- Implemented CSP (Content Security Policy)

lib/ticket-age-per-queue.adp

 <div id=@diagram_id@></div>
-<script type='text/javascript'>
+<script type='text/javascript' <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
 
 Ext.Loader.setPath('PO', '/sencha-core');
 Ext.Loader.setPath('GanttEditor', '/intranet-gantt-editor');

lib/ticket-aging.adp

 <div id=@diagram_id@></div>
-<script type='text/javascript'>
+<script type='text/javascript' <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
 Ext.Loader.setPath('PO', '/sencha-core');
 Ext.require([
     'Ext.chart.*', 

sql/postgresql/intranet-helpdesk-create.sql

@@ -1079,7 +1079,7 @@ insert into im_view_columns (
         visible_for
 ) values (
         27099,270,-1,
-        '<input type=checkbox name=_dummy onclick="acs_ListCheckAll(''ticket'',this.checked)">',
+        '<input id=list_check_all type=checkbox name=_dummy>',
         '$action_checkbox',
         ''
 );
@@ -1409,7 +1409,7 @@ SELECT im_dynfield_widget__new (
 		order by name
 	}}
 	after_html {
-		<script type="text/javascript">
+		<script type="text/javascript" nonce="[im_csp_nonce]">
 		function customerContactSelectOnChange() {
 		    var xmlHttp1;
 		    try { xmlHttp1=new XMLHttpRequest();	// Firefox, Opera 8.0+, Safari

sql/postgresql/upgrade/upgrade-5.0.3.0.3-5.0.3.0.4.sql

+-- upgrade-5.0.3.0.3-5.0.3.0.4.sql                                                                                                                                  
+
+SELECT acs_log__debug('/packages/intranet-helpdesk/sql/postgresql/upgrade/upgrade-5.0.3.0.3-5.0.3.0.4.sql','');
+
+
+update im_dynfield_widgets
+set parameters =
+ 	'{custom {sql {
+		select	u.user_id,
+			im_name_from_user_id(u.user_id) as name
+		from	users u
+		where	u.user_id not in (
+				-- Exclude deleted or disabled users
+				select	m.member_id
+				from	group_member_map m,
+					membership_rels mr
+				where	m.group_id = acs__magic_object_id(''registered_users'') and
+					m.rel_id = mr.rel_id and
+					m.container_id = m.group_id and
+					mr.member_state != ''approved''
+			)
+		order by name
+	}}
+	after_html {
+		<script type="text/javascript" nonce="[im_csp_nonce]">
+		function customerContactSelectOnChange() {
+		    var xmlHttp1;
+		    try { xmlHttp1=new XMLHttpRequest();	// Firefox, Opera 8.0+, Safari
+		    } catch (e) {
+			try { xmlHttp1=new ActiveXObject("Msxml2.XMLHTTP");	// Internet Explorer
+			} catch (e) {
+			    try { xmlHttp1=new ActiveXObject("Microsoft.XMLHTTP");
+			    } catch (e) {
+				alert("Your browser does not support AJAX!");
+				return false;
+			    }
+			}
+		    }
+		    xmlHttp1.onreadystatechange = function() {
+			if(xmlHttp1.readyState==4) {
+			    var divElement = document.getElementById(''customer_contact_div'');
+				divElement.innerHTML = this.responseText;
+			}
+		    }
+		    var customer_id = document.helpdesk_ticket.ticket_customer_contact_id.value;
+		    xmlHttp1.open("GET","/intranet/components/ajax-component-value?plugin_name=Customer%20Info&package_key=intranet-helpdesk&ticket_customer_contact_id=" + customer_id,true);
+		    xmlHttp1.send(null);
+		}
+		window.onload = function() {
+		    var dropdown = document.helpdesk_ticket.ticket_customer_contact_id;
+		    dropdown.onchange = customerContactSelectOnChange;
+
+		    var divElement = document.getElementById(''customer_contact_div'');
+		    if (divElement != null){
+			var div = document.helpdesk_ticket.ticket_customer_contact_id;
+			div.onchange = customerContactSelectOnChange;        
+			if (div.value != null) { customerContactSelectOnChange() }
+		}
+		}
+		</script>
+	}
+}'
+where widget_name = 'customer_contact_select_ajax';
+
+
+
+
+
+
+delete from im_view_columns where column_id = 27099;
+
+insert into im_view_columns (
+        column_id, view_id, sort_order,
+	column_name,
+	column_render_tcl,
+        visible_for
+) values (
+        27099,270,-1,
+        '<input id=list_check_all type=checkbox name=_dummy>',
+        '$action_checkbox',
+        ''
+);

www/index.adp

@@ -5,7 +5,15 @@
 <property name="sub_navbar">@ticket_navbar_html;literal@</property>
 <property name="left_navbar">@left_navbar_html;literal@</property>
 
-<SCRIPT Language=JavaScript src=/resources/diagram/diagram/diagram.js></SCRIPT>
+<!-- Show calendar on start- and end-date -->
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('start_date_calendar').addEventListener('click', function() { showCalendar('start_date', 'y-m-d'); });
+     document.getElementById('end_date_calendar').addEventListener('click', function() { showCalendar('end_date', 'y-m-d'); });
+
+     document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('ticket', this.checked) });
+});
+</script>
 
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 <form action=/intranet-helpdesk/action method=POST>

www/index.tcl

@@ -269,8 +269,8 @@ ad_form \
     -method GET \
     -form {
     	{mine_p:text(select),optional {label "$mine_all_l10n"} {options $mine_p_options }}
-	{start_date:text(text) {label "[_ intranet-timesheet2.Start_Date]"} {value "$start_date"} {html {size 10}} {after_html {<input type="button" style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendar('start_date', 'y-m-d');" >}}}
-	{end_date:text(text) {label "[_ intranet-timesheet2.End_Date]"} {value "$end_date"} {html {size 10}} {after_html {<input type="button" style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendar('end_date', 'y-m-d');" >}}}
+	{start_date:text(text) {label "[_ intranet-timesheet2.Start_Date]"} {value "$start_date"} {html {size 10}} {after_html {<input type="button" id=start_date_calendar style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');" >}}}
+	{end_date:text(text) {label "[_ intranet-timesheet2.End_Date]"} {value "$end_date"} {html {size 10}} {after_html {<input type="button" id=end_date_calendar style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');">}}}
 	{ticket_name:text(text),optional {label "[_ intranet-helpdesk.Ticket_Name]"} {html {size 12}}}
 	{ticket_status_id:text(im_category_tree),optional {label "[lang::message::lookup {} intranet-helpdesk.Status Status]"} {custom {category_type "Intranet Ticket Status" translate_p 1 package_key "intranet-core"}} }
 	{ticket_sla_id:text(select),optional {label "[lang::message::lookup {} intranet-helpdesk.SLA SLA]"} {options $ticket_sla_options}}

www/new.adp

@@ -6,7 +6,7 @@
 <property name="sub_navbar">@sub_navbar;literal@</property>
 <property name="left_navbar">@left_navbar_html;literal@</property>
 
-<SCRIPT Language=JavaScript src=/resources/diagram/diagram/diagram.js></SCRIPT>
+<!-- <SCRIPT Language=JavaScript src=/resources/diagram/diagram/diagram.js></SCRIPT> -->
 @message_html;noquote@
 
 <if @message@ not nil>

www/new.tcl

@@ -266,7 +266,7 @@ if {"edit" == $form_mode && [info exists ticket_id]} {
 	    
 	    set msg [lang::message::lookup "" intranet-helpdesk.Ticket_Recently_Edited "This ticket was locked by %lock_user_name% %lock_minutes% minutes and %lock_seconds% seconds ago."]
 	    set message_html "
-		<script type=\"text/javascript\">
+		<script type=\"text/javascript\" nonce=\"[im_csp_nonce]\">
 			alert('$msg');
 		</script>
 	    "

www/notify-stakeholders.adp

@@ -3,6 +3,14 @@
 <property name="context">#intranet-core.context#</property>
 <property name="main_navbar_label">helpdesk</property>
 
+<!-- Show calendar on start- and end-date -->
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('alerts', this.checked) });
+});
+</script>
+
+
 <h1>@page_title@</h1>
 
 <form action="/intranet/member-notify" method=GET>
@@ -17,7 +25,7 @@
 	<table>
 	<tr class=rowtitle>
 	<th align="center">
-	<input type="checkbox" name="_dummy" onclick="acs_ListCheckAll('alerts', this.checked)" title="<%= [lang::message::lookup "" intranet-helpdesk.Check_Uncheck_all_rows "Check/Uncheck all rows"] %>" checked>
+	<input id=list_check_all type="checkbox" name="_dummy" title="<%= [lang::message::lookup "" intranet-helpdesk.Check_Uncheck_all_rows "Check/Uncheck all rows"] %>" checked>
 	</th>
 	<th><%= [lang::message::lookup "" intranet-helpdesk.Name Name] %></th>
 	<th><%= [lang::message::lookup "" intranet-helpdesk.Email Email] %></th>

www/ticket-select.adp

@@ -5,7 +5,12 @@
 <property name="sub_navbar">@ticket_navbar_html;literal@</property>
 <property name="left_navbar">@left_navbar_html;literal@</property>
 
-<SCRIPT Language=JavaScript src=/resources/diagram/diagram/diagram.js></SCRIPT>
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('ticket_list', this.checked) });
+});
+</script>
+
 
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 <form action="@return_url;noquote@" method=GET>

www/ticket-select.tcl

@@ -522,10 +522,7 @@ list::create \
     -actions [list ] \
     -elements {
 	ticket_chk {
-	    label "<input type=\"checkbox\" 
-                          name=\"_dummy\" 
-                          onclick=\"acs_ListCheckAll('ticket_list', this.checked)\" 
-                          title=\"Check/uncheck all rows\"
+	    label "<input id=list_check_all type=\"checkbox\" name=\"_dummy\" title=\"Check/uncheck all rows\"
 			  checked
 	    >"
 	    display_template {