From fc3dc0505917030d005d478c31bb9ecb6a204b63 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 30 Jul 2013 04:44:31 +0000
Subject: [PATCH] Properly escape text/plain email bodies

If there characters in the plain text body of the email that appear like
HTML tags, for instance

From: <sip:527772432@172.18.0.2>;tag=952422a9dd1ap1a6o1

The <sip...> part would be removed by the Format::striptags() call in
Format::sanitize().
---
 include/class.mailfetch.php | 16 +++++++++-------
 include/class.mailparse.php | 14 +++++++-------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/include/class.mailfetch.php b/include/class.mailfetch.php
index 8b0cfcd7b..79ef5d652 100644
--- a/include/class.mailfetch.php
+++ b/include/class.mailfetch.php
@@ -342,13 +342,15 @@ class MailFetcher {
     function getBody($mid) {
 
         $body ='';
-        if(!($body = $this->getPart($mid,'TEXT/PLAIN', $this->charset))) {
-            if(($body = $this->getPart($mid,'TEXT/HTML', $this->charset))) {
-                //Convert tags of interest before we striptags
-                $body=str_replace("</DIV><DIV>", "\n", $body);
-                $body=str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body);
-                $body=Format::safe_html($body); //Balance html tags & neutralize unsafe tags.
-            }
+        if ($body = $this->getPart($mid,'TEXT/PLAIN', $this->charset))
+            // The Content-Type was text/plain, so escape anything that
+            // looks like HTML
+            $body=Format::htmlchars($body);
+        elseif ($body = $this->getPart($mid,'TEXT/HTML', $this->charset)) {
+            //Convert tags of interest before we striptags
+            $body=str_replace("</DIV><DIV>", "\n", $body);
+            $body=str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body);
+            $body=Format::safe_html($body); //Balance html tags & neutralize unsafe tags.
         }
 
         return $body;
diff --git a/include/class.mailparse.php b/include/class.mailparse.php
index b1f57a6f5..822d3f5ed 100644
--- a/include/class.mailparse.php
+++ b/include/class.mailparse.php
@@ -146,13 +146,13 @@ class Mail_Parse {
     function getBody(){
 
         $body='';
-        if(!($body=$this->getPart($this->struct,'text/plain'))) {
-            if(($body=$this->getPart($this->struct,'text/html'))) {
-                //Cleanup the html.
-                $body=str_replace("</DIV><DIV>", "\n", $body);
-                $body=str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body);
-                $body=Format::safe_html($body); //Balance html tags & neutralize unsafe tags.
-            }
+        if($body=$this->getPart($this->struct,'text/plain'))
+            $body = Format::htmlchars($body);
+        elseif($body=$this->getPart($this->struct,'text/html')) {
+            //Cleanup the html.
+            $body=str_replace("</DIV><DIV>", "\n", $body);
+            $body=str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body);
+            $body=Format::safe_html($body); //Balance html tags & neutralize unsafe tags.
         }
         return $body;
     }
-- 
GitLab