HESK™ PHP Help Desk Software

HESK CHANGELOG

Changes in 2.7.6 - 1st March 2018
- improved handling of multiple emails in a ticket
- changed a setting field name to avoid a mod_security false positive
- fix: when editing a ticket, empty values should not be replaced with defaults
- fix: URL in a custom text field breaks HTML on the edit ticket page
- fix: removing duplicate recipients creates an issue in SMTP library
- fix: knowledgebase category shouldn't have its child set as parent
- fix: use multibyte functions for checking and limiting string length
- fix: (strict mode) only variables should be passed by reference
- fix: a non well formed numeric value notice in settings
- updated third party libraries to the latest version

Changes in 2.7.5 - 25th November 2017
- fix: old name and subject length limits in "Edit ticket"

Changes in 2.7.4 - 21st November 2017
- new email tag %%TIME_WORKED%% shows time staff worked on a ticket
- new email tag %%LAST_REPLY_BY%% shows name of the person who posted last ticket message
- increased maxlength attribute for ticket name and subject to max supported in database (50 and 70)
- improved few default email messages to avoid some spam filters marking them as "linkbait"
- fix: move category not working correctly for users with no global submit permission
- fix: if iconv is not available, attempt to use utf8_encode instead in email to ticket
- fix: don't encode email headers if ascii only, it triggers some spam filters
- fix: backslash not escaped properly in several functions
- fix: remove duplicate recipients in hesk_mail() function
- fix: missing name error message in profile
- fix: don't allow newlines in email headers
- fix: duplicate language string, IP WHOIS case
- fix: use multibyte strtolower for strings where needed
- fix: possible wrong previous month name in reports/exports
- updated several third party libraries to the latest version

Changes in 2.7.3 - 10th April 2017
- added meta robots "noindex, nofollow" tag to admin pages
- hide KB functionality from customer side if no public articles
- upload additional attachments when editing a ticket (up to allowed limit)
- modified client IP detection to enable detecting proxy connections
- improved display logic for top and latest public KB articles
- improved handling of PHP/MySQL timezone difference
- added new pages to allowed admin panel redirects
- updated HTML Purifier and allowed URI Schemes
- delete some cached files when saving settings
- fix: missing collations in MySQL prior to 5.6
- fix: missing statuses in ticket ID reminder email
- fix: issues with emails that contain a single quote
- fix: wrong custom date field value saved in some timezones
- fix: extra line when using a hidden custom field after message
- fix: session expired issue in very old PHP versions with register_globals on

Changes in 2.7.2 - 2nd January 2017
- fix: suppress warnings when check for update without cURL fails
- fix: MySQL strict mode issue when upgrading an old Hesk version
- fix: Content-Security-Policy flags setTimeout string as unsafe-eval
- fix: searching tickets disabled status New in show tickets form
- fix: do not overwrite the text/javascript header in tcal.php
- detect additional "noreply" addresses
- respect category order in ticket list group/order by category
- don't list KB articles under "latest" if they are already listed under "top"
- moved help desk title/URL under general settings to avoid confusion
- modified some default settings (does not affect updates)

Changes in 2.7.1 - 19th November 2016
- fix: don't modify ticket "Last updated" when updating HESK to 2.7.x

