diff --git a/admin/admin_reply_ticket.php b/admin/admin_reply_ticket.php
index 62255dd1..a2b5ba22 100644
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@@ -122,7 +122,9 @@ if (strlen($message)) {
// Attach signature to the message?
if (!$submit_as_customer && !empty($_POST['signature'])) {
if ($modsForHesk_settings['rich_text_for_tickets']) {
- $message .= "
" . nl2br($_SESSION['signature']) . "
";
+ $signature = nl2br($_SESSION['signature']);
+ $signature = hesk_htmlspecialchars($signature);
+ $message .= "
" . $signature . "
";
} else {
$message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
}
diff --git a/inc/email_functions.inc.php b/inc/email_functions.inc.php
index 9a1581f0..044472ef 100644
--- a/inc/email_functions.inc.php
+++ b/inc/email_functions.inc.php
@@ -804,7 +804,16 @@ function hesk_processMessage($msg, $ticket, $is_admin, $is_ticket, $just_message
$htmlMessage = nl2br($ticket['message']);
$msg = str_replace('%%MESSAGE_NO_ATTACHMENTS%%', $htmlMessage, $msg);
} else {
- $msg = str_replace('%%MESSAGE_NO_ATTACHMENTS%%', $ticket['message'], $msg);
+ $plainTextMessage = $ticket['message'];
+ $message_has_html = checkForHtml($ticket);
+ if ($message_has_html) {
+ if (!function_exists('convert_html_to_text')) {
+ require(HESK_PATH . 'inc/html2text/html2text.php');
+ }
+ $plainTextMessage = convert_html_to_text($plainTextMessage);
+ $plainTextMessage = fix_newlines($plainTextMessage);
+ }
+ $msg = str_replace('%%MESSAGE_NO_ATTACHMENTS%%', $plainTextMessage, $msg);
}
}