AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape potential HTML data from ticket reply contact/user fields

This commit is contained in:
Marcus Hill 2023-01-02 15:50:35 +00:00
parent f2efa79c57
commit f7bfeedf54
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
portal/ticket.php
View File

@ -112,12 +112,12 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_reply_type = $row['ticket_reply_type']; $ticket_reply_type = $row['ticket_reply_type'];
if ($ticket_reply_type == "Client") { if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = $row['contact_name']; $ticket_reply_by_display = htmlentities($row['contact_name']);
$user_initials = initials($row['contact_name']); $user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo']; $user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar"; $avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
} else { } else {
$ticket_reply_by_display = $row['user_name']; $ticket_reply_by_display = htmlentities($row['user_name']);
$user_id = $row['user_id']; $user_id = $row['user_id'];
$user_avatar = $row['user_avatar']; $user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']); $user_initials = initials($row['user_name']);