From 81550bd7a8d172fdbc9a36ef2aff4a96dfc29118 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Wed, 3 Dec 2025 15:13:52 +0000
Subject: [PATCH] Ticket merge input - strip text

---
 agent/ajax.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agent/ajax.php b/agent/ajax.php
index 4a37f0e0..0b27f9b8 100644
--- a/agent/ajax.php
+++ b/agent/ajax.php
@@ -46,7 +46,7 @@ if (isset($_GET['certificate_fetch_parse_json_details'])) {
 if (isset($_GET['merge_ticket_get_json_details'])) {
     enforceUserPermission('module_support');
 
-    $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
+    $merge_into_ticket_number = intval(preg_replace('/[^0-9]/', '', $_GET['merge_into_ticket_number']));
 
     $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, ticket_status_name, client_name, contact_name FROM tickets
         LEFT JOIN clients ON ticket_client_id = client_id