Skip to content

Comments

Develop to Master for 26.02 release#1262

Closed
johnnyq wants to merge 128 commits intomasterfrom
develop
Closed

Develop to Master for 26.02 release#1262
johnnyq wants to merge 128 commits intomasterfrom
develop

Conversation

@johnnyq
Copy link
Collaborator

@johnnyq johnnyq commented Feb 6, 2026

Develop to Master for 26.02 release

johnnyq and others added 30 commits December 18, 2025 14:24
@johnnyq
Fix randomString() to generate cryptographically secure URL-safe toke…
a79ce23 
…ns, reduced url keys to 32 Characters for performance and easy copy and paste and compatibility while still mainitaining ubreakable cryptographic keys
@johnnyq
Set API Key to 32 Chars
3e3531a
@johnnyq
Fix Invoice CSV Exporting
ad5710b
@johnnyq
Set API key back to 32 Chars
a277380
@johnnyq
Billable and non billable status use icons check and minus
a82e2c7
@johnnyq
Fix Billable sort
cab81ca
@johnnyq
Fix Login flow where user agent and client exists and agent has MFA b…
e60a7a5 
…ut will not let them continue, also update some wording and button colors. Also dont show email password fields again after success and login as agent and client is shown.
@johnnyq
Remove extra agent client wording
f784b65
@johnnyq
Fix Ticket Template auto filling
f2d4eb0
@johnnyq
Fix Ticket Template auto filling for v1 ticket creation
9082770
@johnnyq
Remove unused code
ccd5605
@johnnyq
Update client table responsiveness viewpoint to fix issue when window…
7970304 
… is a certain width on the desktop
Bugfix: Portal not showing contact user id in session
3049912
Fix readme demo creds
6452575
Bugfix: Mail queue loop not sending invoices to all billing contacts
88a29b7
Add task approval system
77e4d2b
@johnnyq
switched from mysqli_fetch_array to mysqli_fetch_assoc in clients lis…
8b221bc 
…ting page. This will have a major query speed and memory optimization impact
@johnnyq
switched from mysqli_fetch_array to mysqli_fetch_assoc in client modals
2193cd8
@johnnyq
fix Bulk Delete Documents and Files
365b65e
@johnnyq
Add show archived logic to files
56c4b7f
@johnnyq
Update files to use mysqli_fetch_assoc for better performance and mem…
e5dab8b 
…ory optimization. Add title for List View and Grid View
@johnnyq
Added bulk delete, archive and restore and invidual file/document res…
5815ef2 
…tore functions to files
@johnnyq
Fix Role Archiving, Roles can only be archived if no users are assign…
1de023f 
…ed to the role
Add task approval system (tidy)
58bcb38
@wrongecho
Merge pull request #1258 from itflow-org/ticket-task-approvals
908ebb4 
Ticket task approvals
Rewrite kanban in more procedural code to match existing codebase (as…
b48168f 
… a v2, delete old and rename once we're happy)
Tickets Kanban
661f8db 
- Keep the selected view (kanban/list) when applying other filters
- Allow filtering tickets by project (main and kanban v2)
Tickets Kanban
208f7ac 
- Keep the selected view (kanban/list) when applying other filters
- Allow filtering tickets by project (main and kanban v2)
TinyMCE - add all options to mobile (we may regret this)
981f9ac
@johnnyq
Fix Remove Powered by ITFlow on Login Screen when WhiteLabel is enabled
7804057
johnnyq and others added 21 commits February 4, 2026 11:11
@johnnyq
Fix Empty col in client overview if no fabvorite assets, fix creds pa…
91aba13 
…ge rename var from important to favorite
@johnnyq
Update UI/UX for Adding and editing roles, Permissions can be set upo…
4079257 
…n role add nice blocker style radios buttons instead of select boxes
@cs2000
Changes for M365 oAuth now using latest dev code
10d1a90 
My bad, my changes were made previously using my installed version and not the latest changes in the dev branch, i have pulled the dev branch and merged my changes with the latest codebase.
@cs2000
Changes for M365 oAuth using dev code
563c0ea 
My bad, my changes were made previously using my installed version and not the latest changes in the dev branch, i have pulled the dev branch and merged my changes with the latest codebase.
@cs2000
SonarCube Suggestion
fc33312 
Rename multiple functions to conform to project naming rules (^[a-z][a-zA-Z0-9]*$). This is a non-functional refactor for style/CI compliance and consistency.
@cs2000
SonarCube Suggestion
7cbe9bf 
Removed two instances of unecessary double parentheses.
@cs2000
SonarCube Suggestion
629f4e0 
Defined a constant $settings_mail_path at the top of the file instead of duplicating "/admin/settings_mail.php" in the code multiple times.
@cs2000
SonarCube Suggestion
6a6eb4a 
Define a constant "MICROSOFT_OAUTH_BASE_URL" instead of duplicating "https://login.microsoftonline.com/" multiple times in the same file.
@cs2000
SonarCube Suggestion
9afb165 
Remove duplicates of https://login.microsoftonline.com/ and make them use a constant.
@cs2000
Revert to original file from dev branch
dca0cc3 
Accidentally comitted an older file.
@johnnyq
Draft of ticket_by_client report v2 not yet in the side menu of reports
004b3b2
@johnnyq
Bump TinyMCE 8.2.2 to 8.3.2
decea60
@johnnyq
Bump PHPMailer from 7.0.1 to 7.0.2
065630b
@johnnyq
Bump Datatables from 2.3.4 to 2.3.7
d224d71
@johnnyq
Add star-toggle class to add asset
be172b5
@johnnyq
Update Credential Important to Favorite
bdd56c9
@johnnyq
Merge pull request #1261 from cs2000/develop
4d895a5 
Add full Microsoft 365 and Google OAuth mail support
@johnnyq
Bump app version
1c6795d
@johnnyq
Update Changelog for 26.2 Release
1d8f77f
@johnnyq
Another change
8d54bc3
@johnnyq
Fix Version
ec7f1d5
@johnnyq johnnyq requested a review from wrongecho February 6, 2026 18:26
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2026
View reviewed changes
agent/modals/ticket/ticket_bulk_merge.php
Comment on lines +15 to +21
$sql_merge = mysqli_query($mysqli, "SELECT * FROM tickets
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
LEFT JOIN clients ON client_id = ticket_client_id
WHERE ticket_closed_at IS NULL
$whereNotIn
ORDER BY ticket_status ASC, ticket_id DESC"
);

