From 6a8d2cf1d4ba2c7624457a9dc7b39a32a9baaef0 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Tue, 18 Mar 2025 09:40:39 +0000
Subject: [PATCH] Add ticket redaction feature

---
 js/app.js                 |  17 ++
 js/ticket_redact.js       |  15 ++
 post/user/ticket.php      |  23 ++
 ticket.php                | 507 +++++++++++++++++++-------------------
 ticket_redact.php         | 127 ++++++++++
 ticket_redact_details.php | 122 +++++++++
 6 files changed, 560 insertions(+), 251 deletions(-)
 create mode 100644 js/ticket_redact.js
 create mode 100644 ticket_redact.php
 create mode 100644 ticket_redact_details.php

diff --git a/js/app.js b/js/app.js
index c751288c..af414a97 100644
--- a/js/app.js
+++ b/js/app.js
@@ -277,6 +277,23 @@ tinymce.init({
     }
 });
 
+// Initialize TinyMCE editor with only a redact button
+tinymce.init({
+    selector: '.tinymceTicketRedact',
+    browser_spellcheck: false,
+    contextmenu: false,
+    resize: true,
+    min_height: 300,
+    max_height: 500,
+    promotion: false,
+    branding: false,
+    menubar: false,
+    statusbar: false,
+    license_key: 'gpl',
+    readonly: true,
+    toolbar: '',
+});
+
 // DateTime
 $('.datetimepicker').datetimepicker({
 });
diff --git a/js/ticket_redact.js b/js/ticket_redact.js
new file mode 100644
index 00000000..78e71a74
--- /dev/null
+++ b/js/ticket_redact.js
@@ -0,0 +1,15 @@
+// Redact the selected text in TinyMCE
+function redactSelectedText() {
+    const editor = tinymce.get('tinymceTicketRedact');  // Get TinyMCE editor instance
+    const selectedText = editor.selection.getContent();  // Get selected content
+
+    if (selectedText) {
+        // Wrap the selected text with a redacted span
+        const redactedNode = `<strong><span style="color: #e03e2d;">[REDACTED]</span></strong>`;
+
+        // Replace the selected text with the redacted span
+        editor.selection.setContent(redactedNode);
+    } else {
+        alert('Please select some text to redact.');
+    }
+}
diff --git a/post/user/ticket.php b/post/user/ticket.php
index f66db5f0..aabb6701 100644
--- a/post/user/ticket.php
+++ b/post/user/ticket.php
@@ -1572,6 +1572,29 @@ if (isset($_GET['archive_ticket_reply'])) {
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
+if (isset($_POST['redact_ticket_reply'])) {
+
+    // Perms - Admins only
+    if (!isset($session_is_admin) || !$session_is_admin) {
+        exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
+    }
+    validateCSRFToken($_POST['csrf_token']);
+
+    $ticket_id = intval($_POST['ticket_id']);
+    $ticket_reply_id = intval($_POST['ticket_reply_id']);
+    $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
+    $client_id = intval($_POST['client_id']);
+
+    mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id");
+
+    // Logging
+    logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
+
+    $_SESSION['alert_message'] = "Ticket reply redacted";
+
+    header("Location: ticket_redact.php?ticket_id=" . $ticket_id);
+}
+
 if (isset($_POST['merge_ticket'])) {
 
     enforceUserPermission('module_support', 2);
diff --git a/ticket.php b/ticket.php
index 3053ebf6..ad38af55 100644
--- a/ticket.php
+++ b/ticket.php
@@ -338,19 +338,19 @@ if (isset($_GET['ticket_id'])) {
         <!-- Breadcrumbs-->
         <ol class="breadcrumb d-print-none">
             <?php if (isset($_GET['client_id'])) { ?>
-            <li class="breadcrumb-item">
-                <a href="client_overview.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a>
-            </li>
-            <li class="breadcrumb-item">
-                <a href="tickets.php?client_id=<?php echo $client_id; ?>">Tickets</a>
-            </li>
+                <li class="breadcrumb-item">
+                    <a href="client_overview.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a>
+                </li>
+                <li class="breadcrumb-item">
+                    <a href="tickets.php?client_id=<?php echo $client_id; ?>">Tickets</a>
+                </li>
             <?php } else { ?>
-            <li class="breadcrumb-item">
-                <a href="tickets.php">Tickets</a>
-            </li>
-            <li class="breadcrumb-item">
-                <a href="tickets.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a>
-            </li>
+                <li class="breadcrumb-item">
+                    <a href="tickets.php">Tickets</a>
+                </li>
+                <li class="breadcrumb-item">
+                    <a href="tickets.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a>
+                </li>
             <?php } ?>
             <li class="breadcrumb-item active"><i class="fas fa-life-ring mr-1"></i><?php echo "$ticket_prefix$ticket_number";?></li>
         </ol>
@@ -371,90 +371,96 @@ if (isset($_GET['ticket_id'])) {
 
                 <?php if (lookupUserPermission("module_support") >= 2) { ?>
                     <div class="card-tools d-print-none">
-                    <div class="btn-toolbar">
+                        <div class="btn-toolbar">
 
