diff --git a/agent/post/ticket.php b/agent/post/ticket.php index 4694ac70..e7dd756f 100644 --- a/agent/post/ticket.php +++ b/agent/post/ticket.php @@ -1567,7 +1567,7 @@ if (isset($_POST['add_ticket_reply'])) { enforceUserPermission('module_support', 2); $ticket_id = intval($_POST['ticket_id']); - $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); + $ticket_reply = $_POST['ticket_reply']; // Reply is SQL escaped below $ticket_status = intval($_POST['status']); $client_id = intval($_POST['client_id']); @@ -1588,6 +1588,12 @@ if (isset($_POST['add_ticket_reply'])) { } else { $ticket_reply_type = 'Internal'; } + // Add Signature to the end of the ticket reply if not Internal and if there is reply + if ($ticket_reply !== '' && $ticket_reply_type !== 'Internal') { + $ticket_reply .= getFieldById('user_settings',$session_user_id,'user_config_signature', 'raw'); + } + + $ticket_reply = mysqli_escape_string($mysqli, $ticket_reply); // SQL Escape Ticket Reply // Update Ticket Status & updated at (in case status didn't change) mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id"); diff --git a/agent/ticket.php b/agent/ticket.php index 03333082..162bfe0a 100644 --- a/agent/ticket.php +++ b/agent/ticket.php @@ -620,7 +620,6 @@ if (isset($_GET['ticket_id'])) { diff --git a/functions.php b/functions.php index 740a7d1b..f05bf93d 100644 --- a/functions.php +++ b/functions.php @@ -1607,6 +1607,8 @@ function getFieldById($table, $id, $field, $escape_method = 'sql') { // Apply the desired escaping method or auto-detect integer type if using SQL escaping switch ($escape_method) { + case 'raw': + return $value; // Return as-is from the database case 'html': return htmlspecialchars($value ?? '', ENT_QUOTES, 'UTF-8'); // Escape for HTML case 'json':