diff --git a/www/pages/content/ticket_edit.tpl b/www/pages/content/ticket_edit.tpl index 67076598..dbb4d36d 100644 --- a/www/pages/content/ticket_edit.tpl +++ b/www/pages/content/ticket_edit.tpl @@ -19,7 +19,7 @@
{|[STATUSICON]Ticket #[SCHLUESSEL]|} - + diff --git a/www/pages/ticket.php b/www/pages/ticket.php index d7c0b0da..d23eeb80 100644 --- a/www/pages/ticket.php +++ b/www/pages/ticket.php @@ -68,7 +68,7 @@ class Ticket { $dropnbox = "'' AS `open`, CONCAT('') AS `auswahl`"; - $priobetreff = "if(t.prio!=1,t.betreff,CONCAT('',t.betreff,''))"; + $priobetreff = "if(t.prio!=1,REGEXP_REPLACE(t.betreff, '<[^>]*>+', ''),CONCAT('',REGEXP_REPLACE(t.betreff, '<[^>]*>+', ''),''))"; //+ #20230916 XSS $anzahlnachrichten = "(SELECT COUNT(n.id) FROM ticket_nachricht n WHERE n.ticket = t.schluessel)"; @@ -310,6 +310,8 @@ class Ticket { // Add Messages now foreach ($messages as $message) { + $message['betreff'] = strip_tags($message['betreff']); //+ #20230916 XSS + // Clear this first $this->app->Tpl->Set('NACHRICHT_ANHANG',""); @@ -622,6 +624,8 @@ class Ticket { $ticket_from_db = $this->app->DB->SelectArr($sql)[0]; + $ticket_from_db['betreff'] = htmlentities(strip_tags($ticket_from_db['betreff'])); //+ #20230916 XSS + foreach ($ticket_from_db as $key => $value) { $this->app->Tpl->Set(strtoupper($key), $value); } @@ -733,10 +737,10 @@ class Ticket { if (!empty($recv_messages)) { if (!str_starts_with(strtoupper($recv_messages[0]['betreff']),"RE:")) { - $betreff = "RE: ".$recv_messages[0]['betreff']; + $betreff = "RE: ".strip_tags($recv_messages[0]['betreff']); //+ #20230916 XSS } else { - $betreff = $recv_messages[0]['betreff']; + $betreff = strip_tags($recv_messages[0]['betreff']); //+ #20230916 XSS } $sql = "SELECT GROUP_CONCAT(DISTINCT `value` ORDER BY `value` SEPARATOR ', ') FROM ticket_header th WHERE th.ticket_nachricht = ".$recv_messages[0]['id']." AND `value` <> '".$senderAddress."' AND type='to'";
{|Betreff|}:
{|Betreff|}:
{|Von|}:[KUNDE] [MAILADRESSE]
{|Projekt|}:
{|Adresse|}: