Stripping Quoted Emails using Regex from Tickets

[cyben76]

Hi,

From https://help.whmcs.com/m/support_tools/l/1265973-stripping-quoted-emails-from-tickets we could remove quoted text below the break line.

The issue I'm having is that the text below is also include in the ticket, which sometimes causes confusion:

On Tue, Jun 9, 2015 at 5:33 PM, Admin <test@gmail.com> wrote:

 

How do I remove that line using regex ? Example:

/On.*?wrote:/

 

Edited December 11, 2021 by cyben76

[cyben76]

Ok, managed to find a solution using a hook:

 

<?php
use Illuminate\Database\Capsule\Manager as Capsule;

if (!defined("WHMCS"))
    die("This file cannot be accessed directly");

function StripEmailTicket($vars) 
{

    $str = $vars['message'];
    $pattern = "/On.*(\t|\n|\r|\b).*wrote:/";
    $message = preg_replace($pattern, "", $str);
    


Capsule::connection()->statement("UPDATE tblticketreplies
            SET message = '" . mysql_real_escape_string($message) . "'
            WHERE id = '" . intval($vars['replyid']) . "'");

    
}   
 
add_hook('TicketUserReply',     0, 'StripEmailTicket');


?>

 

[string]

It's nice that you share a solution to your own question 🙂

I want to note: This update query is insecure and makes you vulnerable to SQL injections. I cannot say to which extent this can actually be exploited (because "On ... wrote:" must be at the end), but it is an avoidable security risk as mysql_real_escape_string does not protect against all kinds of SQL injections. And mysql_real_escape_string has been removed from recent PHP versions. As far i know, WHMCS has rebuilt this function so it still works, but they may remove it in a later version.

Instead i suggest to update the row as follow:

Capsule::table('tblticketreplies')->where('id', $vars['replyid'])->update([
    'message' => $message
]);

No escaping is required, from the docs:

Quote

Capsule escapes all input, so it is not necessary to add escaping slashes to variables passed to these methods.

About the regex: I would have concerns about false positives. It might be a good idea to require that the next line must contain the character ">" and that the number of characters between "On" and "wrote:" must not exceed XX chars.

[cyben76]

3 minutes ago, string said:

It's nice that you share a solution to your own question 🙂

I want to note: This update query is insecure and makes you vulnerable to SQL injections. I cannot say to which extent this can actually be exploited (because "On ... wrote:" must be at the end), but it is an avoidable security risk as mysql_real_escape_string does not protect against all kinds of SQL injections. And mysql_real_escape_string has been removed from recent PHP versions. As far i know, WHMCS has rebuilt this function so it still works, but they may remove it in a later version.

Instead i suggest to update the row as follow:

Capsule::table('tblticketreplies')->where('id', $vars['replyid'])->update([
    'message' => $message
]);

No escaping is required, from the docs:

About the regex: I would have concerns about false positives. It might be a good idea to require that the next line must contain the character ">" and that the number of characters between "On" and "wrote:" must not exceed XX chars.

Thank you for the suggestion. Working on it now.

[Ramouz]

On 12/11/2021 at 12:01 PM, cyben76 said:

Thank you for the suggestion. Working on it now.

Hi @cyben76,

Do you happen to have a working hook for this? I'd love to have it as well.