Changes in 2.7.0 - 19th November 2016
- custom fields have been improved significantly:
   » translate title
   » change display order
   » tie them to specific categories
   » private (staff only) custom fields supported
   » mark as required for everyone or just for customers
   » checkboxes now require only a single option (before: two)
   » increased number of available custom fields to 50
   » improved interface and moved under "Tools"
   » do not show double punctuation in forms
   » new types: date, email, hidden
- you can now create custom ticket statuses
- improved language loading (fallback if not found, custom text)
- automatically reload pages with list of tickets every X seconds/minutes
- require tickets to be assigned before staff is able to reply to them (option)
- implemented IMAP fetching (import emails to tickets from an IMAP email server)
- email templates can now be modified from the Admin panel (Tools > Email templates)
- removed LIMIT 1 from SQL UPDATE/DELETE statements to avoid replication warnings
- in "Tickets per user" report show how many tickets a user has submitted
- in admin panel show a link to the public knowledgebase article location
- added head.txt for custom code to be included before </head> tag
- delete knowledgebase articles from the "Edit article" page
- moved temporary files out of attachments folder
- new staff permissions:
   » can resolve tickets
   » can submit tickets to any category
   » can move tickets to any category
- ticket message can be set to not required
- ticket subject can be set to not required
- ticket email can be set to not required
- HESK can now force SSL connections
- fix: JS function argument default values are not available before ES6
- fix: wrong order of ticket list column titles when a required column is missing
- fix: return back to the previous page after editing KB articles from List private/draft articles
- fix: remember opened ticket when changing display language in customer ticket view

Changes in 2.6.8 - 10th August 2016
- fix: wrong form title when editing service messages
- fix: removed some missing and/or mismatched HTML tags
- fix: modify SQL database table structure to work with strict mode
- security: fixed an issue, reported by Sven Morgenroth from Netsparker (www)
- security: various security improvements, reported by Mohammed Abdulqader Abobaker Al-saggaf (www)
- misc: updated few third party libraries

Changes in 2.6.7 - 18th April 2016
- changed email piping and pop3 fetching files line endings to Unix format for compatibility
- security: removed private info from query string, reported by Alec Broughton (www)
- security: require email to view tickets setting is now enabled by default
- fix: pagination in private staff messages not working
- fix: wrong links to index and KB page in help files
- in customer side emails are now shown as a link

Changes in 2.6.6 - 2nd February 2016
- improved reCaptcha library to work with cURL
- verify MySQL privileges before installing/upgrading
- fix: respect attachments settings in KB form (minimum 3 if enabled)
- fix: always checking for maintenance mode when downloading attachments
- fix: missing <tr> tag in Reports

Changes in 2.6.5 - 28th August 2015
- HESK now supports Zend OPcache enabled
- modified PHP7 depreciated class constructors
- improved handling of values/options when changing custom field type
- simple anti-SPAM image now uses PNG or GIF support if JPEG is not enabled
- trim "Help Desk URL" trailing slash when saving settings
- fix: send customer notification of a new staff reply in the correct language
- fix: merging tickets could hide old replies until a new reply is posted
- fix: preserve table prefix in installation script on connection error
- fix: session expired error when trying to reset password
- fix: don't send out content-type headers for CLI scripts

Changes in 2.6.4 - 22nd June 2015
- fix: session expired error if username case doesn't match exactly the one in database

Changes in 2.6.3 - 20th June 2015
- update unknown IP address to the IP address of the first ticket visitor from customer interface
- "last modified" value will now be preserved during hesk_tickets table update
- staff private messages can now have signatures attached
- added three new special tags to canned responses
- improved status assignment logic when customer reopens a closed ticket
- removed execution time limit in installation script to handle large database updates
- updated inline URL regex to not process emails in URLs containing not encoded emails
- fix: existing sessions should expire after changing credentials, reported by Indrajith.AN (www)
- fix: missing a day in the DateArray() function when passing daylight saving time adjustments
- fix: force content type header charset to utf-8 (override PHP 5.6+ default_charset)
- fix: status change not logged in ticket history when staff inserting customer reply
- fix: email to ticket: accept email if no message required but attachment exists
- fix: email confirmation not working properly when multiple emails are allowed
- fix: non-default MySQL ports ignored during upgrade using mysqli library
- fix: "Small box" setting disables knowledgebase search in admin panel
- fix: null attachment name length after removing non-ascii chars
- fix: grammar error in English language file

Changes in 2.6.2 - 18th March 2015
- fix: \0 converted to null byte in XML export
- fix: closedby column in hesk_tickets table must accept signed values

Changes in 2.6.1 - 26th February 2015
- fix: POP3 fetching task timeout can be disabled
- fix: security issue reported by MichaƂ Bentkowski (www)

