diff --git a/.gitignore b/.gitignore
index 274e3a3f..3317dca5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -157,6 +157,7 @@ inc/calendar/tcal.php
 inc/database.inc.php
 inc/database_mysqli.inc.php
 inc/footer.inc.php
+inc/htmlpurifier
 inc/index.htm
 inc/mail/email_parser.php
 inc/mail/hesk_pipe.php
diff --git a/admin/admin_main.php b/admin/admin_main.php
index d80579b7..26043f00 100644
--- a/admin/admin_main.php
+++ b/admin/admin_main.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/admin_reply_ticket.php b/admin/admin_reply_ticket.php
index eadd7800..7cd87bff 100644
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/admin_settings.php b/admin/admin_settings.php
index 271efdac..b19f7018 100644
--- a/admin/admin_settings.php
+++ b/admin/admin_settings.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -1650,7 +1650,7 @@ if (defined('HESK_DEMO')) {
                                     }
                                 }
                                 ?>
-                                <select>
+							</select>
                         </div>
                     </div>
                     <div class="form-group">
@@ -2746,7 +2746,7 @@ if (defined('HESK_DEMO')) {
                                 <textarea name="s_email_providers" class="form-control"
                                           placeholder="<?php echo htmlspecialchars($hesklang['epro']); ?>" id="d1"
                                           rows="5"
-                                          cols="40"/><?php echo implode("\n", $hesk_settings['email_providers']); ?></textarea>
+                                          cols="40"><?php echo implode("\n", $hesk_settings['email_providers']); ?></textarea>
                             </div>
                         </div>
                         <table border="0" width="100%">
@@ -2786,7 +2786,7 @@ if (defined('HESK_DEMO')) {
                                         } ?>/> <?php echo $hesklang['enn']; ?></label>
                                 </div>
                                 <textarea name="s_notify_spam_tags" rows="5" cols="40"
-                                          class="form-control"/><?php echo hesk_htmlspecialchars(implode("\n", $hesk_settings['notify_spam_tags'])); ?></textarea>
+                                          class="form-control"><?php echo hesk_htmlspecialchars(implode("\n", $hesk_settings['notify_spam_tags'])); ?></textarea>
                             </div>
                         </div>
                     </div>
diff --git a/admin/admin_settings_save.php b/admin/admin_settings_save.php
index f35656c8..4b9cb092 100644
--- a/admin/admin_settings_save.php
+++ b/admin/admin_settings_save.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/admin_submit_ticket.php b/admin/admin_submit_ticket.php
index 95e319c6..d6241840 100644
--- a/admin/admin_submit_ticket.php
+++ b/admin/admin_submit_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index 8c522973..7f79447d 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/banned_emails.php b/admin/banned_emails.php
index d22f229f..e44bf575 100644
--- a/admin/banned_emails.php
+++ b/admin/banned_emails.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/banned_ips.php b/admin/banned_ips.php
index 4a04d1b2..40c99ecf 100644
--- a/admin/banned_ips.php
+++ b/admin/banned_ips.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/change_status.php b/admin/change_status.php
index 3e756fe5..7a16fd3a 100644
--- a/admin/change_status.php
+++ b/admin/change_status.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/delete_tickets.php b/admin/delete_tickets.php
index e71caee9..4880d4cb 100644
--- a/admin/delete_tickets.php
+++ b/admin/delete_tickets.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/edit_note.php b/admin/edit_note.php
index de66169a..170d27ae 100644
--- a/admin/edit_note.php
+++ b/admin/edit_note.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/edit_post.php b/admin/edit_post.php
index ee7e6ae7..6171c4a9 100644
--- a/admin/edit_post.php
+++ b/admin/edit_post.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/export.php b/admin/export.php
index 6470736c..1ac0440b 100644
--- a/admin/export.php
+++ b/admin/export.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -324,8 +324,13 @@ if (isset($_GET['w'])) {
 
