Merge branch 'master' of github.com:freescout-helpdesk/freescout into dist

freescout-help-desk · freescout-help-desk · commit 694a89b7572a · 2025-12-05T21:51:10.000-08:00
diff --git a/app/Console/Commands/FetchEmails.php b/app/Console/Commands/FetchEmails.php
@@ -1232,8 +1232,9 @@ public function saveUserThread($mailbox, $message_id, $prev_thread, $user, $from
 
         // Respect mailbox settings for "Status After Replying
         $prev_status = $conversation->status;
-        $conversation->status = ($mailbox->ticket_status == Mailbox::TICKET_STATUS_KEEP_CURRENT ? $conversation->status : $mailbox->ticket_status);
-        if ($conversation->status != $mailbox->ticket_status) {
+        $new_status = ($mailbox->ticket_status == Mailbox::TICKET_STATUS_KEEP_CURRENT ? $conversation->status : $mailbox->ticket_status);
+        if ($new_status != $prev_status) {
+            $conversation->setStatus($new_status, $user, $update_folder = false);
             \Eventy::action('conversation.status_changed', $conversation, $user, true, $prev_status);
         }
         $conversation->last_reply_at = $now;
diff --git a/app/Conversation.php b/app/Conversation.php
@@ -390,12 +390,17 @@ public function getReplies()
      *
      * @return Collection
      */
-    public function getThreads($skip = null, $take = null, $types = [])
+    public function getThreads($skip = null, $take = null, $types = [], $states = [Thread::STATE_PUBLISHED])
     {
         $query = $this->threads()
-            ->where('state', Thread::STATE_PUBLISHED)
             ->orderBy('created_at', 'desc');
 
+        if (count($states) == 1 && !empty($states[0])) {
+            $query->where('state', $states[0]);
+        } else {
+            $query->whereIn('state', $states);
+        }
+
         if (!is_null($skip)) {
             $query->skip($skip);
         }
@@ -622,12 +627,14 @@ public function getStatus()
      *
      * @param int $status
      */
-    public function setStatus($status, $user = null)
+    public function setStatus($status, $user = null, $update_folder = true)
     {
         $now = date('Y-m-d H:i:s');
 
         $this->status = $status;
-        $this->updateFolder();
+        if ($update_folder) {
+            $this->updateFolder();
+        }
         $this->user_updated_at = $now;
 
         if ($user && $status == self::STATUS_CLOSED) {
diff --git a/app/Http/Controllers/MailboxesController.php b/app/Http/Controllers/MailboxesController.php
@@ -967,10 +967,10 @@ public function oauth(Request $request)
             return __('Mailbox not found').': '.$mailbox_id;
         }
         if ($in_out == 'in') {
-            $username = $mailbox->in_username;
+            $username = $mailbox->getInOauthClientId();
             $password = $mailbox->in_password;
         } else {
-            $username = $mailbox->out_username;
+            $username = $mailbox->getOutOauthClientId();
             $password = $mailbox->out_password;
         }
         if (empty($username)) {
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
@@ -304,7 +304,7 @@ public function permissions($id)
             abort(404);
         }
 
-        $mailboxes = Mailbox::all();
+        $mailboxes = Mailbox::all()->sortBy('name');
 
         $users = $this->getUsersForSidebar($id);
 
diff --git a/app/Mailbox.php b/app/Mailbox.php
@@ -980,16 +980,50 @@ public function oauthGetParam($param)
     public function inOauthEnabled()
     {
         return $this->oauthEnabled() 
-            && $this->in_username !== null && !strstr($this->in_username, '@');
+            && $this->in_username !== null 
+            && $this->isInUsernameOauth();
     }
 
     public function outOauthEnabled()
     {
         return $this->oauthEnabled() 
-            && $this->out_username !== null && !strstr($this->out_username, '@')
+            && $this->out_username !== null
+            && $this->isOutUsernameOauth()
             && $this->out_server !== null && trim($this->out_server) == \MailHelper::OAUTH_MICROSOFT_SMTP;
     }
 
