Anonymous user follow-ups by email appear blank

[hgpit]

Code of Conduct

• I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• I have searched the existing issues

Version

10.0.17

Bug description

When an anonymous user replies to their own ticket via email (follow-up), the follow-up entry appears in GLPI, under their original ticket, but has no details, including the actual content/body of the email or sender.

Relevant log output

None relevant

Page URL

No response

Steps To reproduce

1. Go to Setup... General... Assistance.
2. Enable Allow anonymous ticket creation (helpdesk.receiver).
3. Enable Allow anonymous followups (receiver).
4. Send email to [email protected] (change accordingly) from a public email account (ie: user account not already existing in GLPI)
5. Once the ticket has been created and the email user has received the initial helpdesk ticket creation confirmation email, reply to the email with your follow-up message from your email client.
6. Wait for follow-up by email to arrive in GLPI and see results: broken follow-up entry.

Your GLPI setup information

Information about system installation and configuration

GLPI 10.0.17 ( => /var/www/helpdesk.hayley-group.local)
Installation mode: TARBALL
Current language:en_GB

Server

 

Operating system: Linux g000077 4.18.0-553.30.1.el8_10.x86_64 #​1 SMP Tue Nov 26 18:56:25 UTC 2024 x86_64

PHP 8.3.14 fpm-fcgi (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apcu, bz2, calendar, cgi-fcgi, ctype, curl,

date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd,

openssl, pcre, pdo_mysql, pdo_sqlite, posix, random, session, shmop, snmp, sockets, sodium, sqlite3, standard, sysvmsg, sysvsem,

sysvshm, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)

Setup: max_execution_time="-1" memory_limit="2G" post_max_size="50M" safe_mode="" session.save_handler="files"

upload_max_filesize="25M" disable_functions=""

Software: Apache ()

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Server Software: MariaDB Server

Server Version: 10.6.12-MariaDB-log

Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Parameters: [email protected]/glpi_it

Host info: it-db-server-2.hayley-group.local via TCP/IP

PHP version (8.3.14) is supported.

Sessions configuration is OK.

Allocated memory is sufficient.

mysqli extension is installed.

Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.

curl extension is installed.

gd extension is installed.

intl extension is installed.

zlib extension is installed.

The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.

Database engine version (10.6.12) is supported.

No files from previous GLPI version detected.

The log file has been created successfully.

Write access to /var/www/helpdesk.hayley-group.local/files/_cache has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_cron has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_dumps has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_graphs has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_lock has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_pictures has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_plugins has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_rss has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_sessions has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_tmp has been validated.

Write access to /var/www/helpdesk.hayley-group.local/files/_uploads has been validated.

For security reasons, SELinux mode should be Enforcing.
Web server root directory configuration seems safe.

Sessions configuration is secured.

OS and PHP are relying on 64 bits integers.

exif extension is installed.

ldap extension is installed.

openssl extension is installed.

Following extensions are installed: bz2, Phar, zip.

Zend OPcache extension is installed.

Following extensions are installed: ctype, iconv, mbstring, sodium.

Write access to /var/www/helpdesk.hayley-group.local/marketplace has been validated.

Timezones seems loaded in database.

GLPI constants

 

GLPI_ROOT: "/var/www/helpdesk.hayley-group.local"

GLPI_CONFIG_DIR: "/var/www/helpdesk.hayley-group.local/config"

GLPI_VAR_DIR: "/var/www/helpdesk.hayley-group.local/files"

GLPI_MARKETPLACE_DIR: "/var/www/helpdesk.hayley-group.local/marketplace"

GLPI_USE_CSRF_CHECK: "1"

GLPI_CSRF_EXPIRES: "7200"

GLPI_CSRF_MAX_TOKENS: "100"

GLPI_USE_IDOR_CHECK: "1"

GLPI_IDOR_EXPIRES: "7200"

GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false

GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\/\/[^@:]+(\/.*)?$/"]

GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org"

GLPI_INSTALL_MODE: "TARBALL"

GLPI_NETWORK_MAIL: "[email protected]"

GLPI_NETWORK_SERVICES: "https://services.glpi-network.com"

GLPI_MARKETPLACE_ALLOW_OVERRIDE: true

GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true

GLPI_USER_AGENT_EXTRA_COMMENTS: ""

GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1"

GLPI_AJAX_DASHBOARD: "1"

GLPI_CALDAV_IMPORT_STATE: 0

GLPI_DEMO_MODE: "0"