Check failure

Code scanning / SonarCloud

Database queries should not be vulnerable to injection attacks

<!--SONAR_ISSUE_KEY:AZw0NenjPzpS7TtNukhp-->Change this code to not construct SQL queries directly from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=itflow-org_itflow&issues=AZw0NenjPzpS7TtNukhp&open=AZw0NenjPzpS7TtNukhp&pullRequest=1262">SonarQube Cloud</a></p>
agent/post/file.php

// Move document
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id, document_updated_at = document_updated_at WHERE document_id = $document_id");

Check failure

Code scanning / SonarCloud

Database queries should not be vulnerable to injection attacks

<!--SONAR_ISSUE_KEY:AZw0Ne0HPzpS7TtNukhx-->Change this code to not construct SQL queries directly from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=itflow-org_itflow&issues=AZw0Ne0HPzpS7TtNukhx&open=AZw0Ne0HPzpS7TtNukhx&pullRequest=1262">SonarQube Cloud</a></p>
wrongecho
wrongecho requested changes Feb 6, 2026
View reviewed changes
Copy link
Collaborator

@wrongecho wrongecho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oauth code has reverted other changes.

@johnnyq
Copy link
Collaborator Author

johnnyq commented Feb 7, 2026

Cancelling to investigate code overlaps from the oauth2 merge

@johnnyq johnnyq closed this Feb 7, 2026
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 7, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wrongecho wrongecho wrongecho requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@johnnyq @wrongecho @cs2000