AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-28 00:05:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ticket redaction feature

Browse Source
This commit is contained in:
wrongecho
2025-03-18 09:40:39 +00:00
parent ad9e4b4fb4
commit 6a8d2cf1d4
6 changed files with 560 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
js/app.js
View File

@@ -277,6 +277,23 @@ tinymce.init({
} }
}); });
// Initialize TinyMCE editor with only a redact button
tinymce.init({
selector: '.tinymceTicketRedact',
browser_spellcheck: false,
contextmenu: false,
resize: true,
min_height: 300,
max_height: 500,
promotion: false,
branding: false,
menubar: false,
statusbar: false,
license_key: 'gpl',
readonly: true,
toolbar: '',
});
// DateTime // DateTime
$('.datetimepicker').datetimepicker({ $('.datetimepicker').datetimepicker({
}); });

15
js/ticket_redact.js Normal file
View File

@@ -0,0 +1,15 @@
// Redact the selected text in TinyMCE
function redactSelectedText() {
const editor = tinymce.get('tinymceTicketRedact'); // Get TinyMCE editor instance
const selectedText = editor.selection.getContent(); // Get selected content
if (selectedText) {
// Wrap the selected text with a redacted span
const redactedNode = `<strong><span style="color: #e03e2d;">[REDACTED]</span></strong>`;
// Replace the selected text with the redacted span
editor.selection.setContent(redactedNode);
} else {
alert('Please select some text to redact.');
}
}

23
post/user/ticket.php
View File

@@ -1572,6 +1572,29 @@ if (isset($_GET['archive_ticket_reply'])) {
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
} }
if (isset($_POST['redact_ticket_reply'])) {
// Perms - Admins only
if (!isset($session_is_admin) || !$session_is_admin) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
}
validateCSRFToken($_POST['csrf_token']);
$ticket_id = intval($_POST['ticket_id']);
$ticket_reply_id = intval($_POST['ticket_reply_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
$client_id = intval($_POST['client_id']);
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
$_SESSION['alert_message'] = "Ticket reply redacted";
header("Location: ticket_redact.php?ticket_id=" . $ticket_id);
}
if (isset($_POST['merge_ticket'])) { if (isset($_POST['merge_ticket'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);

11
ticket.php
View File

@@ -385,9 +385,15 @@ if (isset($_GET['ticket_id'])) {
</a> </a>
<?php } <?php }
if (!empty($ticket_closed_at) && isset($session_is_admin) && $session_is_admin) { ?>
<a href="ticket_redact.php?ticket_id=<?php echo $ticket_id; ?>" class="btn btn-danger btn-sm ml-3">
<i class="fas fa-fw fa-marker mr-2"></i>Redact
</a>
<?php }
if (empty($ticket_closed_at)) { ?> if (empty($ticket_closed_at)) { ?>
<?php if (!empty($ticket_resolved_at)) { ?> <?php if (empty($ticket_closed_at) && !empty($ticket_resolved_at)) { ?>
<a href="post.php?reopen_ticket=<?php echo $ticket_id; ?>" class="btn btn-light btn-sm ml-3"> <a href="post.php?reopen_ticket=<?php echo $ticket_id; ?>" class="btn btn-light btn-sm ml-3">
<i class="fas fa-fw fa-redo mr-2"></i>Reopen <i class="fas fa-fw fa-redo mr-2"></i>Reopen
</a> </a>
@@ -476,7 +482,7 @@ if (isset($_GET['ticket_id'])) {
$ticket_closed_by_display = 'User'; $ticket_closed_by_display = 'User';
if (!empty($ticket_closed_by)) { if (!empty($ticket_closed_by)) {
$sql_closed_by = mysqli_query($mysqli, "SELECT * FROM tickets, users WHERE ticket_closed_by = user_id"); $sql_closed_by = mysqli_query($mysqli, "SELECT user_name FROM users WHERE user_id = $ticket_closed_by");
$row = mysqli_fetch_array($sql_closed_by); $row = mysqli_fetch_array($sql_closed_by);
$ticket_closed_by_display = nullable_htmlentities($row['user_name']); $ticket_closed_by_display = nullable_htmlentities($row['user_name']);
} }
@@ -1199,4 +1205,3 @@ $(document).ready(function() {
}); });
}); });
</script> </script>