-                        <?php if ($config_ai_enable == 1) { ?>
-                        <button class="btn btn-info btn-sm ml-3" data-toggle="modal" data-target="#summaryModal">
-                            <i class="fas fa-fw fa-lightbulb mr-2"></i>Summary
-                        </button>
-                        <?php } ?>
-
-                        <?php if ($config_module_enable_accounting && $ticket_billable == 1 && empty($invoice_id) && lookupUserPermission("module_sales") >= 2) { ?>
-                            <a href="#" class="btn btn-light btn-sm ml-3" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">
-                                <i class="fas fa-fw fa-file-invoice mr-2"></i>Invoice
-                            </a>
-                        <?php }
-
-                        if (empty($ticket_closed_at)) { ?>
-
-                            <?php if (!empty($ticket_resolved_at)) { ?>
-                                <a href="post.php?reopen_ticket=<?php echo $ticket_id; ?>" class="btn btn-light btn-sm ml-3">
-                                    <i class="fas fa-fw fa-redo mr-2"></i>Reopen
-                                </a>
-                            <?php } ?>
-
-                            <?php if (empty($ticket_resolved_at) && $task_count == $completed_task_count) { ?>
-                                <a href="post.php?resolve_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>" class="btn btn-dark btn-sm confirm-link ml-3" id="ticket_close">
-                                    <i class="fas fa-fw fa-check mr-2"></i>Resolve
-                                </a>
-                            <?php } ?>
-
-                            <?php if (!empty($ticket_resolved_at) && $task_count == $completed_task_count) { ?>
-                                <a href="post.php?close_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>" class="btn btn-dark btn-sm confirm-link ml-3" id="ticket_close">
-                                    <i class="fas fa-fw fa-gavel mr-2"></i>Close
-                                </a>
-                            <?php } ?>
-
-                            <div class="dropdown dropleft text-center ml-3">
-                                <button class="btn btn-secondary btn-sm" type="button" id="dropdownMenuButton" data-toggle="dropdown">
-                                    <i class="fas fa-fw fa-ellipsis-v"></i>
+                            <?php if ($config_ai_enable == 1) { ?>
+                                <button class="btn btn-info btn-sm ml-3" data-toggle="modal" data-target="#summaryModal">
+                                    <i class="fas fa-fw fa-lightbulb mr-2"></i>Summary
                                 </button>
-                                <div class="dropdown-menu">
-                                    <a class="dropdown-item" href="#"
-                                        data-toggle = "ajax-modal"
-                                        data-modal-size = "lg"
-                                        data-ajax-url = "ajax/ajax_ticket_edit.php"
-                                        data-ajax-id = "<?php echo $ticket_id; ?>"
+                            <?php } ?>
+
+                            <?php if ($config_module_enable_accounting && $ticket_billable == 1 && empty($invoice_id) && lookupUserPermission("module_sales") >= 2) { ?>
+                                <a href="#" class="btn btn-light btn-sm ml-3" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">
+                                    <i class="fas fa-fw fa-file-invoice mr-2"></i>Invoice
+                                </a>
+                            <?php }
+
+                            if (!empty($ticket_closed_at) && isset($session_is_admin) && $session_is_admin) { ?>
+                                <a href="ticket_redact.php?ticket_id=<?php echo $ticket_id; ?>" class="btn btn-danger btn-sm ml-3">
+                                    <i class="fas fa-fw fa-marker mr-2"></i>Redact
+                                </a>
+                            <?php }
+
+                            if (empty($ticket_closed_at)) { ?>
+
+                                <?php if (empty($ticket_closed_at) && !empty($ticket_resolved_at)) { ?>
+                                    <a href="post.php?reopen_ticket=<?php echo $ticket_id; ?>" class="btn btn-light btn-sm ml-3">
+                                        <i class="fas fa-fw fa-redo mr-2"></i>Reopen
+                                    </a>
+                                <?php } ?>
+
+                                <?php if (empty($ticket_resolved_at) && $task_count == $completed_task_count) { ?>
+                                    <a href="post.php?resolve_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>" class="btn btn-dark btn-sm confirm-link ml-3" id="ticket_close">
+                                        <i class="fas fa-fw fa-check mr-2"></i>Resolve
+                                    </a>
+                                <?php } ?>
+
+                                <?php if (!empty($ticket_resolved_at) && $task_count == $completed_task_count) { ?>
+                                    <a href="post.php?close_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>" class="btn btn-dark btn-sm confirm-link ml-3" id="ticket_close">
+                                        <i class="fas fa-fw fa-gavel mr-2"></i>Close
+                                    </a>
+                                <?php } ?>
+
+                                <div class="dropdown dropleft text-center ml-3">
+                                    <button class="btn btn-secondary btn-sm" type="button" id="dropdownMenuButton" data-toggle="dropdown">
+                                        <i class="fas fa-fw fa-ellipsis-v"></i>
+                                    </button>
+                                    <div class="dropdown-menu">
