diff --git a/client_document_edit_modal.php b/client_document_edit_modal.php
index e4d43eca..6b3ab3ef 100644
--- a/client_document_edit_modal.php
+++ b/client_document_edit_modal.php
@@ -17,7 +17,7 @@
-
+
diff --git a/client_document_templates.php b/client_document_templates.php
index 9d012317..dd048fd7 100644
--- a/client_document_templates.php
+++ b/client_document_templates.php
@@ -2,12 +2,6 @@
require_once("inc_all_client.php");
-//Initialize the HTML Purifier to prevent XSS
-require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
// Sort by
if (!empty($_GET['sb'])) {
$sb = sanitizeInput($_GET['sb']);
@@ -87,8 +81,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) {
$document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']);
- //$document_content = $purifier->purify($row['document_content']);
- $document_content = $row['document_content'];
+ $document_content = htmlentities($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']);
diff --git a/client_documents.php b/client_documents.php
index 34bf3a03..bab42bd9 100644
--- a/client_documents.php
+++ b/client_documents.php
@@ -6,12 +6,6 @@ $o = "ASC";
require_once("inc_all_client.php");
-//Initialize the HTML Purifier to prevent XSS
-require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
// Folder
if (!empty($_GET['folder_id'])) {
$folder = intval($_GET['folder_id']);
@@ -179,7 +173,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) {
$document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']);
- $document_content = $purifier->purify($row['document_content']);
+ $document_content = htmlentities($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']);
@@ -212,7 +206,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
diff --git a/client_tickets.php b/client_tickets.php
index ff7c4cb0..91356d37 100644
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -6,12 +6,6 @@ $o = "DESC";
require_once("inc_all_client.php");
-//Initialize the HTML Purifier to prevent XSS
-require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
@@ -88,7 +82,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = htmlentities($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
- $ticket_details = $purifier->purify($row['ticket_details']);
+ $ticket_details = htmlentities($row['ticket_details']);
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']);
diff --git a/scheduled_ticket_add_modal.php b/scheduled_ticket_add_modal.php
index e3ed8b68..b91b392b 100644
--- a/scheduled_ticket_add_modal.php
+++ b/scheduled_ticket_add_modal.php
@@ -133,7 +133,7 @@
-
+
diff --git a/scheduled_ticket_edit_modal.php b/scheduled_ticket_edit_modal.php
index b29be050..008b1db3 100644
--- a/scheduled_ticket_edit_modal.php
+++ b/scheduled_ticket_edit_modal.php
@@ -77,7 +77,7 @@
-
+
diff --git a/tickets.php b/tickets.php
index 9e8ce35a..34e8ca1d 100644
--- a/tickets.php
+++ b/tickets.php
@@ -6,12 +6,6 @@ $o = "DESC";
require_once("inc_all.php");
-//Initialize the HTML Purifier to prevent XSS
-require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
@@ -267,9 +261,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
- $ticket_details = $purifier->purify($row['ticket_details']);
- //$ticket_details = htmlentities($row['ticket_details']);
- //$ticket_details = $row['ticket_details'];
+ $ticket_details = htmlentities($row['ticket_details']);
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']);