GLPI_CENTRAL_WARNINGS: "1"

GLPI_TEXT_MAXSIZE: "4000"

GLPI_DOC_DIR: "/var/www/helpdesk.hayley-group.local/files"

GLPI_CACHE_DIR: "/var/www/helpdesk.hayley-group.local/files/_cache"

GLPI_CRON_DIR: "/var/www/helpdesk.hayley-group.local/files/_cron"

GLPI_DUMP_DIR: "/var/www/helpdesk.hayley-group.local/files/_dumps"

GLPI_GRAPH_DIR: "/var/www/helpdesk.hayley-group.local/files/_graphs"

GLPI_LOCAL_I18N_DIR: "/var/www/helpdesk.hayley-group.local/files/_locales"

GLPI_LOCK_DIR: "/var/www/helpdesk.hayley-group.local/files/_lock"

GLPI_LOG_DIR: "/var/www/helpdesk.hayley-group.local/files/_log"

GLPI_PICTURE_DIR: "/var/www/helpdesk.hayley-group.local/files/_pictures"

GLPI_PLUGIN_DOC_DIR: "/var/www/helpdesk.hayley-group.local/files/_plugins"

GLPI_RSS_DIR: "/var/www/helpdesk.hayley-group.local/files/_rss"

GLPI_SESSION_DIR: "/var/www/helpdesk.hayley-group.local/files/_sessions"

GLPI_TMP_DIR: "/var/www/helpdesk.hayley-group.local/files/_tmp"

GLPI_UPLOAD_DIR: "/var/www/helpdesk.hayley-group.local/files/_uploads"

GLPI_INVENTORY_DIR: "/var/www/helpdesk.hayley-group.local/files/_inventories"

GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/"

GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/"

GLPI_I18N_DIR: "/var/www/helpdesk.hayley-group.local/locales"

GLPI_VERSION: "10.0.17"

GLPI_SCHEMA_VERSION: "10.0.17@bde16719fbd4112f59a9a7d34c66c959bce73434"

GLPI_MARKETPLACE_PRERELEASES: false

GLPI_MIN_PHP: "7.4.0"

GLPI_MAX_PHP: "8.4.0"

GLPI_YEAR: "2024"

Libraries

 

htmlawed/htmlawed version 1.2.14 in (/var/www/helpdesk.hayley-group.local/vendor/htmlawed/htmlawed)

phpmailer/phpmailer version 6.8.0 in (/var/www/helpdesk.hayley-group.local/vendor/phpmailer/phpmailer/src)

simplepie/simplepie version 1.5.8 in (/var/www/helpdesk.hayley-group.local/vendor/simplepie/simplepie/library)

tecnickcom/tcpdf version 6.7.5 in (/var/www/helpdesk.hayley-group.local/vendor/tecnickcom/tcpdf)

michelf/php-markdown in (/var/www/helpdesk.hayley-group.local/vendor/michelf/php-markdown/Michelf)

true/punycode in (/var/www/helpdesk.hayley-group.local/vendor/true/punycode/src)

iamcal/lib_autolink in (/var/www/helpdesk.hayley-group.local/vendor/iamcal/lib_autolink)

sabre/dav in (/var/www/helpdesk.hayley-group.local/vendor/sabre/dav/lib/DAV)

sabre/http in (/var/www/helpdesk.hayley-group.local/vendor/sabre/http/lib)

sabre/uri in (/var/www/helpdesk.hayley-group.local/vendor/sabre/uri/lib)

sabre/vobject in (/var/www/helpdesk.hayley-group.local/vendor/sabre/vobject/lib)

laminas/laminas-i18n in (/var/www/helpdesk.hayley-group.local/vendor/laminas/laminas-i18n/src)

laminas/laminas-servicemanager in (/var/www/helpdesk.hayley-group.local/vendor/laminas/laminas-servicemanager/src)

monolog/monolog in (/var/www/helpdesk.hayley-group.local/vendor/monolog/monolog/src/Monolog)

sebastian/diff in (/var/www/helpdesk.hayley-group.local/vendor/sebastian/diff/src)

donatj/phpuseragentparser in (/var/www/helpdesk.hayley-group.local/vendor/donatj/phpuseragentparser/src/UserAgent)

elvanto/litemoji in (/var/www/helpdesk.hayley-group.local/vendor/elvanto/litemoji/src)

symfony/console in (/var/www/helpdesk.hayley-group.local/vendor/symfony/console)

