Mod osTicket 1.7 to accept HTML in tickets

Mod osTicket 1.7 to accept HTML in tickets

After updating osTicket to its latest stable release, I had to redo the mod to make it accept HTML messages (too bad this hasn’t already been added, at least as an option, to the core).

After digging around quite a bit around the completely re-arranged codebase, I eventually found the required change. It’s actually even simpler than in 1.6.

We need to change one line in include/class.thread.php:

    function create($vars) {

        [...]

        $sql=' INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '
            .' ,thread_type='.db_input($vars['type'])
            .' ,ticket_id='.db_input($vars['ticketId'])
            .' ,title='.db_input(Format::sanitize($vars['title'], true))
            .' ,body='.db_input(Format::sanitize($vars['body'], true))
            .' ,staff_id='.db_input($vars['staffId'])
            .' ,poster='.db_input($vars['poster'])
            .' ,source='.db_input($vars['source']);

to

    function create($vars) {

        [...]

        $sql=' INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '
            .' ,thread_type='.db_input($vars['type'])
            .' ,ticket_id='.db_input($vars['ticketId'])
            .' ,title='.db_input(Format::sanitize($vars['title'], true))
            .' ,body='.db_input(htmlspecialchars($vars['body'],ENT_COMPAT,"UTF-8")) // HTML Mod
            .' ,staff_id='.db_input($vars['staffId'])
            .' ,poster='.db_input($vars['poster'])
            .' ,source='.db_input($vars['source']);

 

This information only applies to osTicket version 1.7 stable. See here for version 1.6.

Leave a Reply