From 9887fc4a19d5f5bf57994271a61bab4c04254090 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 8 May 2023 13:24:43 -0400
Subject: [PATCH] Removed HTML Purify on tickets.php and use htmlentities
 instead to mimic client_tickets.php was causing some rendering issues when
 you goto edit a ticket under client tickets tested for XSS all tests came
 back clean

---
 tickets.php | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/tickets.php b/tickets.php
index 5f2a4ec0..34e8ca1d 100644
--- a/tickets.php
+++ b/tickets.php
@@ -6,12 +6,6 @@ $o = "DESC";
 
 require_once("inc_all.php");
 
-//Initialize the HTML Purifier to prevent XSS
-require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
 // Ticket status from GET
 if (!isset($_GET['status'])) {
     // If nothing is set, assume we only want to see open tickets
@@ -267,7 +261,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
                         $ticket_prefix = htmlentities($row['ticket_prefix']);
                         $ticket_number = intval($row['ticket_number']);
                         $ticket_subject = htmlentities($row['ticket_subject']);
-                        $ticket_details = $purifier->purify($row['ticket_details']);
+                        $ticket_details = htmlentities($row['ticket_details']);
                         $ticket_priority = htmlentities($row['ticket_priority']);
                         $ticket_status = htmlentities($row['ticket_status']);
                         $ticket_created_at = htmlentities($row['ticket_created_at']);