ticket system added content security policy, resizeable view for ticket nachricht

This commit is contained in:
OpenXE 2024-04-15 18:28:11 +02:00
parent 42d9e856e0
commit c1727b389e
4 changed files with 59 additions and 36 deletions

View File

@ -18,12 +18,10 @@
</fieldset> </fieldset>
</div> </div>
</div> </div>
<div class="col-xs-12 col-md-8 col-md-height ticket_nachricht_box" style="float:[NACHRICHT_FLOAT]"> <div class="col-xs-12 col-md-8 col-md-height" style="float:[NACHRICHT_FLOAT]">
<div class="inside inside-full-height"> <div class="inside inside-full-height">
<fieldset> <fieldset>
<table width="100%" border="0" class="mkTableFormular"> <div id="body" class="ticket_nachricht_box">[NACHRICHT_TEXT]</div>
<tr><td colspan=2><div id="body" class="ticket_text_div">[NACHRICHT_TEXT]</div></td></tr>
</table>
</fieldset> </fieldset>
</div> </div>
</div> </div>

View File

@ -481,7 +481,8 @@ class Ticket {
'<ul>', '<ul>',
'<li>', '<li>',
'<dd>', '<dd>',
'<dt>' '<dt>',
'<img>'
); );
$mid = $this->app->Secure->GetGET('mid'); $mid = $this->app->Secure->GetGET('mid');
@ -496,37 +497,37 @@ class Ticket {
if (empty($messages)) { if (empty($messages)) {
} }
if ($insecure) { $html_start = "<!DOCTYPE html><html>";
$head_start = "<head>";
$security = "";
$style = "<link rel=\"stylesheet\" type=\"text/css\" href=\"./themes/new/css/ticket_iframe.css?v=3\"/>";
$head_end = "</head>";
$html_end = "</html>";
$prepared_text = $messages[0]['text'];
// Adjust cid images // Adjust cid images
$attachments = $this->app->erp->GetDateiSubjektObjekt('Anhang','Ticket',$mid); $attachments = $this->app->erp->GetDateiSubjektObjekt('Anhang','Ticket',$mid);
foreach($attachments as $attachment) { foreach($attachments as $attachment) {
$filename = $this->app->erp->GetDateiName($attachment); $filename = $this->app->erp->GetDateiName($attachment);
$messages[0]['text'] = str_replace($filename,'index.php?module=dateien&action=send&id='.$attachment,$messages[0]['text']); $prepared_text = str_replace($filename,'index.php?module=dateien&action=send&id='.$attachment,$prepared_text);
} }
$this->app->Tpl->Set("TEXT",$messages[0]['text']);
if ($insecure) {
// Add Content Security Policy
} else { } else {
$secure_text = strip_tags($messages[0]['text'],$secure_html_tags); // Add Content Security Policy
$security = "<meta http-equiv=\"Content-Security-Policy\" content=\"default-src 'self';\" />";
if (strlen($secure_text) != strlen($messages[0]['text'])) { // Strip html tags
$stripped_prepared_text = strip_tags($prepared_text,$secure_html_tags);
$blink_style_tag = " if (strlen($stripped_prepared_text) != strlen($prepared_text)) {
<style> $stripped_prepared_text = "<img class=\"eye blink\" src=\"./themes/{$this->app->Conf->WFconf['defaulttheme']}/images/icon-invisible.svg\" alt=\"Einige Elemente wurden durch OpenXE blockiert.\" title=\"Einige Elemente wurden durch OpenXE blockiert.\" border=\"0\">".$stripped_prepared_text;
@keyframes animation_blink {
0% { opacity: 1; }
25% { opacity: 1; }
26% { opacity: 0; }
75% { opacity: 0; }
76% { opacity: 1; }
100% { opacity: 1; }
} }
</style> $prepared_text = $stripped_prepared_text;
";
$blink_css = "animation-name:animation_blink;animation-timing-function:linear;animation-duration:2s;animation-iteration-count:5;";
$secure_text = $blink_style_tag."<img src=\"./themes/{$this->app->Conf->WFconf['defaulttheme']}/images/icon-invisible.svg\" alt=\"Einige Elemente wurden durch OpenXE blockiert.\" title=\"Einige Elemente wurden durch OpenXE blockiert.\" border=\"0\" style=\"all: initial;display:block;float:right;font-size:small;".$blink_css."\">".$secure_text;
}
$this->app->Tpl->Set("TEXT",$secure_text);
} }
$this->app->Tpl->Set("TEXT",$html_start.$head_start.$security.$style.$head_end.$prepared_text.$html_end);
$this->app->Tpl->Output('ticket_text.tpl'); $this->app->Tpl->Output('ticket_text.tpl');
$this->app->ExitXentral(); $this->app->ExitXentral();
} }

View File

@ -2404,6 +2404,10 @@ ul.tag-editor {
border-color: var(--textfield-border); border-color: var(--textfield-border);
border-radius: 7px; border-radius: 7px;
padding: 0px !important; padding: 0px !important;
min-height: 300px;
height: 300px;
resize: vertical;
overflow: hidden;
} }
.ticket_nachricht_box fieldset { .ticket_nachricht_box fieldset {
@ -2412,8 +2416,8 @@ ul.tag-editor {
.ticket_text { .ticket_text {
width: 100%; width: 100%;
height: 100%;
border: none; border: none;
height: 300px;
} }
.ui-button-icon, .ui-button-icon,

View File

@ -0,0 +1,20 @@
@keyframes animation_blink {
0% { opacity: 1; }
25% { opacity: 1; }
26% { opacity: 0; }
75% { opacity: 0; }
76% { opacity: 1; }
100% { opacity: 1; }
}
.eye {
all: initial;
display:block;
float:right;
font-size:small;
}
.blink {
animation-name:animation_blink;
animation-timing-function:linear;
animation-duration:2s;
animation-iteration-count:5;
}