Hi
Is there a some config/other option, to remove "Submit ticket" from main page completely and leave only "View existing tickets"?
The thing is, we only get tickets via api/mails and that submit ticket option is used only by attackers who want to test different xss injection on our setup.
So, wondering, how to remove that in the best possible way - maybe in the code if there is no config option.
Thanks in advance.
Remove submit ticket option from main page
Moderator: mkoch227
Re: Remove submit ticket option from main page
in the /theme/hesk/customer/index.phpxxddgert wrote: Wed Oct 12, 2022 9:59 am Hi
Is there a some config/other option, to remove "Submit ticket" from main page completely and leave only "View existing tickets"?
The thing is, we only get tickets via api/mails and that submit ticket option is used only by attackers who want to test different xss injection on our setup.
So, wondering, how to remove that in the best possible way - maybe in the code if there is no config option.
Thanks in advance.
Code: Select all
<a href="index.php?a=add" class="navlink">
<div class="icon-in-circle">
<svg class="icon icon-submit-ticket">
<use xlink: href="<?php echo TEMPLATE_PATH; ?>customer/img/sprite.svg#icon-submit-ticket"></use>
</svg>
</div>
<div>
<h5 class="navlink__title"><?php echo $hesklang['submit_ticket']; ?></h5>
<div class="navlink__descr"><?php echo $hesklang['open_ticket']; ?></div>
</div>
</a>Re: Remove submit ticket option from main page
Thanks, did that, but nothing changed. Any idea what could i miss? I'm using hesk 3.4.1 btw.
Re: Remove submit ticket option from main page
The code that Noke101 is indeed the correct one.
Have you modified the correct file (removed the correct code)?
Are you using a custom theme? Make sure you modify the file from your custom theme if so.
It's possible you have some caching enabled on your server that has the old pages cached; if yes, try disabling caching for your Hesk folder.
Have you modified the correct file (removed the correct code)?
Are you using a custom theme? Make sure you modify the file from your custom theme if so.
It's possible you have some caching enabled on your server that has the old pages cached; if yes, try disabling caching for your Hesk folder.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here 
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Re: Remove submit ticket option from main page
Hi. I removed all code that Noke101 mentioned.Klemen wrote: Wed Oct 12, 2022 4:40 pm Have you modified the correct file (removed the correct code)?
Code: Select all
root@830b5ebd3b4d:/srv# cat theme/hesk/customer/index.php |grep submit_ticket
root@830b5ebd3b4d:/srv#
Wondering, maybe i need to delete it somewhere else?
Code: Select all
root@home:~/Downloads/hesk341$ sudo grep -rnw './' -e 'a=add'
./admin/admin_submit_ticket.php:501: hesk_process_messages(sprintf($hesklang['antdemo'], 'https://www.hesk.com/demo/index.php?a=add'), 'new_ticket.php?category='.$tmpvar['category']);
./admin/new_ticket.php:1055: <?php hesk_show_notice(sprintf($hesklang['antdemo'], 'https://www.hesk.com/demo/index.php?a=add')); ?>
./admin/new_ticket.php:1137: <a href="new_ticket.php?a=add&category=<?php echo $k; ?>" class="navlink <?php if ($number_of_categories > 8) echo "navlink-condensed"; ?>">
./admin/manage_categories.php:220: data-link="<?php echo htmlspecialchars($hesk_settings['hesk_url']) . '/index.php?a=add&catid=' . intval($mycat['id']); ?>">
./submit_ticket.php:35: header('Location: index.php?a=add');
./submit_ticket.php:498: hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']);
./submit_ticket.php:598: <meta http-equiv="Refresh" content="0; url=index.php?a=add" />
./submit_ticket.php:601: <p><a href="index.php?a=add"><?php echo $hesklang['c2c']; ?></a>.</p>
./theme/hesk3/customer/create-ticket/create-ticket.php:94: <a href="index.php?a=add">
./theme/hesk3/customer/create-ticket/category-select.php:118: <a href="index.php?a=add&category=<?php echo $k; ?>" class="navlink <?php if ($category_count > 8) echo "navlink-condensed"; ?>">
./theme/hesk3/customer/index.php:104: <a href="index.php?a=add" class="navlink">
Re: Remove submit ticket option from main page
You still have it:
Note that it's /theme/hesk3/customer/index.php and not /theme/hesk/customer/index.php
Code: Select all
./theme/hesk3/customer/index.php:104: <a href="index.php?a=add" class="navlink">Code: Select all
cat theme/hesk3/customer/index.php |grep submit_ticketKlemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Re: Remove submit ticket option from main page
This was the issue, I redacted default one. Many thanks for the help.Klemen wrote: Thu Oct 13, 2022 10:37 am Note that it's /theme/hesk3/customer/index.php and not /theme/hesk/customer/index.php