From eb9a8000b1a185a5b127820a65cb826c4d0c2cdd Mon Sep 17 00:00:00 2001 From: johnnyq Date: Mon, 8 May 2023 13:52:43 -0400 Subject: [PATCH] Fix Rendering issues with tickets editing because ticket client_tickets and ticket all share the same edit modal which already uses htmlentites to prevent xss but so it doesnt conflict with htmlpurify in ticket details we decided to split the vars to ticket_details and ticket_details_edit which is unfilter initially but gets filtered in the modals --- client_tickets.php | 1 + ticket.php | 4 ++-- ticket_edit_modal.php | 2 +- tickets.php | 1 + 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/client_tickets.php b/client_tickets.php index 91356d37..ee43dce1 100644 --- a/client_tickets.php +++ b/client_tickets.php @@ -83,6 +83,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $ticket_number = htmlentities($row['ticket_number']); $ticket_subject = htmlentities($row['ticket_subject']); $ticket_details = htmlentities($row['ticket_details']); + $ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck $ticket_priority = htmlentities($row['ticket_priority']); $ticket_status = htmlentities($row['ticket_status']); $ticket_created_at = htmlentities($row['ticket_created_at']); diff --git a/ticket.php b/ticket.php index bc896525..842a30bc 100644 --- a/ticket.php +++ b/ticket.php @@ -44,8 +44,8 @@ if (isset($_GET['ticket_id'])) { $ticket_number = intval($row['ticket_number']); $ticket_category = htmlentities($row['ticket_category']); $ticket_subject = htmlentities($row['ticket_subject']); - $ticket_details = $purifier->purify($row['ticket_details']); - //$ticket_details = $row['ticket_details']; + $ticket_details = $purifier->purify($row['ticket_details']); // We use Purify so HTML can be rendered securely on this page + $ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck $ticket_priority = htmlentities($row['ticket_priority']); //Set Ticket Bage Color based of priority if ($ticket_priority == "High") { diff --git a/ticket_edit_modal.php b/ticket_edit_modal.php index e245648a..ea4f3381 100644 --- a/ticket_edit_modal.php +++ b/ticket_edit_modal.php @@ -45,7 +45,7 @@
- +
diff --git a/tickets.php b/tickets.php index 34e8ca1d..68904f35 100644 --- a/tickets.php +++ b/tickets.php @@ -262,6 +262,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']); $ticket_number = intval($row['ticket_number']); $ticket_subject = htmlentities($row['ticket_subject']); $ticket_details = htmlentities($row['ticket_details']); + $ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck $ticket_priority = htmlentities($row['ticket_priority']); $ticket_status = htmlentities($row['ticket_status']); $ticket_created_at = htmlentities($row['ticket_created_at']);