s.probst/OpenXE
1
0
Fork 0
mirror of https://github.com/OpenXE-org/OpenXE.git synced 2024-11-14 20:17:14 +01:00
Code Issues Projects Releases Wiki Activity

ticket system betreff strip tags

Browse Source
This commit is contained in:
OpenXE 2023-09-21 08:30:05 +02:00
parent 76c770aba3
commit 5ed516f9da
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/pages/content/ticket_edit.tpl
View File

@ -19,7 +19,7 @@
<fieldset>
<table width="100%" border="0" class="mkTableFormular">
<legend>{|[STATUSICON]<b>Ticket <font color="blue">#[SCHLUESSEL]</font></b>|}</legend>
<tr><td>{|Betreff|}:</td><td><input type="text" name="betreff" id="betreff" value="[BETREFF]" size="20"></td></tr>
<tr><td>{|Betreff|}:</td><td><input type="text" name="betreff" id="betreff" value="[BETREFF]" size="100%"></td></tr>
<tr><td>{|Von|}:</td><td>[KUNDE]&nbsp;[MAILADRESSE]</td></tr>
<tr><td>{|Projekt|}:</td><td><input type="text" name="projekt" id="projekt" value="[PROJEKT]" size="20"></td></tr>
<tr><td>{|Adresse|}:</td><td><input type="text" name="adresse" id="adresse" value="[ADRESSE]" size="20"><a href="index.php?module=adresse&action=edit&id=[ADRESSE_ID]"><img src="./themes/new/images/forward.svg" border="0" style="top:6px; position:relative"></a></td></tr>

10
www/pages/ticket.php
View File

@ -68,7 +68,7 @@ class Ticket {
$dropnbox = "'<img src=./themes/new/images/details_open.png class=details>' AS `open`,
CONCAT('<input type=\"checkbox\" name=\"auswahl[]\" value=\"',t.id,'\" />') AS `auswahl`";
$priobetreff = "if(t.prio!=1,t.betreff,CONCAT('<b><font color=red>',t.betreff,'</font></b>'))";
$priobetreff = "if(t.prio!=1,REGEXP_REPLACE(t.betreff, '<[^>]*>+', ''),CONCAT('<b><font color=red>',REGEXP_REPLACE(t.betreff, '<[^>]*>+', ''),'</font></b>'))"; //+ #20230916 XSS
$anzahlnachrichten = "(SELECT COUNT(n.id) FROM ticket_nachricht n WHERE n.ticket = t.schluessel)";
@ -310,6 +310,8 @@ class Ticket {
// Add Messages now
foreach ($messages as $message) {
$message['betreff'] = strip_tags($message['betreff']); //+ #20230916 XSS
// Clear this first
$this->app->Tpl->Set('NACHRICHT_ANHANG',"");
@ -622,6 +624,8 @@ class Ticket {
$ticket_from_db = $this->app->DB->SelectArr($sql)[0];
$ticket_from_db['betreff'] = htmlentities(strip_tags($ticket_from_db['betreff'])); //+ #20230916 XSS
foreach ($ticket_from_db as $key => $value) {
$this->app->Tpl->Set(strtoupper($key), $value);
}
@ -733,10 +737,10 @@ class Ticket {
if (!empty($recv_messages)) {
if (!str_starts_with(strtoupper($recv_messages[0]['betreff']),"RE:")) {
$betreff = "RE: ".$recv_messages[0]['betreff'];
$betreff = "RE: ".strip_tags($recv_messages[0]['betreff']); //+ #20230916 XSS
}
else {
$betreff = $recv_messages[0]['betreff'];
$betreff = strip_tags($recv_messages[0]['betreff']); //+ #20230916 XSS
}
$sql = "SELECT GROUP_CONCAT(DISTINCT `value` ORDER BY `value` SEPARATOR ', ') FROM ticket_header th WHERE th.ticket_nachricht = ".$recv_messages[0]['id']." AND `value` <> '".$senderAddress."' AND type='to'";