From d429b5d72992d382f7d419e2dbc7ae44de5e8f1a Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 2 Mar 2015 13:57:51 -0600
Subject: [PATCH] oops: Fix incorrect matching of messages to threads

---
 include/class.thread.php | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/include/class.thread.php b/include/class.thread.php
index 587e01349..72f0d9a19 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -961,6 +961,8 @@ class ThreadEntry extends VerySimpleModel {
      * *DEPRECATED* use Mailer::decodeMessageId() instead
      */
     function lookupByRefMessageId($mid, $from) {
+        global $ost;
+
         $mid = trim($mid, '<>');
         list($ver, $ids, $mails) = explode('$', $mid, 3);
 
@@ -972,11 +974,26 @@ class ThreadEntry extends VerySimpleModel {
         if (!$ids || !$ids['thread'])
             return false;
 
-        $thread = ThreadEntry::lookup($ids['thread']);
-        if (!$thread)
+        $entry = ThreadEntry::lookup($ids['thread']);
+        if (!$entry)
             return false;
 
-        return $thread;
+        // Compute the value to be compared from $mails (which used to be in
+        // ThreadEntry::asMessageId()
+        $domain = md5($ost->getConfig()->getURL());
+        $ticket = $entry->getThread()->getObject();
+        if (!$ticket instanceof Ticket)
+            return false;
+
+        $check = sprintf('%s@%s',
+            substr(md5($to . $ticket->getNumber() . $ticket->getId()), -10),
+            substr($domain, -10)
+        );
+
+        if ($check != $mails)
+            return false;
+
+        return $entry;
     }
 
     //new entry ... we're trusting the caller to check validity of the data.
-- 
GitLab