I cannot for the life of me figure out how to add a link when I respond to a visitor's ticket.

For example:

In osTicket 1.3.1 (installed via cpanel through my host)

All I did was use basic HTML link code:


and would of course get:

I upgraded to osTicket 1.6, and this process no longer works.

Since the website is for free tech support, I frequently provide links to various resources online (today was flash player installer) .

I've searched through documentation, and didn't see any settings that I was missing.

Any help would be appreciated.

Thanks!

-- Joe

Open \include\class.ticket.php, FIND:
$sql='INSERT INTO '.TICKET_MESSAGE_TABLE.' SET created=NOW() '.
',ticket_id='.db_input($this->getId()).
',message='.db_input(Format::striptags($msg)). //Tags/code stripped...meaning client can not send in code..etc
',headers='.db_input($headers). //Raw header.
',source='.db_input($source).
',ip_address='.db_input($_SERVER['REMOTE_ADDR']);


REPLACE WITH:
$sql='INSERT INTO '.TICKET_MESSAGE_TABLE.' SET created=NOW() '.
',ticket_id='.db_input($this->getId()).
',message='.db_input($msg). //Tags allowed (use at your own risk)
',headers='.db_input($headers). //Raw header.
',source='.db_input($source).
',ip_address='.db_input($_SERVER['REMOTE_ADDR']);


Best regards,
Masino Sinaga

Masino,

With due respect, your solution might accomplish what Joe is asking for but it is a short cut with security implications - a hole for a persistent XSS exploit. My concern is someone else will simply copy the code without understanding the security implications.

osTicket already supports making a link out of urls on the fly - "Joe" question doesn't make any sense at all if you ask me. I will dig deeper.:confused: