AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Signature in ticket reply POST dont add a signature if Internal

This commit is contained in:
johnnyq 2025-10-08 14:48:13 -04:00
parent 27e1d6a9cd
commit e3e7c2e38b
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/post/ticket.php
View File

@ -1567,7 +1567,7 @@ if (isset($_POST['add_ticket_reply'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); $ticket_reply = $_POST['ticket_reply']; // Reply is SQL escaped below
$ticket_status = intval($_POST['status']); $ticket_status = intval($_POST['status']);
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);
@ -1588,6 +1588,12 @@ if (isset($_POST['add_ticket_reply'])) {
} else { } else {
$ticket_reply_type = 'Internal'; $ticket_reply_type = 'Internal';
} }
// Add Signature to the end of the ticket reply if not Internal and if there is reply
if ($ticket_reply !== '' && $ticket_reply_type !== 'Internal') {
$ticket_reply .= getFieldById('user_settings',$session_user_id,'user_config_signature', 'raw');
}
$ticket_reply = mysqli_escape_string($mysqli, $ticket_reply); // SQL Escape Ticket Reply
// Update Ticket Status & updated at (in case status didn't change) // Update Ticket Status & updated at (in case status didn't change)
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id"); mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id");

1
agent/ticket.php
View File

@ -620,7 +620,6 @@ if (isset($_GET['ticket_id'])) {
<textarea <textarea
class="form-control tinymceTicket" name="ticket_reply" class="form-control tinymceTicket" name="ticket_reply"
placeholder="Type a response"> placeholder="Type a response">
<?php echo getFieldById('user_settings',$session_user_id,'user_config_signature','html'); ?>
</textarea> </textarea>
</div> </div>

2
functions.php
View File

@ -1607,6 +1607,8 @@ function getFieldById($table, $id, $field, $escape_method = 'sql') {
// Apply the desired escaping method or auto-detect integer type if using SQL escaping // Apply the desired escaping method or auto-detect integer type if using SQL escaping
switch ($escape_method) { switch ($escape_method) {
case 'raw':
return $value; // Return as-is from the database
case 'html': case 'html':
return htmlspecialchars($value ?? '', ENT_QUOTES, 'UTF-8'); // Escape for HTML return htmlspecialchars($value ?? '', ENT_QUOTES, 'UTF-8'); // Escape for HTML
case 'json': case 'json':