Open spanguel opened 2 years ago
@spanguel
Yes, we HTML balance and sanitize the content. Since <>
is seen as HTML it will be balanced/sanitized as such. We are not touching the sanitization or balancing in the current, legacy code. We are adding better sanitization in v2.0.
Cheers.
@JediKev
nice, good to know. for the time being, could you be so kind to direct me to the file where that is happening so i could try to fiddle with it until 2.0 is out? I hope my basic PHP knowledge is enough for a quick fix for my specific case.
I made a small fix for my case. If anyone has the same issue and would like to "fix" it quick and dirty:
This is only taking care of "real" domains. a local domain with only a name but no .tld does not work
in the file include/class.format.php on line 135 add the following:
preg_match_all('/[<][^<]\S*[@]\S*[.]\S*?[>]/i', $html, $matches);
foreach ($matches as $val) {
$replace1 = str_replace("<", "<", $val);
$replace = str_replace(">", ">", $replace1);
$html = str_replace($val, $replace, $html);
}
between
if (!trim($html))
return $html;
and
$doc = new DomDocument();
like so:
...
if (!trim($html))
return $html;
/* spanguel edit start */
preg_match_all('/[<][^<]\S*[@]\S*[.]\S*?[>]/i', $html, $matches);
foreach ($matches as $val) {
$replace1 = str_replace("<", "<", $val);
$replace = str_replace(">", ">", $replace1);
$html = str_replace($val, $replace, $html);
}
/* spanguel edit end */
$doc = new DomDocument();
...
I found the following Issue which is also describing my problem and was closed but this issue seems to be still existing in version 1.15.6: 3375
Had it in 1.15.2 and upgraded to 1.15.6 to test.
when forwarding an email to osTicket, it messes up body content containing
<name@mail.tld>
original message which got forwarded for testing to osticket:
how it is displayed in osTicket:
it basically converts
<name@domain.tld>
to<name>
and try's to close the tag at the end with</name>
This mail is just an example i had available but when users try to forward their blocked mails and i cant even see the sending domain, its a bit annoying and i don't know why its doing that. And since Outlook is using that formatting, i cannot simply edit that :/I'm grabbing mails from an exchange and mailcow, which both yield the same result
also can someone please test that with 1.16