Merge Develop into Master for 25.05 Release

CHANGELOG.md

@@ -2,6 +2,39 @@
 
 This file documents all notable changes made to ITFlow.
 
+## [25.05]
+
+### Added / Changed
+- Expanded file upload allow-list to include .bat and .stk file types.
+- Added full backup/restore functionality. Backup downloads a zip that includes the SQL dump and uploads folder, setup now has option to restore from zip backup.
+- Migrated Asset and Contact Links to modals to resolve variable overlap issue.
+- Added Pagination to Notification Modal.
+- Removed 500 Records Per Page option.
+- Removed unused old DB checks in the top nav.
+- Clients can now use the portal to setup Stripe automatic payments themselves for recurring invoices
+- Automatic payments are now disabled for all recurring invoices if the saved payment method is removed
+- Added Card Details and Payment added to Client Stripe.
+- UI / UX updates to guest pay Make use of cards.
+- Don't show Checkbox columns when ticket is closed, compact ticket list now matches round pills for status and priority.
+- Ticket UI/UX update allow the ticket toolbar to be a little more mobile-friendly
+- UI / UX Updates to Expenses - Combine Category and Description into 1 column.
+- Country information is now displayed in Invoices, Quotes, Recurring Invoices, Clients, Locations, and the client top header.
+- Added country-based search filters in Locations and Clients sections.
+- Changed the settings name from Integrations to Identity Providers to make room for future iDPs (e.g. Google).
+- Bump FullCalendar from 6.1.15 to 6.1.17.
+- Bump DataTables from 2.2.2 to 2.3.1.
+- Bump TCPDF from 6.8.2 to 6.9.4.
+- Bump tinyMCE from 7.7.1 to 7.9.0.
+- Bump phpMailer from 6.9.2 to 6.10.0.
+- Bump stripe-php from 16.4.0 to 17.2.1.
+
+
+### Fixed
+- "None" option for SMTP encryption now functions correctly.
+- Debug table row counts now reflect actual counts instead of relying on SHOW TABLE STATUS.
+- Archived Categories now display properly.
+- Stripe saved payment methods are now limited to credit/debit cards only.
+
 ## [25.03.6]
 
 ### Fixed
@@ -280,4 +313,4 @@ This file documents all notable changes made to ITFlow.
 ## [24.12]
 
 ### Added / Changed
-- Introduced versioned releases for the first time!
+- Introduced versioned releases for the first time!

SECURITY.md

@@ -12,10 +12,8 @@
 We operate a rolling release model. Any bug fixes will be released into latest version of ITFlow, so you must stay up-to-date.
 
 | Version | Supported          |
-| ------- | ------------------ |
-| Beta    | :x:                |
-| 24.12   | :white_check_mark: |
-| 25.1    | :white_check_mark: (When released) |
+|---------| ------------------ |
+| 25.05   | :white_check_mark: |
 
 ## Reporting a Vulnerability via GitHub Security Advisories
 

admin_app_log.php

@@ -48,14 +48,16 @@
             <h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>App Logs</h3>
         </div>
         <div class="card-body">
-            <form class="mb-4" autocomplete="off">
+            <form autocomplete="off">
                 <div class="row">
                     <div class="col-sm-4">
-                        <div class="input-group">
-                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search app logs">
-                            <div class="input-group-append">
-                                <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
-                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                        <div class="form-group">
+                            <div class="input-group">
+                                <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search app logs">
+                                <div class="input-group-append">
+                                    <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
+                                    <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                                </div>
                             </div>
                         </div>
                     </div>

admin_audit_log.php

@@ -75,7 +75,7 @@
             <form class="mb-4" autocomplete="off">
                 <div class="row">
                     <div class="col-sm-4">
-                        <div class="input-group">
+                        <div class="input-group mb-3 mb-md-0">
                             <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search audit logs">
                             <div class="input-group-append">
                                 <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
@@ -85,7 +85,7 @@
                     </div>
 
                     <div class="col-sm-2">
-                        <div class="form-group">
+                        <div class="input-group mb-3 mb-md-0">
                             <select class="form-control select2" name="client" onchange="this.form.submit()">
                                 <option value="">- All Clients -</option>
 
@@ -105,7 +105,7 @@
                     </div>
 
                     <div class="col-sm-2">
-                        <div class="form-group">
+                        <div class="input-group mb-3 mb-md-0">
                             <select class="form-control select2" name="user" onchange="this.form.submit()">
                                 <option value="">- All Users -</option>
 
@@ -125,7 +125,7 @@
                     </div>
 
                     <div class="col-sm-2">
-                        <div class="form-group">
+                        <div class="input-group mb-3 mb-md-0">
                             <select class="form-control select2" name="type" onchange="this.form.submit()">
                                 <option value="">- All Types -</option>
 
@@ -144,7 +144,7 @@
                     </div>
 
                     <div class="col-sm-2">
-                        <div class="form-group">
+                        <div class="input-group mb-3 mb-md-0">
                             <select class="form-control select2" name="action" onchange="this.form.submit()">
                                 <option value="">- All Actions -</option>
 
@@ -198,7 +198,7 @@
             <hr>
             <div class="table-responsive-sm">
                 <table class="table table-sm table-striped table-borderless table-hover">
-                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                     <tr>
                         <th>
                             <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_created_at&order=<?php echo $disp; ?>">

admin_backup.php

@@ -8,7 +8,7 @@
     </div>
     <div class="card-body" style="text-align: center;">
         <div class="alert alert-secondary">If you are unable to back up the entire VM, you'll need to back up the files & database individually. There is no built-in restore. See the <a href="https://docs.itflow.org/backups" target="_blank">docs here</a>.</div>
-        <a class="btn btn-primary btn-lg p-3" href="post.php?download_database&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download database</a>
+        <a class="btn btn-primary btn-lg p-3" href="post.php?download_backup&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download Backup</a>
     </div>
 </div>
 
@@ -20,12 +20,12 @@
         <div class="card-body">
             <form action="post.php" method="POST">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-                <div class="row d-flex justify-content-center">
-                    <div class="input-group col-4">
-                        <div class="input-group-prepend">
-                            <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
+                <div class="d-flex justify-content-center">
+                    <div class="input-group col-sm-4">
+                        <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
+                        <div class="input-group-append">
+                            <button class="btn btn-primary" type="submit" name="backup_master_key"><i class="fas fa-key"></i></button>
                         </div>
-                        <button class="btn btn-primary" type="submit" name="backup_master_key"><i class="fas fa-fw fa-key mr-2"></i>Get Master Key</button>
                     </div>
                 </div>
             </form>

admin_category.php

@@ -27,10 +27,6 @@
 );
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
-if (isset($_GET['archived'])) {
-    $category = "Archived";
-}
-
 ?>
 
 <div class="card card-dark">
@@ -98,7 +94,7 @@ class="btn <?php if ($category == 'Ticket') {
                            } else {
                                echo 'btn-default';
                            } ?>">Ticket</a>
-                        <a href="?archived=1"
+                        <a href="?<?php echo $url_query_strings_sort ?>&archived=1"
                             class="btn <?php if (isset($_GET['archived'])) {
                                 echo 'btn-primary';
                             } else {
@@ -150,7 +146,7 @@ class="fas fa-fw fa-archive mr-2"></i>Archived</a>
                                     </button>
                                     <div class="dropdown-menu">
                                         <?php
-                                        if ($category == "Archived") {
+                                        if ($archived) {
                                             ?>
                                             <a class="dropdown-item text-success confirm-link"
                                                 href="post.php?unarchive_category=<?php echo $category_id; ?>">