From 6e5c1f6a2d64c1422a6149e6c8b4db88c86f9935 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 9 Sep 2013 20:57:50 +0000
Subject: [PATCH] Forbid message loops for alert messages

If an alert message manages to loop back into the ticketing system, refuse
posting to the ticket thread. Technically, the message should be marked as
an auto-response message; however, auto-response messages should usually be
allowed to be appended to the ticket thread.

This patch will check if the From email header cites an email address that
is a system email address (visible in the Emails section of the Admin
Panel). If it is, the email is completely ignored.
---
 include/class.mailfetch.php | 7 +++----
 include/class.thread.php    | 5 +++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/class.mailfetch.php b/include/class.mailfetch.php
index 9f0ae3b1e..7fee6868a 100644
--- a/include/class.mailfetch.php
+++ b/include/class.mailfetch.php
@@ -426,11 +426,10 @@ class MailFetcher {
 
         if (($thread = ThreadEntry::lookupByEmailHeaders($vars))
                 && ($message = $thread->postEmail($vars))) {
-            if ($message === true)
+            if (!$message instanceof ThreadEntry)
                 // Email has been processed previously
-                return true;
-            elseif ($message)
-                $ticket = $message->getTicket();
+                return $message;
+            $ticket = $message->getTicket();
         } elseif (($ticket=Ticket::create($vars, $errors, 'Email'))) {
             $message = $ticket->getLastMessage();
         } else {
diff --git a/include/class.thread.php b/include/class.thread.php
index d0260be90..c31a19151 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -519,6 +519,7 @@ Class ThreadEntry {
 
         $vars = array(
             'mid' =>    $mailinfo['mid'],
+            'header' => $mailinfo['header'],
             'ticketId' => $ticket->getId(),
             'poster' => $mailinfo['name'],
             'origin' => 'Email',
@@ -543,6 +544,10 @@ Class ThreadEntry {
             $vars['note'] = $body;
             return $ticket->postNote($vars, $errors, $poster);
         }
+        elseif (Email::lookupByEmail($mailinfo['email'])) {
+            // Don't process the email -- it came FROM this system
+            return true;
+        }
         // TODO: Consider security constraints
         else {
             $vars['message'] = sprintf("Received From: %s\n\n%s",
-- 
GitLab