AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Rendering issues with tickets editing because ticket client_tickets and ticket all share the same edit modal which already uses htmlentites to prevent xss but so it doesnt conflict with htmlpurify in ticket details we decided to split the vars to ticket_details and ticket_details_edit which is unfilter initially but gets filtered in the modals

This commit is contained in:
johnnyq 2023-05-08 13:52:43 -04:00
parent 9887fc4a19
commit eb9a8000b1
4 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client_tickets.php
View File

@ -83,6 +83,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$ticket_number = htmlentities($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_details = htmlentities($row['ticket_details']);
$ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']);

4
ticket.php
View File

@ -44,8 +44,8 @@ if (isset($_GET['ticket_id'])) {
$ticket_number = intval($row['ticket_number']);
$ticket_category = htmlentities($row['ticket_category']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_details = $purifier->purify($row['ticket_details']);
//$ticket_details = $row['ticket_details'];
$ticket_details = $purifier->purify($row['ticket_details']); // We use Purify so HTML can be rendered securely on this page
$ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck
$ticket_priority = htmlentities($row['ticket_priority']);
//Set Ticket Bage Color based of priority
if ($ticket_priority == "High") {

2
ticket_edit_modal.php
View File

@ -45,7 +45,7 @@
</div>
<div class="form-group">
<textarea class="form-control summernote" rows="8" name="details" required><?php echo htmlentities($ticket_details); ?></textarea>
<textarea class="form-control summernote" rows="8" name="details" required><?php echo htmlentities($ticket_details_edit); ?></textarea>
</div>
<div class="form-group">

1
tickets.php
View File

@ -262,6 +262,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_details = htmlentities($row['ticket_details']);
$ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']);