#334 Properly escape quotes in canned responses/ticket templates

2015-08-30 12:03:43 -04:00 · 2015-08-30 12:03:43 -04:00 · 63f0199f9e
commit 63f0199f9e
parent 8c3324ead6
3 changed files with 9 additions and 3 deletions
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@ -1973,7 +1973,9 @@ function hesk_printCanned()
 	{
 	    $can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1]. "</option>\n";
 	    if ($modsForHesk_settings['rich_text_for_tickets']) {
-	        echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", hesk_html_entity_decode($mysaved[2]))."';\n";
+	        $theMessage = hesk_html_entity_decode($mysaved[2]);
 	        $theMessage = addslashes($theMessage);
 	        echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage)."';\n";
 	    } else {
 	        echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
 	    }
--- a/admin/manage_canned.php
+++ b/admin/manage_canned.php
@ -161,7 +161,9 @@ function hesk_insertAtCursor(myField, myValue) {
                        $javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
                        if ($modsForHesk_settings['rich_text_for_tickets']) {
-                            $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", hesk_html_entity_decode($mysaved['message']) )."';\n";
+                            $theMessage = hesk_html_entity_decode($mysaved['message']);
                            $theMessage = addslashes($theMessage);
                            $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage )."';\n";
                        } else {
                            $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
                        }
--- a/admin/new_ticket.php
+++ b/admin/new_ticket.php
@ -572,7 +572,9 @@ if (!$show['show']) {
                        {
                            $can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1]. "</option>\n";
                            if ($modsForHesk_settings['rich_text_for_tickets']) {
-                                echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", hesk_html_entity_decode($mysaved[2]))."';\n";
+                                $theMessage = hesk_html_entity_decode($mysaved[2]);
                                $theMessage = addslashes($theMessage);
                                echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", $theMessage)."';\n";
                            } else {
                                echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
                            }