PHPJunkyard support forum

Hi,

It's a little bug in the script, will fix that in the next version, probably this weekend.

Regards

I am getting the same problems as Crenim

When I try to use admin, it says my session has been expired... Yes my sessions are working fine, I did the test. My sessions work fine with all the other scripts I have on my website. But this one tends to not. Any suggestions?

Hello Matt,

What is the URL of your Hesk?

Oh and please post it in a new topic, this one is reserved for reporting bugs and misspelling.

Regards

Klemen,

First... LOVE the helpdesk software. I looked at 10 or 15 packages via Fantastico and Sourceforge. Yours was the only one that offered a combination of functionality and simplicity I liked.

One problem, though. I found it through HotScripts and the most recent review on HotScripts says it's vulnerable to the MySQL Injection exploit.

I haven't dug through the code and examined your query compositions yet, so I haven't confirmed this. But since the site that will use it isn't going live for a couple of weeks yet, I figured I'd leave a post for you to see what you had to say about it before I started digging as I have many other scripts to write if I'm going to have my site live anytime soon.

BTW, if you would like to add Google Adsense after the first post on a page (you can, and it's been proven more effective when they're integrated within the page content), AskDaveTaylor.com is running my hack for that.


Thanks,

Greg

Hello Greg,

Thanks for the kudos. I am aware of that review and I even posted a reply to that review, now waiting for HotScripts to approve and publish it (don't know how long it will take, reviews usually take about 2 weeks to appear).

In my opinion Hesk is NOT vulnerable to SQL injections. If you examine the code you will see that any variable used inside the SQL statements is:

1. defined inside the code, so even if register_globals is on you can't use script.php?var=some+ugly+code because that variable is re-defined within the code.

- OR -

2. those variables that come from outside (forms, query string) and are used in SQL are screened by hesk_input() function which makes sure that HTML special chars (< > & ") are translated to their html-equivalent (< > etc) and that any quotes are escaped with slashes (even if magic_quotes is off in php.ini).

Where numbers are used in SQL (for example: do this WHERE `id`=$id ...) hesk makes sure that $id is made only out of digits (0-9) with hesk_isNumber() function. If you tried to pass any other code there you would either get an error or the hesk_isNumber function would return the value 0 before the variable is used anywhere.


In my opinion if you tried to make SQL injections with Hesk you could not do harm, the script would simply throw an error (either invalid input or invalid SQL code) and stop executing. Of course I may be wrong, but I am willing to discuss any potential security problems about Hesk or any other script I wrote.

The "funny" thing about that review is the author posted it without even consulting or mentioning anything about any vulnerability to me. I know if I had the feeling that a script has security problems I would talk to the programmer/owner first notifying him. Must be some scared concurrence

Thanks for the AdSense tip! Will probably do this sometime soon.

Regards

I see earlier where Cremin posted about the issue via admin saying session had expired? I am having the same issue. My cookie are allowed because demo works, and the session test fiel returns True. It doesn't make any sense. How can I fix this? Cremin did you fix it and how?

Looking at the Helpdesk Admin example page I notice a small cosmetic error.

Opening a Topic at random there is the caption "Printer firendly version".
I'm sure that should be "Printer friendly version".

I'm assuming you use the same files for the emo as the downloadable ones, but if it was already fixed please disregard this comment.

Hi,

No, the Demo is not exactly the same files and the download version has this corrected. Thanks anyway!

Regards

Hello,

First of all, great script!

I just have a question about the print_ticket.php page. When I click on "Printer Friendly Page" a page is generated and it works fine. However in my error log I get these errors:

[Fri Mar 24 14:18:15 2006] [error] PHP Notice: Undefined index: category in /hesk/inc/print_tickets.inc.php on line 46
[Fri Mar 24 14:18:15 2006] [error] PHP Notice: Undefined index: limit in /hesk/inc/print_tickets.inc.php on line 51
[Fri Mar 24 14:18:15 2006] [error] PHP Notice: Undefined index: page in /hesk/inc/print_tickets.inc.php on line 52
[Fri Mar 24 14:18:16 2006] [error] PHP Notice: Undefined index: sort in /hesk/inc/print_tickets.inc.php on line 54

Is this a problem? What can I do to fix this?

It's just a PHP notice not an actual error and has to do with some arrays not being set, but that shouldn't be a problem and is normal.

Noticed typo @ line 119/admin.php - 'contact_webmsater', should it be 'contact_webmaster'?

_jimf_

Hi,

Good noticing, but I made the same typo in the language file and used it also other times these words are printed out that it works perfectly

Line 28: $hesklang['no_trackID']='No tacking ID';

should say No tracking ID, not tacking ID

C, c, c... you should have noticed that in Beta testing

Just kidding, thanks for letting me know, has been fixed.

HeHe.. sorry about that