diff --git a/js/app.js b/js/app.js index 6d23186c..632c0d48 100644 --- a/js/app.js +++ b/js/app.js @@ -320,23 +320,6 @@ $(document).ready(function() { } }); - // Initialize TinyMCE editor with only a redact button - tinymce.init({ - selector: '.tinymceTicketRedact', - browser_spellcheck: false, - contextmenu: false, - resize: true, - min_height: 300, - max_height: 500, - promotion: false, - branding: false, - menubar: false, - statusbar: false, - license_key: 'gpl', - readonly: true, - toolbar: '', - }); - tinymce.init({ selector: '.tinymceRedact', // Your selector browser_spellcheck: true, diff --git a/js/ticket_redact.js b/js/ticket_redact.js deleted file mode 100644 index 78e71a74..00000000 --- a/js/ticket_redact.js +++ /dev/null @@ -1,15 +0,0 @@ -// Redact the selected text in TinyMCE -function redactSelectedText() { - const editor = tinymce.get('tinymceTicketRedact'); // Get TinyMCE editor instance - const selectedText = editor.selection.getContent(); // Get selected content - - if (selectedText) { - // Wrap the selected text with a redacted span - const redactedNode = `[REDACTED]`; - - // Replace the selected text with the redacted span - editor.selection.setContent(redactedNode); - } else { - alert('Please select some text to redact.'); - } -} diff --git a/post/user/ticket.php b/post/user/ticket.php index 9be9ad86..f816f282 100644 --- a/post/user/ticket.php +++ b/post/user/ticket.php @@ -1589,29 +1589,6 @@ if (isset($_GET['archive_ticket_reply'])) { header("Location: " . $_SERVER["HTTP_REFERER"]); } -if (isset($_POST['redact_ticket_reply'])) { - - // Perms - Admins only - if (!isset($session_is_admin) || !$session_is_admin) { - exit(WORDING_ROLECHECK_FAILED . "
Tell your admin: Your role does not have admin access."); - } - validateCSRFToken($_POST['csrf_token']); - - $ticket_id = intval($_POST['ticket_id']); - $ticket_reply_id = intval($_POST['ticket_reply_id']); - $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); - $client_id = intval($_POST['client_id']); - - mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id"); - - // Logging - logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id); - - $_SESSION['alert_message'] = "Ticket reply redacted"; - - header("Location: ticket_redact.php?ticket_id=" . $ticket_id); -} - if (isset($_POST['merge_ticket'])) { enforceUserPermission('module_support', 2); diff --git a/ticket.php b/ticket.php index 0979c706..2b20a838 100644 --- a/ticket.php +++ b/ticket.php @@ -391,12 +391,6 @@ if (isset($_GET['ticket_id'])) { - - Redact - - diff --git a/ticket_redact.php b/ticket_redact.php deleted file mode 100644 index f2514228..00000000 --- a/ticket_redact.php +++ /dev/null @@ -1,127 +0,0 @@ -Tell your admin: Your role does not have admin access."); -} - -//Initialize the HTML Purifier to prevent XSS -require_once "plugins/htmlpurifier/HTMLPurifier.standalone.php"; -$purifier_config = HTMLPurifier_Config::createDefault(); -$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one -$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); -$purifier = new HTMLPurifier($purifier_config); - - -if (isset($_GET['ticket_id'])) { - $ticket_id = intval($_GET['ticket_id']); - - $ticket_sql = mysqli_query( - $mysqli, - "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets - WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL - LIMIT 1" - ); - - if (mysqli_num_rows($ticket_sql) == 0) { - - echo "

Nothing to see here

Go Back
"; - - } else { - - $ticket_row = mysqli_fetch_array($ticket_sql); - $ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']); - $ticket_number = intval($ticket_row['ticket_number']); - $ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']); - $ticket_details = $purifier->purify($ticket_row['ticket_details']); - - // Get ticket replies - $sql_ticket_replies = mysqli_query( - $mysqli, - "SELECT * FROM ticket_replies - LEFT JOIN users ON ticket_reply_by = user_id - LEFT JOIN contacts ON ticket_reply_by = contact_id - WHERE ticket_reply_ticket_id = $ticket_id - AND ticket_reply_archived_at IS NULL - ORDER BY ticket_reply_id DESC" - ); - - ?> - - -
    -
  1. - Tickets -
    2. -
    3. -
- -
-
-
- - -
-
-
- - -
-
-
- Ticket Details -
-
-
- -
-
- - -
- - purify($row['ticket_reply']); - $ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']); - if ($ticket_reply_type == "Client") { - $ticket_reply_by_display = nullable_htmlentities($row['contact_name']); - } else { - $ticket_reply_by_display = nullable_htmlentities($row['user_name']); - } ?> - -
-
-
- ticket reply by -
-
- - Redact - -
-
-
- -
-
- - - diff --git a/ticket_redact_details.php b/ticket_redact_details.php deleted file mode 100644 index a310d661..00000000 --- a/ticket_redact_details.php +++ /dev/null @@ -1,122 +0,0 @@ -Tell your admin: Your role does not have admin access."); -} - -//Initialize the HTML Purifier to prevent XSS -require_once "plugins/htmlpurifier/HTMLPurifier.standalone.php"; -$purifier_config = HTMLPurifier_Config::createDefault(); -$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one -$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); -$purifier = new HTMLPurifier($purifier_config); - -if (isset($_GET['ticket_id']) && isset($_GET['ticket_reply_id'])) { - $ticket_id = intval($_GET['ticket_id']); - $ticket_reply_id = intval($_GET['ticket_reply_id']); - - $ticket_sql = mysqli_query( - $mysqli, - "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id FROM tickets - WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL - LIMIT 1" - ); - - if (mysqli_num_rows($ticket_sql) == 0) { - - echo "

Nothing to see here

Go Back
"; - - } else { - - $ticket_row = mysqli_fetch_array($ticket_sql); - $ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']); - $ticket_number = intval($ticket_row['ticket_number']); - $ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']); - $client_id = intval($ticket_row['ticket_client_id']); - - // Get ticket reply - $sql_ticket_reply = mysqli_query( - $mysqli, - "SELECT * FROM ticket_replies - LEFT JOIN users ON ticket_reply_by = user_id - LEFT JOIN contacts ON ticket_reply_by = contact_id - WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id - AND ticket_reply_archived_at IS NULL - LIMIT 1" - ); - - if (mysqli_num_rows($ticket_sql) == 0) { - - echo "

Nothing to see here

Go Back
"; - - } else { - - $reply_row = mysqli_fetch_array($sql_ticket_reply); - - $ticket_reply = $purifier->purify($reply_row['ticket_reply']); - $ticket_reply_type = nullable_htmlentities($reply_row['ticket_reply_type']); - if ($ticket_reply_type == "Client") { - $ticket_reply_by_display = nullable_htmlentities($reply_row['contact_name']); - } else { - $ticket_reply_by_display = nullable_htmlentities($reply_row['user_name']); - } ?> - - -
    -
  1. - Tickets -
    2. -
    3. -
- -
-
-
- - -
-
-
- -
- -
- - - - -
- -
- -
- -
- -
- -
- -
- -
- - - - -