AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Rendering issues with tickets editing because ticket client_tickets and ticket all share the same edit modal which already uses htmlentites to prevent xss but so it doesnt conflict with htmlpurify in ticket details we decided to split the vars to ticket_details and ticket_details_edit which is unfilter initially but gets filtered in the modals

Browse Source
This commit is contained in:
johnnyq
2023-05-08 13:52:43 -04:00
parent 9887fc4a19
commit eb9a8000b1
4 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ticket.php
View File

@@ -44,8 +44,8 @@ if (isset($_GET['ticket_id'])) {
$ticket_number = intval($row['ticket_number']);
$ticket_category = htmlentities($row['ticket_category']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_details = $purifier->purify($row['ticket_details']);
//$ticket_details = $row['ticket_details'];
$ticket_details = $purifier->purify($row['ticket_details']); // We use Purify so HTML can be rendered securely on this page
$ticket_details_edit = $row['ticket_details']; // HTML Entities is used in the edit modal this is because tickets and ticket details share the edit modal and to prevent double html encoding causing output yuck
$ticket_priority = htmlentities($row['ticket_priority']);
//Set Ticket Bage Color based of priority
if ($ticket_priority == "High") {