scssphp/scssphp in (/var/www/helpdesk.hayley-group.local/vendor/scssphp/scssphp/src)

laminas/laminas-mail in (/var/www/helpdesk.hayley-group.local/vendor/laminas/laminas-mail/src/Protocol)

laminas/laminas-mime in (/var/www/helpdesk.hayley-group.local/vendor/laminas/laminas-mime/src)

rlanvin/php-rrule in (/var/www/helpdesk.hayley-group.local/vendor/rlanvin/php-rrule/src)

ramsey/uuid in (/var/www/helpdesk.hayley-group.local/vendor/ramsey/uuid/src)

psr/log in (/var/www/helpdesk.hayley-group.local/vendor/psr/log/Psr/Log)

psr/simple-cache in (/var/www/helpdesk.hayley-group.local/vendor/psr/simple-cache/src)

psr/cache in (/var/www/helpdesk.hayley-group.local/vendor/psr/cache/src)

league/csv in (/var/www/helpdesk.hayley-group.local/vendor/league/csv/src)

mexitek/phpcolors in (/var/www/helpdesk.hayley-group.local/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)

guzzlehttp/guzzle in (/var/www/helpdesk.hayley-group.local/vendor/guzzlehttp/guzzle/src)

guzzlehttp/psr7 in (/var/www/helpdesk.hayley-group.local/vendor/guzzlehttp/psr7/src)

glpi-project/inventory_format in (/var/www/helpdesk.hayley-group.local/vendor/glpi-project/inventory_format/lib/php)

wapmorgan/unified-archive in (/var/www/helpdesk.hayley-group.local/vendor/wapmorgan/unified-archive/src)

paragonie/sodium_compat in (/var/www/helpdesk.hayley-group.local/vendor/paragonie/sodium_compat/src)

symfony/cache in (/var/www/helpdesk.hayley-group.local/vendor/symfony/cache)

html2text/html2text in (/var/www/helpdesk.hayley-group.local/vendor/html2text/html2text/src)

symfony/css-selector in (/var/www/helpdesk.hayley-group.local/vendor/symfony/css-selector)

symfony/dom-crawler in (/var/www/helpdesk.hayley-group.local/vendor/symfony/dom-crawler)

twig/twig in (/var/www/helpdesk.hayley-group.local/vendor/twig/twig/src)

twig/string-extra in (/var/www/helpdesk.hayley-group.local/vendor/twig/string-extra)

symfony/polyfill-ctype not found

symfony/polyfill-iconv not found

symfony/polyfill-mbstring not found

symfony/polyfill-php80 not found

symfony/polyfill-php81 not found

symfony/polyfill-php82 in (/var/www/helpdesk.hayley-group.local/vendor/symfony/polyfill-php82)

league/oauth2-client in (/var/www/helpdesk.hayley-group.local/vendor/league/oauth2-client/src/Provider)

league/oauth2-google in (/var/www/helpdesk.hayley-group.local/vendor/league/oauth2-google/src/Provider)

thenetworg/oauth2-azure in (/var/www/helpdesk.hayley-group.local/vendor/thenetworg/oauth2-azure/src/Provider)

phpCas version 1.6.1 in (/usr/share/pear)

LDAP directories

 

Server: 'ldap.hayley-group.local', Port: '389', BaseDN: 'DC=hayley-group,DC=local', Connection filter:

'(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 'CN=LDAP

User,CN=Users,DC=hayley-group,DC=local', Use TLS: none

SQL replicas

 

Not active

Notifications

 

Way of sending emails: SMTP ([email protected])

Plugins list

 

accounts             Name: Accounts                       Version: 3.0.4      State: Enabled

Install Method: Marketplace

fields               Name: Additional fields              Version: 1.21.15    State: Enabled

Install Method: Marketplace

behaviors            Name: Behaviours                     Version: 2.7.3      State: Installed / not activated

Install Method: Marketplace

formcreator          Name: Form Creator                   Version: 2.13.9     State: Enabled

Install Method: Marketplace

glpiinventory        Name: GLPI Inventory                 Version: 1.4.0      State: Enabled

Install Method: Marketplace

mreporting           Name: More Reporting                 Version: 1.8.6      State: Enabled

Install Method: Marketplace

oauthimap            Name: Oauth IMAP                     Version: 1.4.3      State: Enabled

Install Method: Marketplace

genericobject        Name: Objects management             Version: 2.14.10    State: Enabled

Install Method: Marketplace

order                Name: Orders management              Version: 2.10.6     State: Installed / not activated

Install Method: Marketplace

printercounters      Name: Printer counters               Version: 2.0.1      State: Installed / not activated

Install Method: Marketplace

vip                  Name: VIP                            Version: 1.8.3      State: Installed / not activated

Install Method: Marketplace

webresources         Name: Web Resources                  Version: 2.0.4      State: Enabled

Install Method: Marketplace

Anything else?

