From b41786cd8e69e659ae0dc339d08c3002970aa030 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 3 Feb 2015 17:42:35 -0600
Subject: [PATCH] oops: Fix email header popup dialog

---
 include/ajax.tickets.php                              | 4 +++-
 include/staff/templates/thread-email-headers.tmpl.php | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index 8d7228dea..9933fb28a 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -785,9 +785,11 @@ class TicketsAjaxAPI extends AjaxController {
     }
 
     function triggerThreadAction($ticket_id, $thread_id, $action) {
-        $thread = ThreadEntry::lookup($thread_id, $ticket_id);
+        $thread = ThreadEntry::lookup($thread_id);
         if (!$thread)
             Http::response(404, 'No such ticket thread entry');
+        if ($thread->getThread()->getObjectId() != $ticket_id)
+            Http::response(404, 'No such ticket thread entry');
 
         $valid = false;
         foreach ($thread->getActions() as $group=>$list) {
diff --git a/include/staff/templates/thread-email-headers.tmpl.php b/include/staff/templates/thread-email-headers.tmpl.php
index 6e2f45809..a84216ab4 100644
--- a/include/staff/templates/thread-email-headers.tmpl.php
+++ b/include/staff/templates/thread-email-headers.tmpl.php
@@ -3,7 +3,7 @@
 <hr/>
 
 <pre style="max-height: 300px; overflow-y: scroll">
-<?php echo $headers; ?>
+<?php echo Format::htmlchars($headers); ?>
 </pre>
 
 <hr>
-- 
GitLab