+                                        <a class="dropdown-item" href="#"
+                                           data-toggle = "ajax-modal"
+                                           data-modal-size = "lg"
+                                           data-ajax-url = "ajax/ajax_ticket_edit.php"
+                                           data-ajax-id = "<?php echo $ticket_id; ?>"
                                         >
-                                        <i class="fas fa-fw fa-edit mr-2"></i>Edit
-                                    </a>
-                                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#mergeTicketModal<?php echo $ticket_id; ?>">
-                                        <i class="fas fa-fw fa-clone mr-2"></i>Merge
-                                    </a>
-                                    <?php if (empty($ticket_closed_at)) { ?>
-                                        <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item"
-                                            data-toggle = "ajax-modal"
-                                            data-ajax-url = "ajax/ajax_ticket_contact.php"
-                                            data-ajax-id = "<?php echo $ticket_id; ?>"
+                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                        </a>
+                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#mergeTicketModal<?php echo $ticket_id; ?>">
+                                            <i class="fas fa-fw fa-clone mr-2"></i>Merge
+                                        </a>
+                                        <?php if (empty($ticket_closed_at)) { ?>
+                                            <div class="dropdown-divider"></div>
+                                            <a class="dropdown-item"
+                                               data-toggle = "ajax-modal"
+                                               data-ajax-url = "ajax/ajax_ticket_contact.php"
+                                               data-ajax-id = "<?php echo $ticket_id; ?>"
                                             >
-                                            <i class="fa fa-fw fa-user mr-2"></i>Add Contact
-                                        </a>
-                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketAssetModal<?php echo $ticket_id; ?>">
-                                            <i class="fas fa-fw fa-desktop mr-2"></i>Add Asset
-                                        </a>
-                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketVendorModal<?php echo $ticket_id; ?>">
-                                            <i class="fas fa-fw fa-building mr-2"></i>Add Vendor
-                                        </a>
-                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#addTicketWatcherModal">
-                                            <i class="fas fa-fw fa-users mr-2"></i>Add Watcher
-                                        </a>
-                                    <?php } ?>
-                                    <div class="dropdown-divider"></div>
-                                    <a class="dropdown-item" href="#" data-toggle="modal" id="clientChangeTicketModalLoad" data-target="#clientChangeTicketModal">
-                                        <i class="fas fa-fw fa-people-carry mr-2"></i>Change Client
-                                    </a>
-                                    <?php if (lookupUserPermission("module_support") == 3) { ?>
+                                                <i class="fa fa-fw fa-user mr-2"></i>Add Contact
+                                            </a>
+                                            <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketAssetModal<?php echo $ticket_id; ?>">
+                                                <i class="fas fa-fw fa-desktop mr-2"></i>Add Asset
+                                            </a>
+                                            <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketVendorModal<?php echo $ticket_id; ?>">
+                                                <i class="fas fa-fw fa-building mr-2"></i>Add Vendor
+                                            </a>
+                                            <a class="dropdown-item" href="#" data-toggle="modal" data-target="#addTicketWatcherModal">
+                                                <i class="fas fa-fw fa-users mr-2"></i>Add Watcher
+                                            </a>
+                                        <?php } ?>
                                         <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
-                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                        <a class="dropdown-item" href="#" data-toggle="modal" id="clientChangeTicketModalLoad" data-target="#clientChangeTicketModal">
+                                            <i class="fas fa-fw fa-people-carry mr-2"></i>Change Client
                                         </a>
-                                    <?php } ?>
+                                        <?php if (lookupUserPermission("module_support") == 3) { ?>
+                                            <div class="dropdown-divider"></div>
+                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                                <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                            </a>
+                                        <?php } ?>
+                                    </div>
                                 </div>
-                            </div>
-                        <?php } ?>
+                            <?php } ?>
+                        </div>
                     </div>
-                </div>
                 <?php } ?>
 
