django-helpdesk/templates/helpdesk/create_ticket.html
Ross Poulton 738a88a5aa * Fix an XSS hole: No user-sourced HTML is displayed at all. Descriptions, resolutions and followup comments are treated as text using force_escape and linebreaksbr template filters. (Issue #39)
* Incoming email also handled slightly differently: If an email has both HTML and Plain-text parts, the plain text is used in the ticket description and/or followup comment fields. The HTML portion is attached as 'email_html_body.html' so it can be viewed by the user. If an HTML-only email is received, the body is entered as "View attachment for body". (Issue #39)
2009-01-19 09:40:14 +00:00

48 lines
2.1 KiB
HTML

{% extends "helpdesk/base.html" %}{% load i18n %}
{% block helpdesk_title %}{% trans "Create Ticket" %}{% endblock %}
{% block helpdesk_body %}
{% blocktrans %}<h2>Submit a Ticket</h2>
<p>Unless otherwise stated, all fields are required. Please provide as descriptive a title and description as possible.</p>{% endblocktrans %}
<form method='post' action='./'>
<fieldset>
<dl>
<dt><label for='id_queue'>{{ form.queue.label }}</label></dt>
<dd>{{ form.queue }}</dd>
{% if form.queue.errors %}<dd class='error'>{{ form.queue.errors }}</dd>{% endif %}
<dt><label for='id_title'>{{ form.title.label }}</label></dt>
<dd>{{ form.title }}</dd>
{% if form.title.errors %}<dd class='error'>{{ form.title.errors }}</dd>{% endif %}
<dt><label for='id_submitter_email'>{{ form.submitter_email.label }}</label> <span class='form_optional'>{% trans "(Optional)" %}</span></dt>
<dd>{{ form.submitter_email }}</dd>
{% if form.submitter_email.errors %}<dd class='error'>{{ form.submitter_email.errors }}</dd>{% endif %}
<dd class='form_help_text'>{{ form.submitter_email.help_text }}</dd>
<dt><label for='id_body'>{{ form.body.label }}</label></dt>
<dd>{{ form.body }}</dd>
{% if form.body.errors %}<dd class='error'>{{ form.body.errors }}</dd>{% endif %}
<dt><label for='id_assigned_to'>{{ form.assigned_to.label }}</label> <span class='form_optional'>{% trans "(Optional)" %}</span></dt>
<dd>{{ form.assigned_to }}</dd>
{% if form.assigned_to.errors %}<dd class='error'>{{ form.assigned_to.errors }}</dd>{% endif %}
<dd class='form_help_text'>{{ form.assigned_to.help_text }}</dd>
<dt><label for='id_priority'>{{ form.priority.label }}</label></dt>
<dd>{{ form.priority }}</dd>
{% if form.priority.errors %}<dd class='error'>{{ form.priority.errors }}</dd>{% endif %}
<dd class='form_help_text'>{{ form.priority.help_text }}</dd>
</dl>
<div class='buttons'>
<input type='submit' value='{% trans "Submit Ticket" %}' />
</div>
</fieldset>
</form>
{% endblock %}