Changes in 2.6.0 - 22nd February 2015
- HESK is now compatible with PHP 5.6
- minimum MySQL server version is 5.0.7
- select which columns to display in ticket list
- staff can now manage notifications and preferences for other users
- option to disable email notifications to customer when they submit a new support ticket
- notify customer when a ticket is marked Resolved (by staff without replying or automatically)
- track what knowledgebase articles were suggested to the customer when submitting a new ticket
- remind customer to check SPAM box for confirmation emails after submitting ticket
- existing staff responses will be marked as read when customer replies over email
- ticket templates for faster submitting of common tickets from admin interface
- additional buttons to easily submit responses with different ticket statuses
- improved handling of the goto parameter in admin panel (Lisandro Ubiedo)
- require access control when testing connections (Lisandro Ubiedo)
- don't start a new POP3 fetching task if the previous is still running
- fix: fieldset legend element not aligned properly in most browsers
- fix: set correct MIME type for servers sending nosniff header
- fix: adjust MySQL time in legacy hesk_formatDate() function
- fix: remove all non-ascii chars from attachment names
- fix: custom checkbox fields not staying selected
- staff can indicate a reply as a reply from the customer
- use HESK knowledgebase only (no help desk)
- allow staff to reset forgotten passwords
- HESK can be put in maintenance mode
- ability to find tickets by Owner
- added support for reCAPTCHA API v2
- the "Time worked" feature can be disabled
- HESK width increased of 960 pixel by default
- show service messages on help desk homepage
- option to prevent customers from resolving tickets
- link customer IP addresses to an IP whois service
- new email tag %%ID%% prints sequential ticket ID
- save ticket response message for later without replying
- set default customer notification box selection in Profile
- ticket notes now allow attachments and can be modified
- staff members are now ordered by name for easier selection
- customers can select email reminder to list all or open tickets
- three time formats available for the "Updated" column in ticket list
- "Submit a ticket" form fields can now be populated using GET and POST
- when saving settings don't test SMTP and POP3 connection if no changes
- optionally show "Click to select" for ticket category, priority and custom fields
- skip customer notification of new ticket if a SPAM tag is in email subject
- customer email and staff signature field length increased to 1000 chars
- accept or reject emails with no message (email piping/POP3 fetching)
- on Categories page added links to list all tickets in each category
- when listing knowledgebase articles verify the category exists
- show related knowledgebase articles when viewing an article
- when creating tickets from emails respect the Reply-To: tag
- change ticket priority for selected tickets in ticket list
- set default priority for ticket categories
- minor changes to the interface
- ban email addresses
- ban IP addresses

Changes in 2.5.5 - 5th August 2014
- fix: correct TinyMCE update to 3.5.11 from version 2.5.4

Changes in 2.5.4 - 4th August 2014
- fix: MySQL test ignoring new database name when verifying tables
- fix: adjust time if MySQL and PHP use different time zone setting
- fix: single quotes not escaped properly in Javascript (Lisandro Ubiedo)
- updated TinyMCE to 3.5.11

Changes in 2.5.3 - 16th March 2014
- Firefox built-in spell check is now enabled when creating/editing knowledgebase articles
- rephrased few commands in the interface for better understanding and consistency
- fix: some Javascript not working if translated command contains a single quote
- fix: line separator chars causing Javascript syntax errors in canned responses
- fix: Hotmail breaks ticket tracking ID in email reply subject by adding spaces
- fix: define dt and lastchange variables for emails when adding a ticket note
- fix: email date should be in RFC2822 format (no manual time adjustment)
- fix: allow upgrading from 2.5.x series without patch files
- updated pop3.php to avoid a strict standards warning
- improved and simplified installation/update script
- added .header a:visited to hesk_style.css
- user password length is no longer limited
- updated TinyMCE to 3.5.10