     // Do we have the export directory?
     if (is_dir($export_dir) || (@mkdir($export_dir, 0777) && is_writable($export_dir))) {
+		// Is there an index.htm file?
+		if (!file_exists($export_dir.'index.htm')) {
+			@file_put_contents($export_dir.'index.htm', '');
+		}
+	
         // Cleanup old files
-        $files = glob($export_dir . '*', GLOB_NOSORT);
+        $files = preg_grep('/index\.htm$/', glob($export_dir.'*', GLOB_NOSORT), PREG_GREP_INVERT);
         if (is_array($files) && count($files)) {
             foreach ($files as $file) {
                 hesk_unlink($file, 86400);
diff --git a/admin/find_tickets.php b/admin/find_tickets.php
index d346e8b3..9f667caf 100644
--- a/admin/find_tickets.php
+++ b/admin/find_tickets.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/index.php b/admin/index.php
index a4adca3e..5e7598f1 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -294,7 +294,7 @@ function print_login()
     <div>
     <div class="panel panel-default form-signin">
         <div class="panel-heading">
-            <h4><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['admin_login']; ?></a></h4>
+            <h4><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['admin_login']; ?></h4>
         </div>
         <div class="panel-body">
             <form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">
diff --git a/admin/knowledgebase_private.php b/admin/knowledgebase_private.php
index c6f1f4d8..5aa3769a 100644
--- a/admin/knowledgebase_private.php
+++ b/admin/knowledgebase_private.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -571,7 +571,7 @@ function show_subnav($hide='', $catid=1)
     echo $link['newa'];
     echo $link['newc'];
     ?>
-	<i class="fa fa-pencil" style="color:orange;font-size:16px"></i></a> <input type="hidden" name="a" value="edit_article" /><?php echo $hesklang['aid']; ?>: <input type="text" name="id" size="3" <?php if ($artid) echo 'value="' . $artid . '"'; ?> /> <input type="submit" value="<?php echo $hesklang['edit']; ?>" class="btn btn-default btn-xs" />
+	<i class="fa fa-pencil" style="color:orange;font-size:16px"></i> <input type="hidden" name="a" value="edit_article" /><?php echo $hesklang['aid']; ?>: <input type="text" name="id" size="3" <?php if ($artid) echo 'value="' . $artid . '"'; ?> /> <input type="submit" value="<?php echo $hesklang['edit']; ?>" class="btn btn-default btn-xs" />
 	</form>
     </div>
 
diff --git a/admin/lock.php b/admin/lock.php
index 8f8d5d6d..9ba669a2 100644
--- a/admin/lock.php
+++ b/admin/lock.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -95,11 +95,10 @@ if (empty($_GET['locked'])) {
 /* Update database */
 $statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1';
 $statusRs = hesk_dbQuery($statusSql);
-$statusRow = hesk_dbFetchAssoc($statusSql);
+$statusRow = hesk_dbFetchAssoc($statusRs);
 $statusId = $statusRow['ID'];
 
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$statusId}',`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 
 /* Back to ticket page and show a success message */
-hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
-?>
+hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
\ No newline at end of file
diff --git a/admin/mail.php b/admin/mail.php
index 2f8df755..7c925a5f 100644
--- a/admin/mail.php
+++ b/admin/mail.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/manage_canned.php b/admin/manage_canned.php
index b96ee0e9..191ba920 100644
--- a/admin/manage_canned.php
+++ b/admin/manage_canned.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/manage_categories.php b/admin/manage_categories.php
index 3226875a..9b8a9dc0 100644
--- a/admin/manage_categories.php
+++ b/admin/manage_categories.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/manage_knowledgebase.php b/admin/manage_knowledgebase.php
index a56b8cf0..48a6b643 100644
--- a/admin/manage_knowledgebase.php
+++ b/admin/manage_knowledgebase.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -1112,6 +1112,11 @@ function save_article()
 	    }
         