+    // For oAuth Username may have the following format:
+    // test@example.org:123-456-789
+    public function getInOauthUsername()
+    {
+        return preg_replace("#:.*#", '', $this->in_username ?? '');
+    }
+
+    public function getInOauthClientId()
+    {
+        return preg_replace("#.*:#", '', $this->in_username ?? '');
+    }
+
+    public function getOutOauthUsername()
+    {
+        return preg_replace("#:.*#", '', $this->out_username ?? '');
+    }
+
+    public function getOutOauthClientId()
+    {
+        return preg_replace("#.*:#", '', $this->out_username ?? '');
+    }
+
+    public function isInUsernameOauth()
+    {
+        return (!strstr($this->in_username, '@') || preg_match("#.*@.*:.*#", $this->in_username));
+    }
+
+    public function isOutUsernameOauth()
+    {
+        return (!strstr($this->out_username, '@') || preg_match("#.*@.*:.*#", $this->out_username));
+    }
+
     public function setEmailAttribute($value)
     {
         if ($value) {
diff --git a/app/Misc/Helper.php b/app/Misc/Helper.php
@@ -1802,7 +1802,7 @@ public static function getRemoteFileContents($url, $follow_redirects = true)
         }
     }
 
-    public static function sanitizeRemoteUrl($url)
+    public static function sanitizeRemoteUrl($url, $throw_exception = false)
     {
         $parts = parse_url($url ?? '');
 
@@ -1815,6 +1815,11 @@ public static function sanitizeRemoteUrl($url)
         if (empty($parts['host'])) {
             return '';
         }
+
+        $host_white_list_str = str_replace(' ', '', mb_strtolower(config('app.remote_host_white_list')));
+        $host_white_list = explode(',', $host_white_list_str);
+
+        // Sanitize host name.
         $parts['host'] = mb_strtolower($parts['host']);
         $hostname = gethostname();
         $host_ip = gethostbyname($hostname);
@@ -1830,13 +1835,24 @@ public static function sanitizeRemoteUrl($url)
             $_SERVER['LOCAL_ADDR'] ?? ''
         ];
 
-        if (in_array($parts['host'], $restricted_hosts)) {
-            return '';
+        if (in_array($parts['host'], $restricted_hosts) && !in_array($parts['host'], $host_white_list)) {
+            if ($throw_exception) {
+                throw new \Exception(__('Domain or IP address is not allowed: :%host%. Whitelist it via APP_REMOTE_HOST_WHITE_LIST .env parameter.', ['%host%' => $parts['host']]), 1);
+            } else {
+                return '';
+            }
         }
 
+        // Sanitize host IP address.
         $remote_host_ip = gethostbyname($parts['host']);
-        if (in_array($remote_host_ip, ['0.0.0.0', '127.0.0.1', $host_ip, $_SERVER['SERVER_ADDR'] ?? '', $_SERVER['LOCAL_ADDR'] ?? ''])) {
-            return '';
+        if (in_array($remote_host_ip, ['0.0.0.0', '127.0.0.1', $host_ip, $_SERVER['SERVER_ADDR'] ?? '', $_SERVER['LOCAL_ADDR'] ?? ''])
+            && !in_array($remote_host_ip, $host_white_list)
+        ) {
+            if ($throw_exception) {
+                throw new \Exception(__('Domain or IP address is not allowed: :%host%. Whitelist it via APP_REMOTE_HOST_WHITE_LIST .env parameter.', ['%host%' => $remote_host_ip]), 1);
+            } else {
+                return '';
+            }
         }
 
