Tell your admin: Your role does not have admin access.");
}
//Initialize the HTML Purifier to prevent XSS
require_once "plugins/htmlpurifier/HTMLPurifier.standalone.php";
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
if (isset($_GET['ticket_id'])) {
$ticket_id = intval($_GET['ticket_id']);
$ticket_sql = mysqli_query(
$mysqli,
"SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets
WHERE ticket_id = $ticket_id AND ticket_closed_at IS NOT NULL
LIMIT 1"
);
if (mysqli_num_rows($ticket_sql) == 0) {
echo "Nothing to see here
Go Back";
} else {
$ticket_row = mysqli_fetch_array($ticket_sql);
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
$ticket_number = intval($ticket_row['ticket_number']);
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
$ticket_details = $purifier->purify($ticket_row['ticket_details']);
// Get ticket replies
$sql_ticket_replies = mysqli_query(
$mysqli,
"SELECT * FROM ticket_replies
LEFT JOIN users ON ticket_reply_by = user_id
LEFT JOIN contacts ON ticket_reply_by = contact_id
WHERE ticket_reply_ticket_id = $ticket_id
AND ticket_reply_archived_at IS NULL
ORDER BY ticket_reply_id DESC"
);
?>
-
Tickets
purify($row['ticket_reply']);
$ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']);
if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
} else {
$ticket_reply_by_display = nullable_htmlentities($row['user_name']);
} ?>