 	    $content = hesk_getHTML( hesk_POST('content') );
+		
+		// Clean the HTML code
+		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+		$purifier = new HTMLPurifier();
+		$content = $purifier->purify($content);
     }
 	else
     {
@@ -1969,6 +1974,11 @@ function new_article()
 	    }
 
         $content = hesk_getHTML( hesk_POST('content') );
+		
+		// Clean the HTML code
+		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+		$purifier = new HTMLPurifier();
+		$content = $purifier->purify($content);
     }
 	else
     {
@@ -2211,7 +2221,7 @@ function show_treeMenu() {
 	<i class="fa fa-plus icon-link green"></i> = <?php echo $hesklang['kb_p_art2']; ?><br />
 	<i class="fa fa-caret-right blue" style="font-size:18px"></i> = <?php echo $hesklang['kb_p_cat2']; ?><br />
 	<i class="fa fa-gear icon-link gray"></i> = <?php echo $hesklang['kb_p_man2']; ?><br />
-    <img src="../img/blank.gif" width="1" height="16" alt="" style="padding:1px" class="optionWhiteNbOFF" />(<span class="kb_published">1</span>, <span class="kb_private">2</span>, <span class="kb_draft">3</span>) = <?php echo $hesklang['xyz']; ?></span><br />
+    <img src="../img/blank.gif" width="1" height="16" alt="" style="padding:1px" class="optionWhiteNbOFF" />(<span class="kb_published">1</span>, <span class="kb_private">2</span>, <span class="kb_draft">3</span>) = <?php echo $hesklang['xyz']; ?><br />
     <?php
 }
 
diff --git a/admin/manage_permission_templates.php b/admin/manage_permission_templates.php
index a802152c..4b1fecef 100644
--- a/admin/manage_permission_templates.php
+++ b/admin/manage_permission_templates.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/manage_ticket_templates.php b/admin/manage_ticket_templates.php
index df959bec..b242e354 100644
--- a/admin/manage_ticket_templates.php
+++ b/admin/manage_ticket_templates.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/manage_users.php b/admin/manage_users.php
index b670f841..64240433 100644
--- a/admin/manage_users.php
+++ b/admin/manage_users.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/new_ticket.php b/admin/new_ticket.php
index 4f516877..c605b9dc 100644
--- a/admin/new_ticket.php
+++ b/admin/new_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/options.php b/admin/options.php
index 916a701a..beee06fc 100644
--- a/admin/options.php
+++ b/admin/options.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/password.php b/admin/password.php
index 18b26a2a..efec81aa 100644
--- a/admin/password.php
+++ b/admin/password.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/profile.php b/admin/profile.php
index 8f7b3254..a848af8a 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/reports.php b/admin/reports.php
index c69568bc..9e9fd630 100644
--- a/admin/reports.php
+++ b/admin/reports.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/admin/service_messages.php b/admin/service_messages.php
index 1524adf6..837605b8 100644
--- a/admin/service_messages.php
+++ b/admin/service_messages.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -292,9 +292,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
             <div class="panel panel-default">
                 <div class="panel-heading">
-                    <h4><a name="new_article"></a><?php echo $hesklang['new_sm']; ?> <a href="javascript:void(0)"
-                                                                                        onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"><i
-                                class="fa fa-question-circle settingsquestionmark"></i></a></h4>
+                    <h4><a name="new_article"></a><?php echo hesk_SESSION('edit_sm') ? $hesklang['edit_sm'] : $hesklang['new_sm']; ?></h4>
                 </div>
                 <div class="panel-body">
                     <form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
@@ -486,11 +484,15 @@ function save_sm()
     $icon = hesk_POST('icon');
     $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
     $message = hesk_getHTML(hesk_POST('message'));
+	
+	// Clean the HTML code
+	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+	$purifier = new HTMLPurifier();
+	$message = $purifier->purify($message);
 
     // Any errors?
     if (count($hesk_error_buffer)) {
         $_SESSION['edit_sm'] = true;
-        $hesklang['new_sm'] = $hesklang['edit_sm'];
 