             </div> <!-- Card Header -->
@@ -476,7 +482,7 @@ if (isset($_GET['ticket_id'])) {
 
                             $ticket_closed_by_display = 'User';
                             if (!empty($ticket_closed_by)) {
-                                $sql_closed_by = mysqli_query($mysqli, "SELECT * FROM tickets, users WHERE ticket_closed_by = user_id");
+                                $sql_closed_by = mysqli_query($mysqli, "SELECT user_name FROM users WHERE user_id = $ticket_closed_by");
                                 $row = mysqli_fetch_array($sql_closed_by);
                                 $ticket_closed_by_display = nullable_htmlentities($row['user_name']);
                             }
@@ -498,9 +504,9 @@ if (isset($_GET['ticket_id'])) {
                         <?php } else { ?>
                             <div class="mt-1">
                                 <a href="#"
-                                    data-toggle = "ajax-modal"
-                                    data-ajax-url = "ajax/ajax_ticket_assign.php"
-                                    data-ajax-id = "<?php echo $ticket_id; ?>">
+                                   data-toggle = "ajax-modal"
+                                   data-ajax-url = "ajax/ajax_ticket_assign.php"
+                                   data-ajax-id = "<?php echo $ticket_id; ?>">
                                     <i class="fas fa-fw fa-user mr-2 text-secondary"></i><?php echo $ticket_assigned_to_display; ?>
                                 </a>
                             </div>
@@ -513,11 +519,11 @@ if (isset($_GET['ticket_id'])) {
                             <i class="fa fa-fw fa-thermometer-half text-secondary mr-2"></i>
                             <a href="#"
                                 <?php if (lookupUserPermission("module_support") >= 2 && empty($ticket_closed_at)) { ?>
-                                data-toggle = "ajax-modal"
-                                data-ajax-url = "ajax/ajax_ticket_priority.php"
-                                data-ajax-id = "<?php echo $ticket_id; ?>"
+                                    data-toggle = "ajax-modal"
+                                    data-ajax-url = "ajax/ajax_ticket_priority.php"
+                                    data-ajax-id = "<?php echo $ticket_id; ?>"
                                 <?php } ?>
-                                >
+                            >
                                 <?php echo $ticket_priority_display; ?>
                             </a>
                         </div>
@@ -539,10 +545,10 @@ if (isset($_GET['ticket_id'])) {
                                 <div class="mt-1">
                                     <i class="fa fa-fw fa-dollar-sign text-secondary mr-2"></i>Ticket is
                                     <a href="#"
-                                        data-toggle = "ajax-modal"
-                                        data-ajax-url = "ajax/ajax_ticket_billable.php"
-                                        data-ajax-id = "<?php echo $ticket_id; ?>"
-                                        >
+                                       data-toggle = "ajax-modal"
+                                       data-ajax-url = "ajax/ajax_ticket_billable.php"
+                                       data-ajax-id = "<?php echo $ticket_id; ?>"
+                                    >
                                         <?php
                                         if ($ticket_billable == 1) {
                                             echo "<span class='text-bold text-dark'>Billable</span>";
@@ -789,11 +795,11 @@ if (isset($_GET['ticket_id'])) {
                                                     </button>
                                                     <div class="dropdown-menu">
                                                         <a class="dropdown-item"
-                                                            data-toggle = "ajax-modal"
-                                                            data-modal-size = "lg"
-                                                            data-ajax-url = "ajax/ajax_ticket_reply_edit.php"
-                                                            data-ajax-id = "<?php echo $ticket_reply_id; ?>"
-                                                            >
+                                                           data-toggle = "ajax-modal"
+                                                           data-modal-size = "lg"
+                                                           data-ajax-url = "ajax/ajax_ticket_reply_edit.php"
+                                                           data-ajax-id = "<?php echo $ticket_reply_id; ?>"
+                                                        >
                                                             <i class="fas fa-fw fa-edit text-secondary mr-2"></i>Edit
                                                         </a>
                                                         <div class="dropdown-divider"></div>
@@ -846,9 +852,9 @@ if (isset($_GET['ticket_id'])) {
                         <h5 class="text-secondary">Contact</h5>
                         <div>
                             <i class="fa fa-fw fa-user text-secondary mr-2"></i><a href="#" data-toggle="ajax-modal"
-                                data-modal-size="lg"
-                                data-ajax-url="ajax/ajax_contact_details.php"
-                                data-ajax-id="<?php echo $contact_id; ?>"><strong><?php echo $contact_name; ?></strong>
+                                                                                   data-modal-size="lg"
+                                                                                   data-ajax-url="ajax/ajax_contact_details.php"
+                                                                                   data-ajax-id="<?php echo $contact_id; ?>"><strong><?php echo $contact_name; ?></strong>
                             </a>
                         </div>
 
@@ -880,21 +886,21 @@ if (isset($_GET['ticket_id'])) {
 
                     </div>
                 <?php } else { ?>
-                <div class="card card-body mb-3">
-                    <h5 class="text-secondary">Contact</h5>
-                    <div>
-                        <i class="fa fa-fw fa-user text-secondary mr-2"></i>
+                    <div class="card card-body mb-3">
+                        <h5 class="text-secondary">Contact</h5>
+                        <div>
+                            <i class="fa fa-fw fa-user text-secondary mr-2"></i>
                             <a href="#"
                                 <?php if (lookupUserPermission("module_support") >= 2 && empty($ticket_closed_at)) { ?>
-                                data-toggle = "ajax-modal"
-                                data-ajax-url = "ajax/ajax_ticket_contact.php"
-                                data-ajax-id = "<?php echo $ticket_id; ?>"
+                                    data-toggle = "ajax-modal"
+                                    data-ajax-url = "ajax/ajax_ticket_contact.php"
+                                    data-ajax-id = "<?php echo $ticket_id; ?>"
                                 <?php } ?>
                             >
-                            <i>No One</i>
-                        </a>
+                                <i>No One</i>
+                            </a>
+                        </div>
                     </div>
-                </div>
                 <?php } ?>
                 <!-- End contact card -->
 
@@ -903,82 +909,82 @@ if (isset($_GET['ticket_id'])) {
                 <?php if (empty($ticket_resolved_at) || (!empty($ticket_resolved_at) && $task_count > 0)) { ?>
                     <div class="card card-body">
 
