AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed HTML Purify on tickets.php and use htmlentities instead to mimic client_tickets.php was causing some rendering issues when you goto edit a ticket under client tickets tested for XSS all tests came back clean

This commit is contained in:
johnnyq 2023-05-08 13:24:43 -04:00
parent 5ee78ef1f3
commit 9887fc4a19
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tickets.php
View File

@ -6,12 +6,6 @@ $o = "DESC";
require_once("inc_all.php");
//Initialize the HTML Purifier to prevent XSS
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
@ -267,7 +261,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_details = $purifier->purify($row['ticket_details']);
$ticket_details = htmlentities($row['ticket_details']);
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']);