diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index ef9f91f8..492a518a 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -1973,7 +1973,9 @@ function hesk_printCanned()
{
$can_options .= '\n";
if ($modsForHesk_settings['rich_text_for_tickets']) {
- echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", hesk_html_entity_decode($mysaved[2]))."';\n";
+ $theMessage = hesk_html_entity_decode($mysaved[2]);
+ $theMessage = addslashes($theMessage);
+ echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage)."';\n";
} else {
echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
}
diff --git a/admin/manage_canned.php b/admin/manage_canned.php
index b4aaf195..b9b83ee0 100644
--- a/admin/manage_canned.php
+++ b/admin/manage_canned.php
@@ -161,7 +161,9 @@ function hesk_insertAtCursor(myField, myValue) {
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
if ($modsForHesk_settings['rich_text_for_tickets']) {
- $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", hesk_html_entity_decode($mysaved['message']) )."';\n";
+ $theMessage = hesk_html_entity_decode($mysaved['message']);
+ $theMessage = addslashes($theMessage);
+ $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage )."';\n";
} else {
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
}
diff --git a/admin/manage_ticket_templates.php b/admin/manage_ticket_templates.php
index 5eba1ae9..65589704 100644
--- a/admin/manage_ticket_templates.php
+++ b/admin/manage_ticket_templates.php
@@ -133,7 +133,9 @@ $num = hesk_dbNumRows($result);
$options .= '>'.$mysaved['title'].'';
if ($modsForHesk_settings['rich_text_for_tickets']) {
- $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", html_entity_decode($mysaved['message'] ))."';\n";
+ $theMessage = html_entity_decode($mysaved['message']);
+ $theMessage = addslashes($theMessage);
+ $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage)."';\n";
} else {
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
}
diff --git a/admin/new_ticket.php b/admin/new_ticket.php
index 2de97f82..6407df19 100644
--- a/admin/new_ticket.php
+++ b/admin/new_ticket.php
@@ -572,7 +572,9 @@ if (!$show['show']) {
{
$can_options .= '\n";
if ($modsForHesk_settings['rich_text_for_tickets']) {
- echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", hesk_html_entity_decode($mysaved[2]))."';\n";
+ $theMessage = hesk_html_entity_decode($mysaved[2]);
+ $theMessage = addslashes($theMessage);
+ echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage)."';\n";
} else {
echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
}