-                    <?php if (empty($ticket_resolved_at) && lookupUserPermission("module_support") >= 2) { ?>
-                        <form action="post.php" method="post" autocomplete="off">
-                            <input type="hidden" name="ticket_id" value="<?php echo $ticket_id; ?>">
-                            <div class="form-group">
-                                <div class="input-group input-group-sm">
-                                    <input type="text" class="form-control" name="name" placeholder="Create Task">
-                                    <div class="input-group-append">
-                                        <button type="submit" name="add_task" class="btn btn-secondary">
-                                            <i class="fas fa-check"></i>
-                                        </button>
+                        <?php if (empty($ticket_resolved_at) && lookupUserPermission("module_support") >= 2) { ?>
+                            <form action="post.php" method="post" autocomplete="off">
+                                <input type="hidden" name="ticket_id" value="<?php echo $ticket_id; ?>">
+                                <div class="form-group">
+                                    <div class="input-group input-group-sm">
+                                        <input type="text" class="form-control" name="name" placeholder="Create Task">
+                                        <div class="input-group-append">
+                                            <button type="submit" name="add_task" class="btn btn-secondary">
+                                                <i class="fas fa-check"></i>
+                                            </button>
+                                        </div>
                                     </div>
                                 </div>
-                            </div>
-                        </form>
-                    <?php } ?>
+                            </form>
+                        <?php } ?>
 
-                    <table class="table table-sm">
-                        <?php
-                        while($row = mysqli_fetch_array($sql_tasks)){
-                            $task_id = intval($row['task_id']);
-                            $task_name = nullable_htmlentities($row['task_name']);
-                            //$task_description = nullable_htmlentities($row['task_description']); // not in db yet
-                            $task_completion_estimate = intval($row['task_completion_estimate']);
-                            $task_completed_at = nullable_htmlentities($row['task_completed_at']);
-                            ?>
-                            <tr data-task-id="<?php echo $task_id; ?>">
-                                <td>
-                                    <?php if ($task_completed_at) { ?>
-                                        <i class="far fa-fw fa-check-square text-primary"></i>
-                                    <?php } elseif (lookupUserPermission("module_support") >= 2) { ?>
-                                        <a href="post.php?complete_task=<?php echo $task_id; ?>">
-                                            <i class="far fa-fw fa-square text-secondary"></i>
-                                        </a>
-                                    <?php } ?>
-                                </td>
-                                <td>
-                                    <a href="#" class="grab-cursor">
-                                        <span class="text-secondary"><?php echo $task_completion_estimate; ?>m</span>
-                                        <span class="text-dark"> - <?php echo $task_name; ?></span>
-                                    </a>
-                                </td>
-                                <td>
-                                    <div class="float-right">
-                                        <?php if (empty($ticket_resolved_at) && lookupUserPermission("module_support") >= 2) { ?>
-                                            <div class="dropdown dropleft text-center">
-                                                <button class="btn btn-link text-secondary btn-sm" type="button" data-toggle="dropdown">
-                                                    <i class="fas fa-fw fa-ellipsis-v"></i>
-                                                </button>
-                                                <div class="dropdown-menu">
-                                                    <a class="dropdown-item" href="#"
-                                                        data-toggle = "ajax-modal"
-                                                        data-ajax-url = "ajax/ajax_ticket_task_edit.php"
-                                                        data-ajax-id = "<?php echo $task_id; ?>"
-                                                        >
-                                                        <i class="fas fa-fw fa-edit mr-2"></i>Edit
-                                                    </a>
-                                                    <?php if ($task_completed_at) { ?>
-                                                        <a class="dropdown-item" href="post.php?undo_complete_task=<?php echo $task_id; ?>">
-                                                            <i class="fas fa-fw fa-arrow-circle-left mr-2"></i>Mark incomplete
-                                                        </a>
-                                                    <?php } ?>
-                                                    <div class="dropdown-divider"></div>
-                                                    <a class="dropdown-item text-danger confirm-link" href="post.php?delete_task=<?php echo $task_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
-                                                        <i class="fas fa-fw fa-trash-alt mr-2"></i>Delete
-                                                    </a>
-                                                </div>
-                                            </div>
+                        <table class="table table-sm">
+                            <?php
+                            while($row = mysqli_fetch_array($sql_tasks)){
+                                $task_id = intval($row['task_id']);
+                                $task_name = nullable_htmlentities($row['task_name']);
+                                //$task_description = nullable_htmlentities($row['task_description']); // not in db yet
+                                $task_completion_estimate = intval($row['task_completion_estimate']);
+                                $task_completed_at = nullable_htmlentities($row['task_completed_at']);
+                                ?>
+                                <tr data-task-id="<?php echo $task_id; ?>">
+                                    <td>
+                                        <?php if ($task_completed_at) { ?>
+                                            <i class="far fa-fw fa-check-square text-primary"></i>
+                                        <?php } elseif (lookupUserPermission("module_support") >= 2) { ?>
+                                            <a href="post.php?complete_task=<?php echo $task_id; ?>">
+                                                <i class="far fa-fw fa-square text-secondary"></i>
+                                            </a>
                                         <?php } ?>
-                                    </div>
-                                </td>
-                            </tr>
-                        <?php
-                        }
-                        ?>
-                    </table>
-                </div>
+                                    </td>
+                                    <td>
+                                        <a href="#" class="grab-cursor">
+                                            <span class="text-secondary"><?php echo $task_completion_estimate; ?>m</span>
+                                            <span class="text-dark"> - <?php echo $task_name; ?></span>
+                                        </a>
+                                    </td>
+                                    <td>
+                                        <div class="float-right">
+                                            <?php if (empty($ticket_resolved_at) && lookupUserPermission("module_support") >= 2) { ?>
+                                                <div class="dropdown dropleft text-center">
+                                                    <button class="btn btn-link text-secondary btn-sm" type="button" data-toggle="dropdown">
+                                                        <i class="fas fa-fw fa-ellipsis-v"></i>
+                                                    </button>
+                                                    <div class="dropdown-menu">
+                                                        <a class="dropdown-item" href="#"
+                                                           data-toggle = "ajax-modal"
+                                                           data-ajax-url = "ajax/ajax_ticket_task_edit.php"
+                                                           data-ajax-id = "<?php echo $task_id; ?>"
+                                                        >
+                                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                                        </a>
+                                                        <?php if ($task_completed_at) { ?>
+                                                            <a class="dropdown-item" href="post.php?undo_complete_task=<?php echo $task_id; ?>">
+                                                                <i class="fas fa-fw fa-arrow-circle-left mr-2"></i>Mark incomplete
+                                                            </a>
+                                                        <?php } ?>
+                                                        <div class="dropdown-divider"></div>
+                                                        <a class="dropdown-item text-danger confirm-link" href="post.php?delete_task=<?php echo $task_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                                            <i class="fas fa-fw fa-trash-alt mr-2"></i>Delete
+                                                        </a>
+                                                    </div>
+                                                </div>
+                                            <?php } ?>
+                                        </div>
+                                    </td>
+                                </tr>
+                                <?php
+                            }
+                            ?>
+                        </table>
+                    </div>
                 <?php } ?>
                 <!-- End Tasks Card -->
 
