From b1bb854328680aebb2bdc1d4734f72b40901dccb Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 14:56:04 +0000
Subject: [PATCH] Escape potential HTML in ticket prefix

---
 client_contact_details_modal.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client_contact_details_modal.php b/client_contact_details_modal.php
index 58cf6ca6..749ac31b 100644
--- a/client_contact_details_modal.php
+++ b/client_contact_details_modal.php
@@ -105,7 +105,7 @@
 
               while($row = mysqli_fetch_array($sql_related_tickets)){
                 $ticket_id = $row['ticket_id'];
-                $ticket_prefix = $row['ticket_prefix'];
+                $ticket_prefix = htmlentities($row['ticket_prefix']);
                 $ticket_number = $row['ticket_number'];
                 $ticket_subject = htmlentities($row['ticket_subject']);