         $_SESSION['new_sm'] = array(
             'id' => $id,
@@ -515,7 +517,6 @@ function save_sm()
     if (isset($_POST['sm_preview'])) {
         $_SESSION['preview_sm'] = true;
         $_SESSION['edit_sm'] = true;
-        $hesklang['new_sm'] = $hesklang['edit_sm'];
 
         $_SESSION['new_sm'] = array(
             'id' => $id,
@@ -563,8 +564,6 @@ function edit_sm()
     $_SESSION['new_sm'] = $sm;
     $_SESSION['edit_sm'] = true;
 
-    $hesklang['new_sm'] = $hesklang['edit_sm'];
-
 } // End edit_sm()
 
 
@@ -654,6 +653,11 @@ function new_sm()
     $icon = hesk_POST('icon');
     $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
     $message = hesk_getHTML(hesk_POST('message'));
+	
+	// Clean the HTML code
+	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
+	$purifier = new HTMLPurifier();
+	$message = $purifier->purify($message);
 
     // Any errors?
     if (count($hesk_error_buffer)) {
diff --git a/admin/show_tickets.php b/admin/show_tickets.php
index 93935495..84f34e79 100644
--- a/admin/show_tickets.php
+++ b/admin/show_tickets.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/build.php b/build.php
index 65dee9f6..a2ec6a84 100644
--- a/build.php
+++ b/build.php
@@ -1,4 +1,4 @@
 <?php
 
 // Define the current build
-define('MODS_FOR_HESK_BUILD', 30);
\ No newline at end of file
+define('MODS_FOR_HESK_BUILD', 31);
\ No newline at end of file
diff --git a/change_status.php b/change_status.php
index 9026d723..11b2a48f 100644
--- a/change_status.php
+++ b/change_status.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/download_attachment.php b/download_attachment.php
index a7a2234c..4254cd01 100755
--- a/download_attachment.php
+++ b/download_attachment.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/hesk_javascript.js b/hesk_javascript.js
index fbbd83fc..2372420d 100644
--- a/hesk_javascript.js
+++ b/hesk_javascript.js
@@ -1,6 +1,6 @@
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php
index 85554d36..26e3ee3e 100644
--- a/inc/admin_functions.inc.php
+++ b/inc/admin_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -386,13 +386,16 @@ function hesk_autoLogin($noredirect = 0)
 
     /* Login cookies exist, now lets limit brute force attempts */
     hesk_limitBfAttempts();
+	
+	// Admin login URL
+	$url = $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/index.php?a=login&notice=1';
 
     /* Check username */
     $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
     if (hesk_dbNumRows($result) != 1) {
         setcookie('hesk_username', '');
         setcookie('hesk_p', '');
-        header('Location: index.php?a=login&notice=1');
+        header('Location: '.$url);
         exit();
     }
 
@@ -402,7 +405,7 @@ function hesk_autoLogin($noredirect = 0)
     if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
         setcookie('hesk_username', '');
         setcookie('hesk_p', '');
-        header('Location: index.php?a=login&notice=1');
+        header('Location: '.$url);
         exit();
     }
 
@@ -485,6 +488,9 @@ function hesk_isLoggedIn()
 
     $referer = hesk_input($_SERVER['REQUEST_URI']);
     $referer = str_replace('&amp;', '&', $referer);
+	
+	// Admin login URL
+	$url = $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/index.php?a=login&notice=1&goto='.urlencode($referer);
 
     if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
         if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
@@ -498,7 +504,6 @@ function hesk_isLoggedIn()
         }
 