         return $url;
diff --git a/app/Misc/Mail.php b/app/Misc/Mail.php
@@ -151,7 +151,7 @@ public static function setMailDriver($mailbox = null, $user_from = null, $conver
                 if ((strtotime($mailbox->oauthGetParam('issued_on')) + (int)$mailbox->oauthGetParam('expires_in')) < time()) {
                     // Try to get an access token (using the authorization code grant)
                     $token_data = \MailHelper::oauthGetAccessToken(\MailHelper::OAUTH_PROVIDER_MICROSOFT, [
-                        'client_id' => $mailbox->out_username,
+                        'client_id' => $mailbox->getOutOauthClientId(),
                         'client_secret' => $mailbox->out_password,
                         'refresh_token' => $mailbox->oauthGetParam('r_token'),
                     ]);
@@ -179,7 +179,7 @@ public static function setMailDriver($mailbox = null, $user_from = null, $conver
                 \Config::set('mail.port', $mailbox->out_port);
                 if ($oauth) {
                     \Config::set('mail.auth_mode', 'XOAUTH2');
-                    \Config::set('mail.username', $mailbox->email);
+                    \Config::set('mail.username', $mailbox->getOutOauthUsername());
                     \Config::set('mail.password', $mailbox->oauthGetParam('a_token'));
                 } else {
                     \Config::set('mail.auth_mode', '');
@@ -790,7 +790,7 @@ public static function getMailboxClient($mailbox)
                 'port'          => $mailbox->in_port,
                 'encryption'    => $mailbox->getInEncryptionName(),
                 'validate_cert' => $mailbox->in_validate_cert,
-                'username'      => $mailbox->email,
+                'username'      => $mailbox->getInOauthUsername(),
                 'password'      => $mailbox->oauthGetParam('a_token'),
                 'protocol'      => $mailbox->getInProtocolName(),
                 'authentication' => 'oauth',
diff --git a/config/app.php b/config/app.php
@@ -18,7 +18,7 @@
     | or any other location as required by the application or its packages.
     */
 
-    'version' => '1.8.197',
+    'version' => '1.8.198',
 
     /*
     |--------------------------------------------------------------------------
@@ -521,6 +521,15 @@
     */
     'alternative_reply_separation'    => env('APP_ALTERNATIVE_REPLY_SEPARATION', false),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Comma separated list of white listed hosts.
+    | If some input containing URL becomes blank after saving it - add its host or IP here.
+    | Example: example.org,test.example.org,192.168.1.97
+    |-------------------------------------------------------------------------
+    */
+    'remote_host_white_list'    => env('APP_REMOTE_HOST_WHITE_LIST', ''),
+
     /*
     |--------------------------------------------------------------------------
     | Autoloaded Service Providers
diff --git a/overrides/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php b/overrides/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php
@@ -449,7 +449,7 @@ protected function throwException(Swift_TransportException $e)
             } else {
                 list($last_command) = explode(' ', $last_command);
             }
-            $e = new $exception_type('Swift_Transport_AbstractSmtpTransport::'.$caller_function.'(); '.($last_command ? 'Last Command: '.$last_command.'; ' : '').$e->getMessage());
+            $e = new $exception_type($caller_function.'(); '.($last_command ? 'Last Command: '.$last_command.'; ' : '').$e->getMessage());
         }
 
