From 8c3324ead691b636eacbf77af5b39e90a49cffcc Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Sat, 29 Aug 2015 22:26:44 -0400 Subject: [PATCH] #334 Fix escaping on ticket templates page --- admin/manage_ticket_templates.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/admin/manage_ticket_templates.php b/admin/manage_ticket_templates.php index 8ff7d655..caa31ae0 100644 --- a/admin/manage_ticket_templates.php +++ b/admin/manage_ticket_templates.php @@ -133,7 +133,9 @@ $num = hesk_dbNumRows($result); $options .= '>'.$mysaved['title'].''; if ($modsForHesk_settings['rich_text_for_tickets']) { - $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", html_entity_decode($mysaved['message'] ))."';\n"; + $theMessage = html_entity_decode($mysaved['message']); + $theMessage = addslashes($theMessage); + $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage)."';\n"; } else { $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n"; }