Changes in 2.5.2 - 13th October 2013
- reports now include "Time worked" summary
- modified sorting by "Last Replier" field. Staff will be sorted first (by ID), then customers by name
- fix: toggling limit of categories and features for users should be controlled by selected admin value
- fix: checking if temporary file exists may cause problems with open_basedir in effect
- fix: disabled attachments in version 2.5.x don't load all required functions
- fix: knowledgebase categories have problems with % char in their name
- fix: anti-SPAM question doesn't accept 0 as a valid answer
- updated TinyMCE to 3.5.9

Changes in 2.5.1 - 8th August 2013
- added "Updated" value to the export of tickets to Excel
- added support for exporting tickets in Zip without Zip library enabled
- added two new email template tags: %%CREATED%% and %%UPDATED%%
- reduced memory usage in knowledgebase article suggestion, search and display
- set last replier name to the email sender name with email piping/POP3 fetching
- show "Open" and "Resolved" ticket count in reports by user and by category
- fixed HTML quoted printable chars causing problems in non UTF-8 emails
- fixed Javascript encoding of UTF-8 URL query parts
- fixed behavior of hesk_isEmailLoop() function
- remove invalid UTF-8 bytes from submitted text
- improved parsing of incoming email messages
- delete temporary email files on errors

Changes in 2.5.0 - 2nd July 2013
- HESK is now fully compatible with PHP 5.5
- export tickets into Excel (XML spreadsheet)
- knowledgebase categories can now be ordered
- show number of private and draft articles in the Knowledgebase categories list
- new SPAM prevention option built-in: ReCaptcha
- new special tag for use in email templates: %%EMAIL%%
- support for %%MESSAGE%% tag in private messages
- in email piping/pop3 fetching show notice what attachments were removed and why
- if email contains message add direct links to any attachments at the bottom
- add the "Reply above this line" tag only if email contains message
- in emails make sure all fields have HTML special chars properly formatted
- pop3 fetching now has an option to keep copy of emails on the server
- pop3 fetching change verify sender name encoding
- use mysqli extension instead of mysql if available
- if customer reopens ticket change status to waiting reply from customer and remind customer to add a reply
- it's now easy to change the name of admin and attachments folders
- disallow uploads of some file types: .php, .phtml, .php3, .php4, .php5, .phps, .pl, .cgi, .shtm, .shtml
- optimized several SQL statements for better performance
- staff can now only run reports for categories they have access to and (by user) only for themselves.
- option to give staff permission to run full reports
- removed duplicates from text.php
- when grouping tickets by owner show current user's on top
- improved URL parsing to detect all schemes (http, https, ftp, sftp, file, ...)
- when replying as staff give an option to not send email notification
- in options.php urldecode $query
- On Hold and In Progress statuses not cleared from the "Change status to" box
- empty category value in submit ticket form if no public categories
- work-around for a bug in older versions of Internet Explorer not allowing https downloads
- long URLs in messages can be automatically shortened
- session names shouldn't collide with multiple copies installed
- email piping limit length of name and subject
- detect if an attachment file has been deleted
- show replier first name when printing tickets
- do not allow rating replies of third party tickets
- wrong status in email if status changes when replying
- make "Add to the bottom" default selection for adding canned responses
- "last changed" sometimes not updating correctly
- remove the need for server path setting
- forms need to allow longer emails (now 255 chars)
- if a customer replies to a ticket with status "New" don't change status
- "Show newest on top" setting now affects notes as well
- custom fields need to be converted into plain text before sending in emails
- hesk_makeURL should detect localhost addresses
- decode XHTML reserved entities to UTF-8 in emails
- prevent & in "Site title" setting from becoming &amp; in emails
- modified knowledgebase search form to make it clearer what the form does (search help)
- detect if someone tries to post more data than what the server allows (PHP post_max_size limit)
- expired sessions in admin panel may cause an "Invalid Request" error
- reloading the page after submitting a KB article creates a new (duplicate) article
- fix category name and email problems due to MySQL wildcard match
- for customers, auto-focus first required field when "Submit a ticket" form loads
- prevent caching of session pages by sending session_cache_limiter nocache
- private and draft article list showing only 1 draft per category
- limiting failed login attempts can now be disabled in settings
- modified the simple anti-spam image a bit
- count views of private articles
- when deleting knowledgebase category also delete/move subcategories and attachments
- fixed an error that can occur when merging tickets in strict MySQL mode
- if one attachment fails delete others as well
- fixed problems with \ " < > & in pop3/smtp passwords
- removed support email variable (not used anymore)
- removed Connection and Content-length HTTP headers from AJAX posts
- cache check for updates to 1 per hour
- updated TinyMCE to 3.5.8
- updated mime_parser class to 1.85
- few minor user interface changes

