Commit Graph

9 Commits

Author SHA1 Message Date
Ross Poulton
738a88a5aa * Fix an XSS hole: No user-sourced HTML is displayed at all. Descriptions, resolutions and followup comments are treated as text using force_escape and linebreaksbr template filters. (Issue #39)
* Incoming email also handled slightly differently: If an email has both HTML and Plain-text parts, the plain text is used in the ticket description and/or followup comment fields. The HTML portion is attached as 'email_html_body.html' so it can be viewed by the user. If an HTML-only email is received, the body is entered as "View attachment for body". (Issue #39)
2009-01-19 09:40:14 +00:00
Ross Poulton
e05bd28f8b * Remove excess slash in media urls. Note thta MEDIA_URL now needs to
finish in a slash.
2008-10-28 10:29:47 +00:00
Ross Poulton
ef25b571db Fixes #10: BUG Script URL's hard-coded to http://media.jutda.com.au; now
uses MEDIA_URL. Thanks to David Clymer.
2008-08-18 21:37:48 +00:00
Ross Poulton
cea6394b70 Big bugfix release - addresses a number of issues introduced in recent Django
updates, and other bugs in the codebase. Many thanks to David Clymer and
Chris Etcp for reporting these bugs and then providing fixes.

Tickets closed:

#3: BUG E-Mail Script Incompatible with Python 2.5
#4: BUG Failure on empty attachments
#5: ENHANCEMENT Run scripts as command extensions [Backwards Compatible]
#7: BUG Cannot view tickets when not logged in
#8: BUG Overly broad error handling

Note that #5 is backwards-incompatible, as you need to change any CRON or 
scheduler entries for the 'get_email.py', 'escalate_tickets.py' or 
'create_escalation_exclusions.py' scripts. See the README file for the new 
commands.
2008-08-18 21:29:31 +00:00
Ross Poulton
dfb821336e * Added i18n hooks, eg _() and {% trans %} tags around all helpdesk-generated
text to assist with future translation efforts. I've no doubt missed a few.
  Also we don't have a "Change Language" view in here, unsure if this should
  be a helpdesk function or a function of the parent project.
* Updated svn:ignore to ignore .pyc files
* Added new function to replace cursor.dictfetchall() which is available in
  psycopg1 but not psycopg2. New function should work across other database
  systems, but is untested.
2008-05-07 09:04:18 +00:00
Ross Poulton
041272ce1b * Added ability for tickets to be placed on hold 2008-01-20 23:31:27 +00:00
Ross Poulton
9c2fd9e87b * Minor on-hold improvements 2008-01-16 05:00:58 +00:00
Ross Poulton
eff97073fb * Remove dependency on markdown
* Use nicEditor in 'create ticket' screens to allow HTML entry.
2008-01-16 03:23:43 +00:00
Ross Poulton
2e2176547d * Added logout link/template
* Added ability for public to submit a ticket via the web if they aren't logged in
* Added ability for public to view ticket via web using ticket ID & e-mail address
* Added public ticket URL to e-mails
* Added manager to FollowUp class to
2008-01-16 00:26:24 +00:00