Angle Brackets break formatting

[spanguel]

I found the following Issue which is also describing my problem and was closed but this issue seems to be still existing in version 1.15.6: 3375

Had it in 1.15.2 and upgraded to 1.15.6 to test.

when forwarding an email to osTicket, it messes up body content containing <name@mail.tld>

original message which got forwarded for testing to osticket:

-----Ursprüngliche Nachricht-----
Von: postmaster@mydomain.tld <postmaster@mydomain.tld> 
Gesendet: Montag, 28. März 2022 02:41
An: Last First <first.last@mydomain.tld>
Betreff: E-Mail blockiert: Bad URL

Die Nachricht von "Verheiratete Frau" <ublyxhr@alaniase.mordovia.ru> mit dem Betreff [SPAM] Eine Affäre beginnen wurde unter Quarantäne gestellt, da sie einen Link auf eine als bedenklich eingestufte Webseite enthält.

Bei Fragen wenden Sie sich bitte an die -company removed- oder senden sie eine E-Mail an [helpdesk@mydomain.tld](mailto:helpdesk@mydomain.tld)

how it is displayed in osTicket:

-----Ursprüngliche Nachricht-----
Von: postmaster@mydomain.tld <postmaster> 
Gesendet: Montag, 28. März 2022 02:41
An: Last First <first.last>
Betreff: E-Mail blockiert: Bad URL

Die Nachricht von "Verheiratete Frau" <ublyxhr> mit dem Betreff [SPAM] Eine Affäre beginnen wurde unter Quarantäne gestellt, da sie einen Link auf eine als bedenklich eingestufte Webseite enthält.

Bei Fragen wenden Sie sich bitte an die -company removed- oder senden sie eine E-Mail an [helpdesk@mydomain.tld](mailto:helpdesk@mydomain.tld)</ublyxhr></first.last></postmaster>

it basically converts <name@domain.tld> to <name> and try's to close the tag at the end with </name> This mail is just an example i had available but when users try to forward their blocked mails and i cant even see the sending domain, its a bit annoying and i don't know why its doing that. And since Outlook is using that formatting, i cannot simply edit that :/

I'm grabbing mails from an exchange and mailcow, which both yield the same result

also can someone please test that with 1.16

[JediKev]

@spanguel

Yes, we HTML balance and sanitize the content. Since <> is seen as HTML it will be balanced/sanitized as such. We are not touching the sanitization or balancing in the current, legacy code. We are adding better sanitization in v2.0.

Cheers.

[spanguel]

@JediKev

nice, good to know. for the time being, could you be so kind to direct me to the file where that is happening so i could try to fiddle with it until 2.0 is out? I hope my basic PHP knowledge is enough for a quick fix for my specific case.

[spanguel]

I made a small fix for my case. If anyone has the same issue and would like to "fix" it quick and dirty:

This is only taking care of "real" domains. a local domain with only a name but no .tld does not work

in the file include/class.format.php on line 135 add the following:

preg_match_all('/[<][^<]\S*[@]\S*[.]\S*?[>]/i', $html, $matches);
        foreach ($matches as $val) {
                $replace1 = str_replace("<", "&lt;", $val);
                $replace = str_replace(">", "&gt;", $replace1);
                $html = str_replace($val, $replace, $html);
        }

between

if (!trim($html))
return $html;

and

$doc = new DomDocument();

like so:

...
if (!trim($html))
            return $html;

        /* spanguel edit start */
        preg_match_all('/[<][^<]\S*[@]\S*[.]\S*?[>]/i', $html, $matches);
        foreach ($matches as $val) {
                $replace1 = str_replace("<", "&lt;", $val);
                $replace = str_replace(">", "&gt;", $replace1);
                $html = str_replace($val, $replace, $html);
        }
        /* spanguel edit end */

$doc = new DomDocument();
...