Changes in 2.4.2 - 30th December 2012
- verify that a valid version of HESK has been installed

Changes in 2.4.1 - 18th August 2012
- fixed comment URL parsing issues when replying to a ticket as staff
- fixed Knowledgebase file uploads not working on some installations of 2.4
- with auto-login set to OFF and Debug mode set to ON, notices were shown after staff login
- knowledgebase attachments on private and draft articles cannot be downloaded
- lastchange not updated when deleting ticket posts without status change
- some servers add slashes to file_get_contents(), detect and remove them
- some servers may report maximum file size in lowercase letters
- column hits in table hesk_pipe_loops didn't have a default value
- merge tickets option not showing on some installations of 2.4
- if a POP3 stream wrapper is already registered remove it
- improved detection of returned emails

Changes in 2.4 - 9th August 2012
- encoding changed to UTF-8 for all languages
- time spent on ticket
- POP3 fetching (connect to an email account and convert emails into tickets)
- customers may reply to tickets by replying to notification emails
- detect and correct mistyped email addresses
- detect email piping loops
- enable/disable autoassign per category
- private ticket categories (for use by staff only)
- merge several tickets into one
- sticky knowledgebase articles
- keywords for knowledgebase articles
- hide date and views from knowledgebase articles
- set email "From:" name in HESK settings
- fixed bug: when moving ticket category an autoassign email wasn't sent
- fixed bug: reopen link still showed to customer when it should be disabled
- fixed bug: misplaced quote in users online list HTML code
- fixed bug: close ticket selection missing in new statuses
- fixed bug: staff should not be able to create new accounts with more features
- fixed broken Javascript code if language file uses single quotes
- fixed typos in some variable names
- fixed email date issues
- fixed email notifications should be sent in preferred language
- improved permission checking for access to attachments and tickets
- updated calendar to latest version
- updated WYSIWYG text editor to latest version
- updated mime_decode to latest version
- filter ticket ID for ugly words
- delete individual attachments from tickets
- new special tag for email templates: %%STATUS%%
- search ticket notes
- forgot ticket ID lists open and most recent tickets first
- forgot ticket ID can list open tickets only
- limit maximum open tickets per client (web form only)
- new replies can now be shown on top of the page
- reply box can be moved to the top of the page
- when showing next ticket that needs attention don't show tickets assigned to someone else
- searching tickets by message now also searches replies
- email when note is added to ticket assigned to me
- email subjects changed to include ticket subject and tracking ID
- improved email syntax validation
- moved less common functions from common.inc.php
- modified admin header to show nicely in non-English versions
- mark replies read by customer
- automatically check for updates
- a number of other minor changes and fixes.