@@ -1015,10 +1021,10 @@ if (isset($_GET['ticket_id'])) {
                         <h5 class="text-secondary">Asset</h5>
                         <div>
                             <a href="#"
-                                data-toggle="ajax-modal"
-                                data-modal-size="lg"
-                                data-ajax-url="ajax/ajax_asset_details.php?<?php echo $client_url; ?>"
-                                data-ajax-id="<?php echo $asset_id; ?>">
+                               data-toggle="ajax-modal"
+                               data-modal-size="lg"
+                               data-ajax-url="ajax/ajax_asset_details.php?<?php echo $client_url; ?>"
+                               data-ajax-id="<?php echo $asset_id; ?>">
                                 <i class="fa fa-fw fa-desktop text-secondary mr-2"></i><strong><?php echo $asset_name; ?></strong>
                             </a>
                         </div>
@@ -1115,21 +1121,21 @@ require_once "includes/footer.php";
 
 <!-- Summary Modal -->
 <div class="modal fade" id="summaryModal" tabindex="-1">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content bg-dark">
-      <div class="modal-header">
-        <h5 class="modal-title" id="summaryModalTitle">Ticket Summary</h5>
-        <button type="button" class="close text-white" data-dismiss="modal" aria-label="Close">
-          <span>&times;</span>
-        </button>
-      </div>
-      <div class="modal-body bg-white">
-        <div id="summaryContent" class="text-center">
-          <i class="fas fa-spinner fa-spin"></i> Generating summary...
+    <div class="modal-dialog modal-lg" role="document">
+        <div class="modal-content bg-dark">
+            <div class="modal-header">
+                <h5 class="modal-title" id="summaryModalTitle">Ticket Summary</h5>
+                <button type="button" class="close text-white" data-dismiss="modal" aria-label="Close">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <div class="modal-body bg-white">
+                <div id="summaryContent" class="text-center">
+                    <i class="fas fa-spinner fa-spin"></i> Generating summary...
+                </div>
+            </div>
         </div>
-      </div>
     </div>
-  </div>
 </div>
 
 <script src="js/show_modals.js"></script>
@@ -1145,58 +1151,57 @@ require_once "includes/footer.php";
 <script src="js/pretty_content.js"></script>
 
 <script>
-$('#summaryModal').on('shown.bs.modal', function (e) {
-    // Perform AJAX request to get the summary
-    $.ajax({
-        url: 'post.php?ai_ticket_summary',
-        method: 'POST',
-        data: { ticket_id: <?php echo $ticket_id; ?> },
-        success: function(response) {
-          $('#summaryContent').html(response);
-        },
-        error: function() {
-          $('#summaryContent').html('Error generating summary.');
-        }
+    $('#summaryModal').on('shown.bs.modal', function (e) {
+        // Perform AJAX request to get the summary
+        $.ajax({
+            url: 'post.php?ai_ticket_summary',
+            method: 'POST',
+            data: { ticket_id: <?php echo $ticket_id; ?> },
+            success: function(response) {
+                $('#summaryContent').html(response);
+            },
+            error: function() {
+                $('#summaryContent').html('Error generating summary.');
+            }
+        });
     });
-});
 </script>
 
