Jump to content

Stripping Quoted Emails using Regex from Tickets


cyben76

Recommended Posts

Hi,

From https://help.whmcs.com/m/support_tools/l/1265973-stripping-quoted-emails-from-tickets we could remove quoted text below the break line.

The issue I'm having is that the text below is also include in the ticket, which sometimes causes confusion:

On Tue, Jun 9, 2015 at 5:33 PM, Admin <test@gmail.com> wrote:

 

How do I remove that line using regex ? Example:

/On.*?wrote:/

 

Edited by cyben76
Link to comment
Share on other sites

Ok, managed to find a solution using a hook:

 

<?php
use Illuminate\Database\Capsule\Manager as Capsule;

if (!defined("WHMCS"))
    die("This file cannot be accessed directly");

function StripEmailTicket($vars) 
{

    $str = $vars['message'];
    $pattern = "/On.*(\t|\n|\r|\b).*wrote:/";
    $message = preg_replace($pattern, "", $str);
    


Capsule::connection()->statement("UPDATE tblticketreplies
            SET message = '" . mysql_real_escape_string($message) . "'
            WHERE id = '" . intval($vars['replyid']) . "'");

    
}   
 
add_hook('TicketUserReply',     0, 'StripEmailTicket');


?>

 

Link to comment
Share on other sites

It's nice that you share a solution to your own question 🙂

I want to note: This update query is insecure and makes you vulnerable to SQL injections. I cannot say to which extent this can actually be exploited (because "On ... wrote:" must be at the end), but it is an avoidable security risk as mysql_real_escape_string does not protect against all kinds of SQL injections. And mysql_real_escape_string has been removed from recent PHP versions. As far i know, WHMCS has rebuilt this function so it still works, but they may remove it in a later version.

Instead i suggest to update the row as follow:

Capsule::table('tblticketreplies')->where('id', $vars['replyid'])->update([
    'message' => $message
]);

No escaping is required, from the docs:

Quote

Capsule escapes all input, so it is not necessary to add escaping slashes to variables passed to these methods.

About the regex: I would have concerns about false positives. It might be a good idea to require that the next line must contain the character ">" and that the number of characters between "On" and "wrote:" must not exceed XX chars.

Link to comment
Share on other sites

3 minutes ago, string said:

It's nice that you share a solution to your own question 🙂

I want to note: This update query is insecure and makes you vulnerable to SQL injections. I cannot say to which extent this can actually be exploited (because "On ... wrote:" must be at the end), but it is an avoidable security risk as mysql_real_escape_string does not protect against all kinds of SQL injections. And mysql_real_escape_string has been removed from recent PHP versions. As far i know, WHMCS has rebuilt this function so it still works, but they may remove it in a later version.

Instead i suggest to update the row as follow:


Capsule::table('tblticketreplies')->where('id', $vars['replyid'])->update([
    'message' => $message
]);

No escaping is required, from the docs:

About the regex: I would have concerns about false positives. It might be a good idea to require that the next line must contain the character ">" and that the number of characters between "On" and "wrote:" must not exceed XX chars.

Thank you for the suggestion. Working on it now.

Link to comment
Share on other sites

  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated