Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Allow tickets to append from unknown sender


I am looking to allow tickets to not require a matching email address to append, and ONLY require the ticket number in the subject.

I have tried removing various snippits of code, and either break the fetcher, or break the system.

I know this is done in class.thread.php, but am unable to figure out what I can remove to remove this requirement.

I believe it's right around here: 

        // Search for ticket by the [#123456] in the subject line
        // This is the last resort -  emails must match to avoid message
        // injection by third-party.
        $subject = $mailinfo['subject'];
        $match = array();
        if ($subject && $mailinfo['email'] && preg_match ("/\[#(.*?)\]/is", $subject, $match) && ($ticket = Ticket::lookupByNumber($match[1]))
                //Lookup the user using the email address
                && ($user = User::lookup(array('emails__address' => $mailinfo['email'])))) {
                //We have a valid ticket and user

            $check1 = $ticket->getUserId();
            $check2 = $user->getId();
            //var_dump($check1); var_dump($check2);
            if ($check1 == $check2 //owner
                    ||  ($c = Collaborator::lookup( // check if collaborator
                            array('userId' => $user->getId(),
                                  'ticketId' => $ticket->getId())))) {

                $mailinfo['userId'] = $user->getId();
                return $ticket->getLastMessage();
        // Search for the message-id token in the body
        if (preg_match('`(?:data-mid="|Ref-Mid: )([^"\s]*)(?:$|")`',
                $mailinfo['message'], $match))
            if ($thread = ThreadEntry::lookupByRefMessageId($match[1],
                return $thread;

        return null;

But still haven't quite gotten it yet.

Any assistance is greatly appreciated!


  • edited July 2015
    don't mean to be a pest, but does anyone know what needs to be disabled to allow tickets to append only on the ticket # verification and not the email verification as well?  This is really impacting us at the moment.
  • That's definitely something I don't know since I am not so deep in the osTicket code. Hopefully someone else knows better.
  • Ok, I've figured out some of this:

    Using the following code in ticket.thread.php, we've been able to get 100% of the replies to append to the ticket no matter what email address they're from, but the ticket "user" stays the same in some cases.  Sometimes, the user_id will change to the emailed in ticket.  I'm trying to figure out why this only happens some of the time, and how to make it happen all of the time - any help is appreciated.

    Thank you!

            if ($subject && $mailinfo['email'] && preg_match ("/\[#(.*?)\]/is", $subject, $match) && ($ticket = Ticket::lookupByNumber($match[1]))) {

            $user = User::lookup(array('emails__address' => $mailinfo['email']));

                $mailinfo['userId'] = !empty($user) ? $user->getId() : $ticket->getUserId();

    $sql ='UPDATE '.TICKET_TABLE.' SET updated = NOW() '
    .', user_id = '.db_input($mailinfo['userId'])
    .' WHERE ticket_id = '.db_input($ticket->getId());

                return $ticket->getLastMessage();


Sign In or Register to comment.