127
ticket_redact.php Normal file
View File

@@ -0,0 +1,127 @@
<?php
require_once "includes/inc_all.php";
// Perms - Admins only
if (!isset($session_is_admin) || !$session_is_admin) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
}
//Initialize the HTML Purifier to prevent XSS
require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
if (isset($_GET['ticket_id'])) {
$ticket_id = intval($_GET['ticket_id']);
$ticket_sql = mysqli_query(
$mysqli,
"SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets
WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL
LIMIT 1"
);
if (mysqli_num_rows($ticket_sql) == 0) {
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
} else {
$ticket_row = mysqli_fetch_array($ticket_sql);
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
$ticket_number = intval($ticket_row['ticket_number']);
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
$ticket_details = $purifier->purify($ticket_row['ticket_details']);
// Get ticket replies
$sql_ticket_replies = mysqli_query(
$mysqli,
"SELECT * FROM ticket_replies
LEFT JOIN users ON ticket_reply_by = user_id
LEFT JOIN contacts ON ticket_reply_by = contact_id
WHERE ticket_reply_ticket_id = $ticket_id
AND ticket_reply_archived_at IS NULL
ORDER BY ticket_reply_id DESC"
);
?>
<!-- Breadcrumbs-->
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="tickets.php">Tickets</a>
</li>
<li class="breadcrumb-item active"><i class="fas fa-life-ring mr-1"></i><?php echo "$ticket_prefix$ticket_number";?></li>
</ol>
<div class="card">
<div class="card-header">
<div class="card-title">
<i class="fa fa-2x fa-fw fa fa-life-ring text-secondary mr-2"></i>
<span class="h3"><?php echo "$ticket_prefix$ticket_number - $ticket_subject"; ?></span>
</div>
</div>
</div>
<!-- Ticket details -->
<div class="card">
<div class="card-header">
<div class="card-title">
Ticket Details
</div>
</div>
<div class="card-body prettyContent">
<?php echo $ticket_details ?>
</div>
</div>
<!-- End Ticket details -->
<hr>
<?php
// Cycle though all ticket replies
while ($row = mysqli_fetch_array($sql_ticket_replies)) {
$ticket_reply_id = intval($row['ticket_reply_id']);
$ticket_reply = $purifier->purify($row['ticket_reply']);
$ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']);
if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
} else {
$ticket_reply_by_display = nullable_htmlentities($row['user_name']);
} ?>
<div class="card">
<div class="card-header">
<div class="card-title">
<?php echo ucfirst($ticket_reply_type) ?> ticket reply by <?php echo $ticket_reply_by_display ?>
</div>
<div class="float-right">
<a href="ticket_redact_details.php?ticket_id=<?php echo $ticket_id; ?>&ticket_reply_id=<?php echo $ticket_reply_id?>" class="btn btn-danger btn-sm ml-3">
<i class="fas fa-fw fa-marker mr-2"></i>Redact
</a>
</div>
</div>
<div class="card-body prettyContent">
<?php echo $ticket_reply ?>
</div>
</div>
<?php }
// End ticket replies
} // End ticket row SQL
} else {
echo "No ticket ID specified";
}
require_once "includes/footer.php";
?>

122
ticket_redact_details.php Normal file
View File

@@ -0,0 +1,122 @@
<?php
require_once "includes/inc_all.php";
// Perms - Admins only
if (!isset($session_is_admin) || !$session_is_admin) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
}
//Initialize the HTML Purifier to prevent XSS
require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
if (isset($_GET['ticket_id']) && isset($_GET['ticket_reply_id'])) {
$ticket_id = intval($_GET['ticket_id']);
$ticket_reply_id = intval($_GET['ticket_reply_id']);
$ticket_sql = mysqli_query(
$mysqli,
"SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id FROM tickets
WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL
LIMIT 1"
);
if (mysqli_num_rows($ticket_sql) == 0) {
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
} else {
$ticket_row = mysqli_fetch_array($ticket_sql);
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
$ticket_number = intval($ticket_row['ticket_number']);
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
$client_id = intval($ticket_row['ticket_client_id']);
// Get ticket reply
$sql_ticket_reply = mysqli_query(
$mysqli,
"SELECT * FROM ticket_replies
LEFT JOIN users ON ticket_reply_by = user_id
LEFT JOIN contacts ON ticket_reply_by = contact_id
WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id
AND ticket_reply_archived_at IS NULL
LIMIT 1"
);
if (mysqli_num_rows($ticket_sql) == 0) {
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
} else {
$reply_row = mysqli_fetch_array($sql_ticket_reply);
$ticket_reply = $purifier->purify($reply_row['ticket_reply']);
$ticket_reply_type = nullable_htmlentities($reply_row['ticket_reply_type']);
if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = nullable_htmlentities($reply_row['contact_name']);
} else {
$ticket_reply_by_display = nullable_htmlentities($reply_row['user_name']);
} ?>
<!-- Breadcrumbs-->
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="tickets.php">Tickets</a>
</li>
<li class="breadcrumb-item active"><i class="fas fa-life-ring mr-1"></i><?php echo "$ticket_prefix$ticket_number";?></li>
</ol>
<div class="card">
<div class="card-header">
<div class="card-title">
<i class="fa fa-2x fa-fw fa fa-life-ring text-secondary mr-2"></i>
<span class="h3"><?php echo "$ticket_prefix$ticket_number - $ticket_subject: " . ucfirst($ticket_reply_type) . " ticket reply by $ticket_reply_by_display" ?></span>
</div>
</div>
</div>
<div class="card card-body d-print-none pb-0">
<form action="post.php" enctype="multipart/form-data" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
<input type="hidden" name="ticket_reply_id" value="<?php echo $ticket_reply_id ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<div class="form-group">
<textarea id="tinymceTicketRedact" name="ticket_reply" class="form-control tinymceTicketRedact"><?php echo $ticket_reply?></textarea>
</div>
<div class="form-group">
<button onclick="redactSelectedText()" class="btn btn-secondary" type="button">Redact Selected Text</button>
</div>
<div class="form-group float-right">
<button type="submit" id="redact_ticket_reply" name="redact_ticket_reply" class="btn btn-success ml-3"><i class="fas fa-check mr-2"></i>Save</button>
</div>
</form>
</div>
<!-- Javascript for the redaction text editor -->
<script src="js/ticket_redact.js"></script>
<?php }
// End ticket replies
} // End ticket row SQL
} else {
echo "No ticket ID specified";
}
require_once "includes/footer.php";