 
 <script src="plugins/dragula/dragula.min.js"></script>
 <script>
-$(document).ready(function() {
-    var container = $('.table tbody')[0];
+    $(document).ready(function() {
+        var container = $('.table tbody')[0];
 
-    dragula([container])
-        .on('drop', function (el, target, source, sibling) {
-            // Handle the drop event to update the order in the database
-            var rows = $(container).children();
-            var positions = rows.map(function(index, row) {
-                return {
-                    id: $(row).data('taskId'),
-                    order: index
-                };
-            }).get();
+        dragula([container])
+            .on('drop', function (el, target, source, sibling) {
+                // Handle the drop event to update the order in the database
+                var rows = $(container).children();
+                var positions = rows.map(function(index, row) {
+                    return {
+                        id: $(row).data('taskId'),
+                        order: index
+                    };
+                }).get();
 
-            //console.log('New positions:', positions);
+                //console.log('New positions:', positions);
 
-            // Send the new order to the server (example using fetch)
-            $.ajax({
-                url: 'ajax.php',
-                method: 'POST',
-                data: {
-                    update_ticket_tasks_order: true,
-                    ticket_id: <?php echo $ticket_id; ?>,
-                    positions: positions
-                },
-                success: function(data) {
-                    //console.log('Order updated:', data);
-                },
-                error: function(error) {
-                    console.error('Error updating order:', error);
-                }
+                // Send the new order to the server (example using fetch)
+                $.ajax({
+                    url: 'ajax.php',
+                    method: 'POST',
+                    data: {
+                        update_ticket_tasks_order: true,
+                        ticket_id: <?php echo $ticket_id; ?>,
+                        positions: positions
+                    },
+                    success: function(data) {
+                        //console.log('Order updated:', data);
+                    },
+                    error: function(error) {
+                        console.error('Error updating order:', error);
+                    }
+                });
             });
-        });
-});
+    });
 </script>
-
diff --git a/ticket_redact.php b/ticket_redact.php
new file mode 100644
index 00000000..76055838
--- /dev/null
+++ b/ticket_redact.php
@@ -0,0 +1,127 @@
+<?php
+
+require_once "includes/inc_all.php";
+
+// Perms - Admins only
+if (!isset($session_is_admin) || !$session_is_admin) {
+    exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
+}
+
+//Initialize the HTML Purifier to prevent XSS
+require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+
+if (isset($_GET['ticket_id'])) {
+    $ticket_id = intval($_GET['ticket_id']);
+
+    $ticket_sql = mysqli_query(
+        $mysqli,
+        "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets
+        WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL
+        LIMIT 1"
+    );
+
+    if (mysqli_num_rows($ticket_sql) == 0) {
+
+        echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
+
+    } else {
+
+        $ticket_row = mysqli_fetch_array($ticket_sql);
+        $ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
+        $ticket_number = intval($ticket_row['ticket_number']);
+        $ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
+        $ticket_details = $purifier->purify($ticket_row['ticket_details']);
+
+        // Get ticket replies
+        $sql_ticket_replies = mysqli_query(
+            $mysqli,
+            "SELECT * FROM ticket_replies 
+            LEFT JOIN users ON ticket_reply_by = user_id
+            LEFT JOIN contacts ON ticket_reply_by = contact_id
+            WHERE ticket_reply_ticket_id = $ticket_id
+            AND ticket_reply_archived_at IS NULL
+            ORDER BY ticket_reply_id DESC"
+        );
+
+        ?>
+
+        <!-- Breadcrumbs-->
+        <ol class="breadcrumb d-print-none">
+            <li class="breadcrumb-item">
+                <a href="tickets.php">Tickets</a>
+            </li>
+            <li class="breadcrumb-item active"><i class="fas fa-life-ring mr-1"></i><?php echo "$ticket_prefix$ticket_number";?></li>
+        </ol>
+
+        <div class="card">
+            <div class="card-header">
+                <div class="card-title">
+                    <i class="fa fa-2x fa-fw fa fa-life-ring text-secondary mr-2"></i>
+                    <span class="h3"><?php echo "$ticket_prefix$ticket_number - $ticket_subject"; ?></span>
+                </div>
+            </div>
+        </div>
+
+        <!-- Ticket details -->
+        <div class="card">
+            <div class="card-header">
+                <div class="card-title">
+                    Ticket Details
+                </div>
+            </div>
+            <div class="card-body prettyContent">
+                <?php echo $ticket_details ?>
+            </div>
+        </div>
+        <!-- End Ticket details -->
+
+        <hr>
+
+        <?php
+        // Cycle though all ticket replies
+        while ($row = mysqli_fetch_array($sql_ticket_replies)) {
+            $ticket_reply_id = intval($row['ticket_reply_id']);
+            $ticket_reply = $purifier->purify($row['ticket_reply']);
+            $ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']);
+            if ($ticket_reply_type == "Client") {
+                $ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
+            } else {
