[Vtigercrm-developers] csrf code getting embedded in Ticket Emails

Fri Jan 9 12:25:33 GMT 2015

Thanks! for the information Alan :)

We will work on this provided information and try to reproduce the issue.

On Fri, Jan 9, 2015 at 4:26 PM, Alan Lord <alanslists at gmail.com> wrote:

>
>
> On 09/01/15 10:24, Uma S wrote:
>
>> Hi Alan,
>>
>> Can you kindly provide us  a information regarding this issue?
>>
>> Are you facing this when creating ticket from mail-scanner through
>> actions of mail-scanner. where description of mail getting copied to
>> ticket description contains all these csrf info?
>>
>
> It's a production system so it's quite hard to do much testing on it but
> looking through several Tickets on their system I notice the following:
>
> A Ticket seems to be duplicated when the first one is created so for
> example on their system there is a Ticket with a Title of "Bad Part
> Quality" Created On Mon, Jan 05, 2015 at 4:43 PM. This has a clean
> Description field.
>
> There is another Ticket called "Ticket Number : TT85 Bad Part quality"
> that contains all the csrf code in the Description. (TT85 is the number of
> the original Ticket...) This ticket was Created On Mon, Jan 05, 2015 at
> 5:00 PM.
>
> Notice that the Created time is about 15 minutes after the original... I
> have no idea where this csrf code is coming from nut it would seem to me
> that this Ticket is being created by a workflow of some kind or perhaps by
> the Mail Scanner itself once the first Ticket was added?
>
> I can't really tell you much more and do not have access to their Mail
> Server so that side of things is going to be hard to investigate.
>
> HTH
>
> Al
>
>
> _______________________________________________
> http://www.vtiger.com/
>

-- 
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150109/a38ae195/attachment.html>