         hesk_session_stop();
-        $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
         header('Location: ' . $url);
         exit();
     } else {
@@ -510,7 +515,6 @@ function hesk_isLoggedIn()
         // Exit if user not found
         if (hesk_dbNumRows($res) != 1) {
             hesk_session_stop();
-            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
             header('Location: ' . $url);
             exit();
         }
@@ -521,7 +525,6 @@ function hesk_isLoggedIn()
         // Verify this session is still valid
         if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
             hesk_session_stop();
-            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
             header('Location: ' . $url);
             exit();
         }
@@ -582,8 +585,11 @@ function hesk_verifyGoto()
         'admin_ticket.php' => '',
         'archive.php' => '',
         'assign_owner.php' => '',
+		'banned_emails.php' => '',
+		'banned_ips.php' => '',
         'change_status.php' => '',
         'edit_post.php' => '',
+		'email_templates.php' => '',
         'export.php' => '',
         'find_tickets.php' => '',
         'generate_spam_question.php' => '',
@@ -593,10 +599,12 @@ function hesk_verifyGoto()
         'manage_canned.php' => '',
         'manage_categories.php' => '',
         'manage_knowledgebase.php' => '',
+		'manage_ticket_templates.php' => '',
         'manage_users.php' => '',
         'new_ticket.php' => '',
         'profile.php' => '',
         'reports.php' => '',
+		'service_messages.php' => '',
         'show_tickets.php' => '',
     );
 
diff --git a/inc/attachments.inc.php b/inc/attachments.inc.php
index 3f460d00..89761a5e 100644
--- a/inc/attachments.inc.php
+++ b/inc/attachments.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/common.inc.php b/inc/common.inc.php
index c8758e0e..2d84e024 100644
--- a/inc/common.inc.php
+++ b/inc/common.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -38,6 +38,7 @@ if (!defined('IN_SCRIPT')) {
 // Set correct Content-Type header
 if (!defined('NO_HTTP_HEADER')) {
     header('Content-Type: text/html; charset=utf-8');
+	header('X-Frame-Options: SAMEORIGIN');
 }
 
 // Set backslash options
@@ -461,17 +462,23 @@ function hesk_autoAssignTicket($ticket_category)
 } // END hesk_autoAssignTicket()
 
 
-function hesk_cleanID($field = 'track')
+function hesk_cleanID($field = 'track', $in=false)
 {
-    if ( isset($_SESSION[$field]) ) {
-        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_SESSION[$field])), 0, 12);
+	$id = '';
+	
+	if ($in !== false){
+		$id = $in;
+	} elseif (isset($_SESSION[$field])) {
+		$id = $_SESSION[$field];
     } elseif ( isset($_GET[$field]) && ! is_array($_GET[$field]) ) {
-        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_GET[$field])), 0, 12);
+        $id = $_GET[$field];
     } elseif (isset($_POST[$field]) && !is_array($_POST[$field])) {
-        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_POST[$field])), 0, 12);
+		$id = $_POST[$field];
     } else {
         return false;
     }
+	
+	return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($id)), 0, 12);
 
 } // END hesk_cleanID()
 
