From e6b2afa1dc807e27a76d740e41837056d4a4a847 Mon Sep 17 00:00:00 2001
From: 1day2die <ownerdennis8@gmail.com>
Date: Fri, 13 Jan 2023 19:18:50 +0100
Subject: [PATCH] possible ticket fix

---
 app/Http/Controllers/Moderation/TicketsController.php | 2 +-
 app/Http/Controllers/TicketsController.php            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Moderation/TicketsController.php b/app/Http/Controllers/Moderation/TicketsController.php
index ffc0a321..be974ad2 100644
--- a/app/Http/Controllers/Moderation/TicketsController.php
+++ b/app/Http/Controllers/Moderation/TicketsController.php
@@ -79,7 +79,7 @@ class TicketsController extends Controller
                 return $tickets->ticketcategory->name;
             })
             ->editColumn('title', function (Ticket $tickets) {
-                return '<a class="text-info"  href="'.route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.$tickets->title.'</a>';
+                return '<a class="text-info"  href="'.route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).'</a>';
             })
             ->editColumn('user_id', function (Ticket $tickets) {
                 return '<a href="'.route('admin.users.show', $tickets->user->id).'">'.$tickets->user->name.'</a>';
diff --git a/app/Http/Controllers/TicketsController.php b/app/Http/Controllers/TicketsController.php
index 203d2560..bbc6df19 100644
--- a/app/Http/Controllers/TicketsController.php
+++ b/app/Http/Controllers/TicketsController.php
@@ -117,7 +117,7 @@ class TicketsController extends Controller
                 return $tickets->ticketcategory->name;
             })
             ->editColumn('title', function (Ticket $tickets) {
-                return '<a class="text-info"  href="'.route('ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.$tickets->title.'</a>';
+                return '<a class="text-info"  href="'.route('ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).'</a>';
             })
             ->editColumn('status', function (Ticket $tickets) {
                 switch ($tickets->status) {