Changes in 2.3 - 15th September 2011
- a "What You See is What You Get" (WYSIWYG) editor for Knowledgebase articles
- import tickets into Knowledgebase articles
- automatically assign tickets to appropriate staff
- staff can change status of tickets
- two new ticket status options: On Hold, In Progress
- staff can set ticket priority to "Critical"
- view what staff is currently online
- create tickets from email (email piping)
- support for sending emails using a SMTP server rather than PHP mail()
- improved ticket sorting algorithm and new sorting options.
- change default ticket display and sorting in the admin homepage
- find tickets by email and sequential ticket ID
- brute force protection for both ticket view and staff login
- Hesk is now IPv6 ready
- fixed bug where required custom fields with value 0 would return an error
- fixed bug where emails were sometimes not sent to all staff when changing ticket category
- fixed bug where knowledgebase article count wasn't updated properly
- fixed a potential security issue on servers with PHP register_globals enabled
- renamed "Close ticket" to "Mark as Resolved" for clarity
- renamed "Archived" to "Tagged" for clarity
- you can require customers to enter both ticket ID and email to view a ticket
- modified ticket ID format so it is easier to read and repeat
- limit view of unassigned tickets to staff
- a number of error-handling and interface changes to make Hesk even more user friendly
- a number of minor changes and fixes.

Changes in 2.2 - 9th June 2010
- assign owners to tickets (assign tickets to individual staff members)
- admin panel shows last repliers' name
- more information can be entered into e-mails (category, message, ticket owner, custom fields)
- staff can now submit tickets
- added reporting features
- added staff private messages
- check for duplicate tracking ID
- improved ticket searching
- fixed bug where edit_post rewrites session variables when register_globals is enabled
- fixed bug where e-mails and URLs don't show correctly when editing ticket
- fixed bug where last replier didn't show correctly after deleting a post
- lock/unlock individual tickets
- new way of suggesting KB articles
- ticket history log (who closed, opened, locked or unlocked a ticket)
- more user-friendly error and success message handling
- added checks to fight CSRF-type attacks
- generate URLs that will pre-load category selection when submitting new tickets
- settings will now accept localhost URLs
- purge attachments when the ticket is deleted
- disable customer setting ticket priority level
- a number of minor changes and fixes.

Changes in 2.1 - 7th August 2009
- Full support for multiple languages
- Knowledgebase articles can now have attachments
- Increased custom fields number to 20
- Checkboxes now supported as custom fields
- Autologin feature
- Staff can edit all ticket details
- New redirect options after replying to a ticket (settable in Profile)
- Canned responses can be appended to the message instead of replacing it
- A read-only access to private knowledgebase by all staff
- Fixed numerous small bugs and issues thanks to large code testing and screening
- Improved security
- HESK moved to www.hesk.com Web site, links within the script updated accordingly

Changes in 2.0 - 24th January 2009
- Updated user interface
- Fully featured knowledge base (categories, articles (counting views, able to rate), search, ...)
- Display of latest and top articles
- Before a ticket is submitted HESK will suggest matching Knowledgebase articles
- You can add notes to tickets (hidden from customer, viewable by staff)
- Limit features for staff (not just Administrator/Staff, now you can enable/disable individual features for individual users)
- Rating of staff replies (Helpful/Not helpful)
- Up to 10 custom field now
- Custom fields can be text, textarea, select or radio button
- Disable list users in admin
- Remember staff username
- Default ticket listing by status (new, waiting reply first) then priority
- Staff passwords encrypted - not simple SHA1, but multiple times
- Admin files moved to "admin" folder
- Added prefix to database names
- Autoclose tickets after X days
- Adjust server time to match your local time
- Updated anti-SPAM features
- And many other changes

Changes in 0.94.1 - 25th April 2007
- Fixed an XSS vulnerability on some servers (reported by Nemanja Avramovic)
- Changed the way file uploads are handled

Changes in 0.94 - 23rd April 2007
- Added support for custom fields (up to 5)
- Added file attachments
- Added anti-SPAM security image
- Added canned responses
- Settings are now edited from the admin panel
- New ticket statuses (New, Replied, Waiting Reply, Resolved)
- Ticket ID reminder
- And many other changes (too many to list here)

Changes in 0.93.1 - 17th September 2005
- Fixed a security issue reported by OS2A team

Version 0.93 - 3rd July 2005

Version 0.92 - 28th May 2005

Version 0.91 - 4th May 2005

Initial release 0.90 - 23rd April 2005

 

© Copyright HESK.COM 2005-2018. All rights reserved.