[Vtigercrm-developers] csrf code getting embedded in Ticket Emails
Alan Lord
alanslists at gmail.com
Fri Jan 9 10:56:58 GMT 2015
On 09/01/15 10:24, Uma S wrote:
> Hi Alan,
>
> Can you kindly provide us a information regarding this issue?
>
> Are you facing this when creating ticket from mail-scanner through
> actions of mail-scanner. where description of mail getting copied to
> ticket description contains all these csrf info?
It's a production system so it's quite hard to do much testing on it but
looking through several Tickets on their system I notice the following:
A Ticket seems to be duplicated when the first one is created so for
example on their system there is a Ticket with a Title of "Bad Part
Quality" Created On Mon, Jan 05, 2015 at 4:43 PM. This has a clean
Description field.
There is another Ticket called "Ticket Number : TT85 Bad Part quality"
that contains all the csrf code in the Description. (TT85 is the number
of the original Ticket...) This ticket was Created On Mon, Jan 05, 2015
at 5:00 PM.
Notice that the Created time is about 15 minutes after the original... I
have no idea where this csrf code is coming from nut it would seem to me
that this Ticket is being created by a workflow of some kind or perhaps
by the Mail Scanner itself once the first Ticket was added?
I can't really tell you much more and do not have access to their Mail
Server so that side of things is going to be hard to investigate.
HTH
Al
More information about the vtigercrm-developers
mailing list