Merge pull request #1189 from itflow-org/ticket-redaction

Add ticket redaction feature

Author: wrongecho

js/app.js

@@ -277,6 +277,23 @@ tinymce.init({
     }
 });
 
+// Initialize TinyMCE editor with only a redact button
+tinymce.init({
+    selector: '.tinymceTicketRedact',
+    browser_spellcheck: false,
+    contextmenu: false,
+    resize: true,
+    min_height: 300,
+    max_height: 500,
+    promotion: false,
+    branding: false,
+    menubar: false,
+    statusbar: false,
+    license_key: 'gpl',
+    readonly: true,
+    toolbar: '',
+});
+
 // DateTime
 $('.datetimepicker').datetimepicker({
 });

js/ticket_redact.js

@@ -0,0 +1,15 @@
+// Redact the selected text in TinyMCE
+function redactSelectedText() {
+    const editor = tinymce.get('tinymceTicketRedact');  // Get TinyMCE editor instance
+    const selectedText = editor.selection.getContent();  // Get selected content
+
+    if (selectedText) {
+        // Wrap the selected text with a redacted span
+        const redactedNode = `<strong><span style="color: #e03e2d;">[REDACTED]</span></strong>`;
+
+        // Replace the selected text with the redacted span
+        editor.selection.setContent(redactedNode);
+    } else {
+        alert('Please select some text to redact.');
+    }
+}

post/user/ticket.php

@@ -1589,6 +1589,29 @@
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
+if (isset($_POST['redact_ticket_reply'])) {
+
+    // Perms - Admins only
+    if (!isset($session_is_admin) || !$session_is_admin) {
+        exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
+    }
+    validateCSRFToken($_POST['csrf_token']);
+
+    $ticket_id = intval($_POST['ticket_id']);
+    $ticket_reply_id = intval($_POST['ticket_reply_id']);
+    $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
+    $client_id = intval($_POST['client_id']);
+
+    mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_ticket_id = $ticket_id");
+
+    // Logging
+    logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
+
+    $_SESSION['alert_message'] = "Ticket reply redacted";
+
+    header("Location: ticket_redact.php?ticket_id=" . $ticket_id);
+}
+
 if (isset($_POST['merge_ticket'])) {
 
     enforceUserPermission('module_support', 2);