From 9b89cd4003ed8547b8f2d5f71f719688ad356d34 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Wed, 3 Jul 2013 15:25:59 -0500
Subject: [PATCH] Properly trim data from client

When creating tickets, ensure that data which should not contain leading or
trailing whitespace is trimmed and validated accordingly
---
 include/class.ticket.php    | 5 +++++
 include/class.validator.php | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/class.ticket.php b/include/class.ticket.php
index 327560c55..7fc660f7f 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -1812,6 +1812,11 @@ class Ticket {
     function create($vars, &$errors, $origin, $autorespond=true, $alertstaff=true) {
         global $ost, $cfg, $thisclient, $_FILES;
 
+        // Drop extra whitespace
+        foreach (array('email', 'phone', 'subject', 'name') as $f)
+            if (isset($vars[$f]))
+                $vars[$f] = trim($vars[$f]);
+
         //Check for 403
         if ($vars['email']  && Validator::is_email($vars['email'])) {
 
diff --git a/include/class.validator.php b/include/class.validator.php
index 611d8032f..91b0d3d64 100644
--- a/include/class.validator.php
+++ b/include/class.validator.php
@@ -133,7 +133,7 @@ class Validator {
    
     /*** Functions below can be called directly without class instance. Validator::func(var..); ***/
     function is_email($email) {
-        return (preg_match('/^([*+!.&#$|\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})$/i',trim(stripslashes($email))));
+        return preg_match('/^([*+!.&#$|\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})$/i',$email);
     }
     function is_phone($phone) {
         /* We're not really validating the phone number but just making sure it doesn't contain illegal chars and of acceptable len */
-- 
GitLab