != 'undefined' && document.documentElement.clientWidth != 0) {
viewportwidth = document.documentElement.clientWidth,
viewportheight = document.documentElement.clientHeight
} else {
viewportwidth = document.getElementsByTagName('body')[0].clientWidth,
viewportheight = document.getElementsByTagName('body')[0].clientHeight
}
set_fontsizes(viewportwidth, "popup");
outerwidth = viewportwidth * .95;
outerheight = viewportheight * .45;
colwidth = outerwidth;
colheight = outerheight;
if($('outer')) {$('outer').style.width = outerwidth + "px";}
if($('outer')) {$('outer').style.height = outerheight + "px";}
if($('inner')) {$('inner').style.width = colwidth + "px";}
if($('inner')) {$('inner').style.height = colheight + "px";}
</SCRIPT>
</BODY>
</HTML>