diff --git a/inc/email_functions.inc.php b/inc/email_functions.inc.php
index a3ba0e6f..4bb14dc4 100644
--- a/inc/email_functions.inc.php
+++ b/inc/email_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/header.inc.php b/inc/header.inc.php
index 5611e8b8..1d03dd02 100644
--- a/inc/header.inc.php
+++ b/inc/header.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/headerAdmin.inc.php b/inc/headerAdmin.inc.php
index d126cddb..ea904680 100644
--- a/inc/headerAdmin.inc.php
+++ b/inc/headerAdmin.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/knowledgebase_functions.inc.php b/inc/knowledgebase_functions.inc.php
index 2d935fa7..a7f8628b 100644
--- a/inc/knowledgebase_functions.inc.php
+++ b/inc/knowledgebase_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/pipe_functions.inc.php b/inc/pipe_functions.inc.php
index bac421aa..8307cd68 100755
--- a/inc/pipe_functions.inc.php
+++ b/inc/pipe_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/posting_functions.inc.php b/inc/posting_functions.inc.php
index b44d41e0..be7843e6 100644
--- a/inc/posting_functions.inc.php
+++ b/inc/posting_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/print_tickets.inc.php b/inc/print_tickets.inc.php
index e1163823..38c9656a 100644
--- a/inc/print_tickets.inc.php
+++ b/inc/print_tickets.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/profile_functions.inc.php b/inc/profile_functions.inc.php
index f5f2d060..a7fdb71d 100644
--- a/inc/profile_functions.inc.php
+++ b/inc/profile_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/show_admin_nav.inc.php b/inc/show_admin_nav.inc.php
index 2c7ead5d..83301736 100644
--- a/inc/show_admin_nav.inc.php
+++ b/inc/show_admin_nav.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/show_search_form.inc.php b/inc/show_search_form.inc.php
index 9bb98565..1af37a29 100644
--- a/inc/show_search_form.inc.php
+++ b/inc/show_search_form.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/status_functions.inc.php b/inc/status_functions.inc.php
index d2848d8e..b515838a 100644
--- a/inc/status_functions.inc.php
+++ b/inc/status_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/inc/ticket_list.inc.php b/inc/ticket_list.inc.php
index 7d67dd1d..2d51790f 100644
--- a/inc/ticket_list.inc.php
+++ b/inc/ticket_list.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/index.php b/index.php
index 3d9909d0..72a510f1 100644
--- a/index.php
+++ b/index.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/install/install.php b/install/install.php
index e1d186e2..c5fbff1c 100644
--- a/install/install.php
+++ b/install/install.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
diff --git a/install/install_functions.inc.php b/install/install_functions.inc.php
index 0f226a4d..54fd9021 100644
--- a/install/install_functions.inc.php
+++ b/install/install_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.6.7 from 18th April 2016
+*  Version: 2.6.8 from 10th August 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -37,8 +37,8 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 
 // We will be installing this HESK version:
 define('HESK_NEW_VERSION','2.6.7');
-define('MODS_FOR_HESK_NEW_VERSION','2.6.3');
-define('REQUIRE_PHP_VERSION','5.0.0');
+define('MODS_FOR_HESK_NEW_VERSION','2.6.4');
+define('REQUIRE_PHP_VERSION','5.3.0');
 define('REQUIRE_MYSQL_VERSION','5.0.7');
 
 // Other required files and settings
diff --git a/install/mods-for-hesk/ajax/install-database-ajax.php b/install/mods-for-hesk/ajax/install-database-ajax.php
index 10fd519e..78f27963 100644
--- a/install/mods-for-hesk/ajax/install-database-ajax.php
+++ b/install/mods-for-hesk/ajax/install-database-ajax.php
@@ -66,6 +66,8 @@ if ($version == 2) {
     execute262Scripts();
 } elseif ($version == 30) {
     execute263Scripts();
+} elseif ($version == 31) {
+    execute264Scripts();
 } else {
     $response = 'The version "' . $version . '" was not recognized. Check the value submitted and try again.';
     print $response;
diff --git a/install/mods-for-hesk/installModsForHesk.php b/install/mods-for-hesk/installModsForHesk.php
index f74b3e00..fa80ad89 100644
--- a/install/mods-for-hesk/installModsForHesk.php
+++ b/install/mods-for-hesk/installModsForHesk.php
@@ -39,6 +39,7 @@ $buildToVersionMap = array(
     28 => '2.6.1',
     29 => '2.6.2',
     30 => '2.6.3',
+    31 => '2.6.4',
 );
 
