Mod osTicket 1.6 to accept HTML in tickets content

Mod osTicket 1.6 to accept HTML in tickets content

osTicket is a great open source support/ticketing system.

The only serious limitation I found so far is its inability to display HTML in support tickets – a feature deeply required when providing support for web components.

Fortunately, this can be improved. To make osTicket stop stripping HTML, we need to change two lines in the include/class.ticket.php file:

$sql='INSERT INTO '.TICKET_MESSAGE_TABLE.' SET created=NOW() '.
',ticket_id='.db_input($this->getId()).
',messageId='.db_input($msgid).
',message='.db_input(Format::striptags($msg)). //Tags/code stripped...meaning client can not send in code..etc
',headers='.db_input($headers). //Raw header.
',source='.db_input($source).
',ip_address='.db_input($_SERVER['REMOTE_ADDR']);

to

$sql='INSERT INTO '.TICKET_MESSAGE_TABLE.' SET created=NOW() '.
',ticket_id='.db_input($this->getId()).
',messageId='.db_input($msgid).
',message='.db_input(htmlspecialchars($msg,ENT_COMPAT,"UTF-8")). // HTML MOD
',headers='.db_input($headers). //Raw header.
',source='.db_input($source).
',ip_address='.db_input($_SERVER['REMOTE_ADDR']);

and

$sql= 'INSERT INTO '.TICKET_RESPONSE_TABLE.' SET created=NOW() '.
',ticket_id='.db_input($this->getId()).
',msg_id='.db_input($msgid).
',response='.db_input(Format::striptags($response)).
',staff_id='.db_input($thisuser->getId()).
',staff_name='.db_input($thisuser->getName()).
',ip_address='.db_input($thisuser->getIP());

to

$sql= 'INSERT INTO '.TICKET_RESPONSE_TABLE.' SET created=NOW() '.
',ticket_id='.db_input($this->getId()).
',msg_id='.db_input($msgid).
',response='.db_input(htmlspecialchars($response,ENT_COMPAT,"UTF-8")). // HTML MOD
',staff_id='.db_input($thisuser->getId()).
',staff_name='.db_input($thisuser->getName()).
',ip_address='.db_input($thisuser->getIP());

Note that these changes have not been tested for security, so making these changes is your own responsibility.

This information only applies to version 1.6 stable. See here the guide for version 1.7.

Leave a Reply