         if ($evt = $this->eventDispatcher->createTransportExceptionEvent($this, $e)) {
diff --git a/resources/views/mailboxes/connection.blade.php b/resources/views/mailboxes/connection.blade.php
@@ -105,7 +105,7 @@
                                 <p class="form-help">
                                     <small @if ($mailbox->oauthGetParam('provider') == \MailHelper::OAUTH_PROVIDER_MICROSOFT && $out_oauth_enabled) class="text-success" @endif>Microsoft Exchange</small> 
                                     @if (!$mailbox->oauthEnabled())
-                                        @if ($mailbox->out_username && $mailbox->out_password && !strstr($mailbox->out_username, '@'))
+                                        @if ($mailbox->out_username && $mailbox->out_password && $mailbox->isOutUsernameOauth())
                                              – <a href="{{ route('mailboxes.oauth', ['id' => $mailbox->id, 'provider' => \MailHelper::OAUTH_PROVIDER_MICROSOFT, 'in_out' => 'out']) }}" target="_blank">{{ __('Connect') }}</a>
                                         @endif
                                     @elseif ($mailbox->oauthGetParam('provider') == \MailHelper::OAUTH_PROVIDER_MICROSOFT && $out_oauth_enabled)
diff --git a/resources/views/mailboxes/connection_incoming.blade.php b/resources/views/mailboxes/connection_incoming.blade.php
@@ -110,7 +110,7 @@
                                 <p class="form-help">
                                     <small @if ($mailbox->oauthGetParam('provider') == \MailHelper::OAUTH_PROVIDER_MICROSOFT) class="text-success" @endif>Microsoft Exchange</small> 
                                     @if (!$mailbox->oauthEnabled())
-                                        @if ($mailbox->in_username && $mailbox->in_password && !strstr($mailbox->in_username, '@'))
+                                        @if ($mailbox->in_username && $mailbox->in_password && $mailbox->isInUsernameOauth())
                                              – <a href="{{ route('mailboxes.oauth', ['id' => $mailbox->id, 'provider' => \MailHelper::OAUTH_PROVIDER_MICROSOFT, 'in_out' => 'in']) }}" target="_blank">{{ __('Connect') }}</a>
                                         @endif
                                     @elseif ($mailbox->oauthGetParam('provider') == \MailHelper::OAUTH_PROVIDER_MICROSOFT && $in_oauth_enabled)
diff --git a/resources/views/system/status.blade.php b/resources/views/system/status.blade.php
@@ -115,7 +115,7 @@
         <tbody>
             @foreach ($php_extensions as $extension_name => $extension_status)
                 <tr>
-                    <th>{{ $extension_name }}@if ($extension_name == 'intl' && !$extension_status) {{ __('(optional)') }}@endif</th>
+                    <th>{{ $extension_name }}@if (!$extension_status && in_array(strtolower($extension_name), ['intl', 'imap'])) {{ __('(optional)') }}@endif</th>
                     <td class="table-main-col">
                         @if ($extension_status)
                             <strong class="text-success">OK</strong>
diff --git a/tools/install.sh b/tools/install.sh
@@ -42,7 +42,7 @@ if [ -z "$domain_name" ]; then
     exit;
 fi
 
-mysql_pass=`date +%s | sha256sum | base64 | head -c 9 ; echo`
+mysql_pass=`(date +%s; head -c 10 /dev/urandom;)  | sha256sum | base64 | head -c 9 ; echo`
 
 is_debian=`cat /etc/issue | grep -E ^Debian | wc -l`
 

Original file line number	Diff line number	Diff line change
`@@ -967,10 +967,10 @@ public function oauth(Request $request)`
`967`	`967`	`return __('Mailbox not found').': '.$mailbox_id;`
`968`	`968`	`}`
`969`	`969`	`if ($in_out == 'in') {`
`970`		`- $username = $mailbox->in_username;`
	`970`	`+ $username = $mailbox->getInOauthClientId();`
`971`	`971`	`$password = $mailbox->in_password;`
`972`	`972`	`} else {`
`973`		`- $username = $mailbox->out_username;`
	`973`	`+ $username = $mailbox->getOutOauthClientId();`
`974`	`974`	`$password = $mailbox->out_password;`
`975`	`975`	`}`
`976`	`976`	`if (empty($username)) {`
Original file line number	Diff line number	Diff line change
`@@ -304,7 +304,7 @@ public function permissions($id)`
`304`	`304`	`abort(404);`
`305`	`305`	`}`
`306`	`306`
`307`		`- $mailboxes = Mailbox::all();`
	`307`	`+ $mailboxes = Mailbox::all()->sortBy('name');`
`308`	`308`
`309`	`309`	`$users = $this->getUsersForSidebar($id);`
`310`	`310`
Original file line number	Diff line number	Diff line change
`@@ -449,7 +449,7 @@ protected function throwException(Swift_TransportException $e)`
`449`	`449`	`} else {`
`450`	`450`	`list($last_command) = explode(' ', $last_command);`
`451`	`451`	`}`
`452`		`- $e = new $exception_type('Swift_Transport_AbstractSmtpTransport::'.$caller_function.'(); '.($last_command ? 'Last Command: '.$last_command.'; ' : '').$e->getMessage());`
	`452`	`+ $e = new $exception_type($caller_function.'(); '.($last_command ? 'Last Command: '.$last_command.'; ' : '').$e->getMessage());`
`453`	`453`	`}`
`454`	`454`
`455`	`455`	`if ($evt = $this->eventDispatcher->createTransportExceptionEvent($this, $e)) {`