+                $ticket_reply_by_display = nullable_htmlentities($row['user_name']);
+            } ?>
+
+            <div class="card">
+                <div class="card-header">
+                    <div class="card-title">
+                        <?php echo ucfirst($ticket_reply_type) ?> ticket reply by <?php echo $ticket_reply_by_display ?>
+                    </div>
+                    <div class="float-right">
+                        <a href="ticket_redact_details.php?ticket_id=<?php echo $ticket_id; ?>&ticket_reply_id=<?php echo $ticket_reply_id?>" class="btn btn-danger btn-sm ml-3">
+                            <i class="fas fa-fw fa-marker mr-2"></i>Redact
+                        </a>
+                    </div>
+                </div>
+                <div class="card-body prettyContent">
+                    <?php echo $ticket_reply ?>
+                </div>
+            </div>
+
+        <?php }
+        // End ticket replies
+
+
+    } // End ticket row SQL
+
+
+} else {
+    echo "No ticket ID specified";
+}
+
+require_once "includes/footer.php";
+
+?>
+
diff --git a/ticket_redact_details.php b/ticket_redact_details.php
new file mode 100644
index 00000000..4b5d6273
--- /dev/null
+++ b/ticket_redact_details.php
@@ -0,0 +1,122 @@
+<?php
+
+require_once "includes/inc_all.php";
+
+// Perms - Admins only
+if (!isset($session_is_admin) || !$session_is_admin) {
+    exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
+}
+
+//Initialize the HTML Purifier to prevent XSS
+require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+if (isset($_GET['ticket_id']) && isset($_GET['ticket_reply_id'])) {
+    $ticket_id = intval($_GET['ticket_id']);
+    $ticket_reply_id = intval($_GET['ticket_reply_id']);
+
+    $ticket_sql = mysqli_query(
+        $mysqli,
+        "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id FROM tickets
+        WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL
+        LIMIT 1"
+    );
+
+    if (mysqli_num_rows($ticket_sql) == 0) {
+
+        echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
+
+    } else {
+
+        $ticket_row = mysqli_fetch_array($ticket_sql);
+        $ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
+        $ticket_number = intval($ticket_row['ticket_number']);
+        $ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
+        $client_id = intval($ticket_row['ticket_client_id']);
+
+        // Get ticket reply
+        $sql_ticket_reply = mysqli_query(
+            $mysqli,
+            "SELECT * FROM ticket_replies 
+            LEFT JOIN users ON ticket_reply_by = user_id
+            LEFT JOIN contacts ON ticket_reply_by = contact_id
+            WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id
+            AND ticket_reply_archived_at IS NULL
+            LIMIT 1"
+        );
+
+        if (mysqli_num_rows($ticket_sql) == 0) {
+
+            echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
+
+        } else {
+
+            $reply_row = mysqli_fetch_array($sql_ticket_reply);
+
+            $ticket_reply = $purifier->purify($reply_row['ticket_reply']);
+            $ticket_reply_type = nullable_htmlentities($reply_row['ticket_reply_type']);
+            if ($ticket_reply_type == "Client") {
+                $ticket_reply_by_display = nullable_htmlentities($reply_row['contact_name']);
+            } else {
+                $ticket_reply_by_display = nullable_htmlentities($reply_row['user_name']);
+            } ?>
+
+            <!-- Breadcrumbs-->
+            <ol class="breadcrumb d-print-none">
+                <li class="breadcrumb-item">
+                    <a href="tickets.php">Tickets</a>
+                </li>
+                <li class="breadcrumb-item active"><i class="fas fa-life-ring mr-1"></i><?php echo "$ticket_prefix$ticket_number";?></li>
+            </ol>
+
+            <div class="card">
+                <div class="card-header">
+                    <div class="card-title">
+                        <i class="fa fa-2x fa-fw fa fa-life-ring text-secondary mr-2"></i>
+                        <span class="h3"><?php echo "$ticket_prefix$ticket_number - $ticket_subject: " . ucfirst($ticket_reply_type) . " ticket reply by $ticket_reply_by_display" ?></span>
+                    </div>
+                </div>
+            </div>
+
+            <div class="card card-body d-print-none pb-0">
+
+                <form action="post.php" enctype="multipart/form-data" method="post">
+                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+                    <input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
+                    <input type="hidden" name="ticket_reply_id" value="<?php echo $ticket_reply_id ?>">
+                    <input type="hidden" name="client_id" value="<?php echo $client_id ?>">
+                    <div class="form-group">
+                        <textarea id="tinymceTicketRedact" name="ticket_reply" class="form-control tinymceTicketRedact"><?php echo $ticket_reply?></textarea>
+                    </div>
+
+                    <div class="form-group">
+                        <button onclick="redactSelectedText()" class="btn btn-secondary" type="button">Redact Selected Text</button>
+                    </div>
+
+                    <div class="form-group float-right">
+                        <button type="submit" id="redact_ticket_reply" name="redact_ticket_reply" class="btn btn-success ml-3"><i class="fas fa-check mr-2"></i>Save</button>
+                    </div>
+
+                </form>
+
+            </div>
+
+            <!-- Javascript for the redaction text editor -->
+            <script src="js/ticket_redact.js"></script>
+
+        <?php }
+        // End ticket replies
+
+
+    } // End ticket row SQL
+
+
+} else {
+    echo "No ticket ID specified";
+}
+
+require_once "includes/footer.php";
+