 function echoInitialVersionRows($version, $build_to_version_map)
diff --git a/install/mods-for-hesk/js/version-scripts.js b/install/mods-for-hesk/js/version-scripts.js
index bd02e29a..10d012f3 100644
--- a/install/mods-for-hesk/js/version-scripts.js
+++ b/install/mods-for-hesk/js/version-scripts.js
@@ -86,6 +86,9 @@ function processUpdates(startingVersion) {
     } else if (startingVersion < 30) {
         startVersionUpgrade('263');
         executeUpdate(30, '263', '2.6.3');
+    } else if (startingVersion < 31) {
+        startVersionUpgrade('264');
+        executeUpdate(31, '264', '2.6.4');
     } else {
         installationFinished();
     }
diff --git a/install/mods-for-hesk/modsForHesk.php b/install/mods-for-hesk/modsForHesk.php
index fc892928..d7c49c9f 100644
--- a/install/mods-for-hesk/modsForHesk.php
+++ b/install/mods-for-hesk/modsForHesk.php
@@ -117,6 +117,7 @@ hesk_dbConnect();
                                     <div class="col-md-8">
                                         <select name="current-version" class="form-control">
                                             <optgroup label="Mods for HESK 2">
+                                                <option value="30">2.6.3</option>
                                                 <option value="29">2.6.2</option>
                                                 <option value="28">2.6.1</option>
                                                 <option value="27">2.6.0</option>
diff --git a/install/mods-for-hesk/sql/installSql.php b/install/mods-for-hesk/sql/installSql.php
index d34d50f8..94847799 100644
--- a/install/mods-for-hesk/sql/installSql.php
+++ b/install/mods-for-hesk/sql/installSql.php
@@ -814,6 +814,14 @@ function execute263Scripts() {
     updateVersion('2.6.3');
 }
 
+// Version 2.6.4
+function execute264Scripts() {
+    global $hesk_settings;
+    hesk_dbConnect();
+
+    updateVersion('2.6.4');
+}
+
 function execute270Scripts() {
     global $hesk_settings;
     hesk_dbConnect();
diff --git a/knowledgebase.php b/knowledgebase.php
index c8fd3ebc..05fed955 100644
--- a/knowledgebase.php
+++ b/knowledgebase.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/print.php b/print.php
index adca0a00..cbe98dad 100644
--- a/print.php
+++ b/print.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/reply_ticket.php b/reply_ticket.php
index 13052cff..07829970 100644
--- a/reply_ticket.php
+++ b/reply_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/submit_ticket.php b/submit_ticket.php
index 25f8920b..7e6f5e45 100644
--- a/submit_ticket.php
+++ b/submit_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/suggest_articles.php b/suggest_articles.php
index af966e03..df3b2c20 100644
--- a/suggest_articles.php
+++ b/suggest_articles.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/suggest_email.php b/suggest_email.php
index 78eeb074..ad7cb6c2 100644
--- a/suggest_email.php
+++ b/suggest_email.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
diff --git a/ticket.php b/ticket.php
index 75149564..e8fce7b8 100644
--- a/ticket.php
+++ b/ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.6.7 from 18th April 2016
+ *  Version: 2.6.8 from 10th August 2016
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -79,7 +79,7 @@ if ( isset($_GET['track']) || isset($_GET['e']) || isset($_GET['f']) || isset($_
 $is_form = hesk_SESSION('t_form');
 
 /* Get the tracking ID */
-$trackingID = hesk_SESSION('t_track');
+$trackingID = hesk_cleanID('', hesk_SESSION('t_track'));
 
 /* Email required to view ticket? */
 $my_email = hesk_getCustomerEmail(1, 't_email');
@@ -275,11 +275,14 @@ if (!$show['show']) {
                         $status = hesk_dbFetchAssoc($statusRS);
                         $isClosable = $status['Closable'] == 'yes' || $status['Closable'] == 'conly';
                         $random = rand(10000, 99999);
-                        if ($ticket['isClosed'] == true && $ticket['locked'] != 1 && $hesk_settings['custopen']) {
-                            echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=2&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['open_action'] . '">' . $hesklang['open_action'] . '</a>';
-                        } elseif ($hesk_settings['custclose'] && $isClosable) {
-                            echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
-                        } ?></p>
+                        if (!$ticket['locked']) {
+                            if ($ticket['isClosed'] == true && $hesk_settings['custopen']) {
+                                echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=2&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['open_action'] . '">' . $hesklang['open_action'] . '</a>';
+                            } elseif ($hesk_settings['custclose'] && $isClosable) {
+                                echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
+                            }
+                        }
+                        ?></p>
                 </div>
             </div>
             <div class="row medLowPriority">
