PHPJunkyard support forum

Posted: **Wed Sep 07, 2022 11:11 am**

Script URL:
Version of script:
Hosting company:
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution:

Write your message below: Hello again, I wanted to ask if it is possible to make thumbnails and view without downloading (only images) in the attachment module, I think the preview for example word / excel files will be more difficult, I would like to preview images with thumbnails.

Posted: **Thu Sep 08, 2022 8:42 am**

It's currently not supported by Hesk. We will probably add it at one point in the future, but can't really say when.

Posted: **Thu Sep 08, 2022 1:11 pm**

Hey Noke101,

there is another posting with a sample-code, that pictures won't be downloaded anymore: viewtopic.php?p=28852#p28852 maybe it's kinda, what you're looking for.

Posted: **Thu Sep 08, 2022 1:59 pm**

morphisto.zet wrote: Thu Sep 08, 2022 1:11 pm Hey Noke101,

there is another posting with a sample-code, that pictures won't be downloaded anymore: viewtopic.php?p=28852#p28852 maybe it's kinda, what you're looking for.

I tried this, not exactly what I wanted, but it works without downloading, but opens the picture in a new tab. Many thanks!!

Posted: **Tue Sep 13, 2022 3:02 pm**

Good time of day.
Please tell me how in this code to open attachments on a new tab by clicking?
target = "_blank" does not want to do this, or I insert it in the wrong place.

Posted: **Tue Sep 27, 2022 12:29 pm**

shddcit wrote: Tue Sep 13, 2022 3:02 pm Good time of day.
Please tell me how in this code to open attachments on a new tab by clicking?
target = "_blank" does not want to do this, or I insert it in the wrong place.

Hi, i added target="_blank" in admin_ticket.php

I kept the ability to quickly download a file when clicking on the icon, and when clicking on the link it opens in a new tab, I changed the attachment icon accordingly.

Code: Select all

<a target="_blank" title="'.$hesklang['dnl'].' '.$att_name.'" href="../download_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">
            <svg class="icon icon-export" style="width: 16px; height: 16px; margin-right: 0px; vertical-align: text-bottom;">
                <use xlink :href="'. HESK_PATH .'img/sprite.svg#icon-export"></use>
            </svg>
        </a>
		<a target="_blank" class="underline" title="'.$hesklang['dnl'].' '.$att_name.'" href="../view_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">'.$att_name.'</a><br />

*If you copy this, don't forget the space between xlink :href

Posted: **Tue Sep 27, 2022 5:03 pm**

Thank you very much.
Your decision helped me a lot.

Posted: **Wed Sep 28, 2022 10:15 am**

shddcit wrote: Tue Sep 27, 2022 5:03 pm Thank you very much.
Your decision helped me a lot.

You are welcome!
The only thing I want to add is that the use of target="_blank" is not recognized as valid in w3c.
There are some vulnerabilities that can be exploited if you use target="_blank".
I have not yet found any solution how to implement opening a new window without target="_blank".

Perhaps Klemen can tell us something, he has much more experience and knowledge in this scope than we have

Posted: **Wed Sep 28, 2022 1:07 pm**

I don't know of any target="_blank" vulnerabilities and this is the same code used throughout the web, shouldn't be an issue.

Posted: **Wed Sep 28, 2022 3:37 pm**

Klemen wrote: Wed Sep 28, 2022 1:07 pm I don't know of any target="_blank" vulnerabilities and this is the same code used throughout the web, shouldn't be an issue.

When I tried to look for information about target="_blank", I came across a lot of sites that told about the vulnerability associated with this.

https://www.jitbit.com/alexblog/256-ta ... lity-ever/

Posted: **Wed Sep 28, 2022 3:43 pm**

Noke101 wrote: Wed Sep 28, 2022 3:37 pm When I tried to look for information about target="_blank", I came across a lot of sites that told about the vulnerability associated with this.

https://www.jitbit.com/alexblog/256-ta ... lity-ever/

Didn't know about that. Thx. But: It's only interessing, if you're opening an external site and not one your responsible for... So there would be no vulnerability for you in this scenario.

Posted: **Wed Sep 28, 2022 4:12 pm**

You can only exploit that if you own a malicious website that sends your users to malicious pages. It's not something someone can exploit on your website.

Posted: **Thu Sep 29, 2022 6:02 am**

Klemen wrote: Wed Sep 28, 2022 4:12 pm You can only exploit that if you own a malicious website that sends your users to malicious pages. It's not something someone can exploit on your website.

Now it's clear. Thanks for the clarification.

PHPJunkyard support forum

Attachments thumbnails

Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails

Re: Attachments thumbnails