Page 1 of 1
Remove submit ticket option from main page
Posted: Wed Oct 12, 2022 9:59 am
by xxddgert
Hi
Is there a some config/other option, to remove "Submit ticket" from main page completely and leave only "View existing tickets"?
The thing is, we only get tickets via api/mails and that submit ticket option is used only by attackers who want to test different xss injection on our setup.
So, wondering, how to remove that in the best possible way - maybe in the code if there is no config option.
Thanks in advance.
Re: Remove submit ticket option from main page
Posted: Wed Oct 12, 2022 10:24 am
by Noke101
xxddgert wrote: Wed Oct 12, 2022 9:59 am
Hi
Is there a some config/other option, to remove "Submit ticket" from main page completely and leave only "View existing tickets"?
The thing is, we only get tickets via api/mails and that submit ticket option is used only by attackers who want to test different xss injection on our setup.
So, wondering, how to remove that in the best possible way - maybe in the code if there is no config option.
Thanks in advance.
in the /theme/hesk/customer/index.php
Code: Select all
<a href="index.php?a=add" class="navlink">
<div class="icon-in-circle">
<svg class="icon icon-submit-ticket">
<use xlink: href="<?php echo TEMPLATE_PATH; ?>customer/img/sprite.svg#icon-submit-ticket"></use>
</svg>
</div>
<div>
<h5 class="navlink__title"><?php echo $hesklang['submit_ticket']; ?></h5>
<div class="navlink__descr"><?php echo $hesklang['open_ticket']; ?></div>
</div>
</a>
You can remove this code on line:102, you will have only one button "View existing ticket"
Re: Remove submit ticket option from main page
Posted: Wed Oct 12, 2022 2:59 pm
by xxddgert
Noke101 wrote: Wed Oct 12, 2022 10:24 am
in the /theme/hesk/customer/index.php
Thanks, did that, but nothing changed. Any idea what could i miss? I'm using hesk 3.4.1 btw.
Re: Remove submit ticket option from main page
Posted: Wed Oct 12, 2022 4:40 pm
by Klemen
The code that Noke101 is indeed the correct one.
Have you modified the correct file (removed the correct code)?
Are you using a custom theme? Make sure you modify the file from your custom theme if so.
It's possible you have some caching enabled on your server that has the old pages cached; if yes, try disabling caching for your Hesk folder.
Re: Remove submit ticket option from main page
Posted: Thu Oct 13, 2022 10:19 am
by xxddgert
Klemen wrote: Wed Oct 12, 2022 4:40 pm
Have you modified the correct file (removed the correct code)?
Hi. I removed all code that Noke101 mentioned.
Code: Select all
root@830b5ebd3b4d:/srv# cat theme/hesk/customer/index.php |grep submit_ticket
root@830b5ebd3b4d:/srv#
In my setup hesk is deployed on ecs with apache2 before it, so I believe nothing is cached there. Theme is also default.
Wondering, maybe i need to delete it somewhere else?
Code: Select all
root@home:~/Downloads/hesk341$ sudo grep -rnw './' -e 'a=add'
./admin/admin_submit_ticket.php:501: hesk_process_messages(sprintf($hesklang['antdemo'], 'https://www.hesk.com/demo/index.php?a=add'), 'new_ticket.php?category='.$tmpvar['category']);
./admin/new_ticket.php:1055: <?php hesk_show_notice(sprintf($hesklang['antdemo'], 'https://www.hesk.com/demo/index.php?a=add')); ?>
./admin/new_ticket.php:1137: <a href="new_ticket.php?a=add&category=<?php echo $k; ?>" class="navlink <?php if ($number_of_categories > 8) echo "navlink-condensed"; ?>">
./admin/manage_categories.php:220: data-link="<?php echo htmlspecialchars($hesk_settings['hesk_url']) . '/index.php?a=add&catid=' . intval($mycat['id']); ?>">
./submit_ticket.php:35: header('Location: index.php?a=add');
./submit_ticket.php:498: hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']);
./submit_ticket.php:598: <meta http-equiv="Refresh" content="0; url=index.php?a=add" />
./submit_ticket.php:601: <p><a href="index.php?a=add"><?php echo $hesklang['c2c']; ?></a>.</p>
./theme/hesk3/customer/create-ticket/create-ticket.php:94: <a href="index.php?a=add">
./theme/hesk3/customer/create-ticket/category-select.php:118: <a href="index.php?a=add&category=<?php echo $k; ?>" class="navlink <?php if ($category_count > 8) echo "navlink-condensed"; ?>">
./theme/hesk3/customer/index.php:104: <a href="index.php?a=add" class="navlink">
Re: Remove submit ticket option from main page
Posted: Thu Oct 13, 2022 10:37 am
by Klemen
You still have it:
Code: Select all
./theme/hesk3/customer/index.php:104: <a href="index.php?a=add" class="navlink">
Note that it's /theme/hesk
3/customer/index.php and not /theme/hesk/customer/index.php
Code: Select all
cat theme/hesk3/customer/index.php |grep submit_ticket
Re: Remove submit ticket option from main page
Posted: Thu Oct 13, 2022 12:31 pm
by xxddgert
Klemen wrote: Thu Oct 13, 2022 10:37 am
Note that it's /theme/hesk3/customer/index.php and not /theme/hesk/customer/index.php
This was the issue, I redacted default one. Many thanks for the help.