We have been using GLPI for over 10 years but have only used it for servicing internal users (ie: Active Directory users). We now have a requirement to allow anonymous/public users to email into our GLPI. I followed the steps to enable anonymous users, but something seems fundamentally broken.

It looks like GLPI is failing to create an entry in the user database for the anonymous user when they first email in, which means upon subsequent emails (ie: follow-ups), GLPI breaks when trying to display the follow-up.

We have noticed that if we look at the contents of the follow-up in the GLPI database, we can see the actual message, so it doesn't lose the message, just fails to build the viewable entry in the GUI.

SELECT content FROM glpi_itilfollowups WHERE itemtype = 'Ticket' AND items_id = 309288

Result:

<head><!-- BaNnErBlUrFlE-HeAdEr-start -->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<!-- BaNnErBlUrFlE-HeAdEr-end -->
</head><!-- BaNnErBlUrFlE-BoDy-start -->
<!-- Preheader Text : BEGIN -->
<div style="display:none !important;display:none;visibility:hidden;mso-hide:all;font-size:1px;color:#ffffff;line-height:1px;max-height:0px;opacity:0;overflow:hidden;">
**This is test follow-up text.** On Thu, 12 Dec 2024 at 07: 47, IT Service Desk <servicedesk@ hayley-group. co. uk> wrote: 
<br><br>
</div>
</blockquote></div></div>

Any help to fix this would be highly appreciated, as, as it stands, we are unable to effectively service external users via GLPI.

Thank you

Elliot

[hgpit]

I have searched for similar issues, of which there have been some occurrences, but most were apparently fixed in GLPI 10.0.2. Also some solutions pointed to changing our notification templates, but I have tested with two of our own templates, as well as the default GLPI template by inactivating our own and letting it fallback to the root entity (default) notification).

[cedric-anne]

Hi,

Could you please export the email that created that followup into a .eml file and attach it here? It would help us to investigate.

[hgpit]

Sure please see attached :)

Github doesn't allow .eml attachments, so I have just renamed the file extension to .txt

[GLPI #0309288] IT Service Desk - Test Ticket 20 - New Ticket.txt

[hgpit]

I have checked that anonymous users should be being created in our GLPI, and the settings look okay:

[hgpit]

We have found something interesting.

We went through the usual process

1. Send email from anonymous user email to our helpdesk.
2. Email is accepted and ticket created, with notification response sent.
3. User replies via email to the ticket (creating a follow-up).

What we did was reply TWICE. The FIRST time, we typed our follow up above the line saying =-=-=-= To answer by email, write above this line =-=-=-=
The SECOND time we typed our follow up below the line saying ==== To answer by email, write under this line ====

As you can see from the screenshot, it appears that GLPI is failing to correctly grab the content between =-=-=-= To answer by email, write above this line =-=-=-= and ==== To answer by email, write under this line ====, and instead is including content above when evaluating content to hide.

We have looked through GLPI's settings to try to change how this behaviour works, assuming you're using some regex or something? But we can't find it.

[hgpit]

Through further testing, follow-ups appear to be displayed properly if being sent from Microsoft Outlook, whether the response is written above or below the lines.
This is still not workable for us though, as we are unable to dictate to our customer base which email client they use.

[hgpit]

Good morning,

This is looking more and more related to the formatting of emails sent from/via Gmail (although admittedly I have only been able to test it from Outlook and Gmail).

We have found the following:

1. User emails in a new ticket from Gmail.
2. GLPI replies to user with ticket creation confirmation email.
3. User clicks 'forward' on the email, types their update at the top of the email, then clicks 'send'.
4. GLPI successfully collects, processes and displays email as a follow-up.
   

As opposed to it not working when we just 'reply' via Gmail:

1. User emails in a new ticket.
2. GLPI replies to user with ticket creation confirmation email.
3. User clicks 'reply' on the email, types their update at the top of the email, then clicks 'send'.
4. GLPI successfully collects, processes and displays the mail as a follow-up.
   

This seems to imply that using 'forward' in Gmail, stripping out some formatting which trips up GLPI's parsing? At first we suspected it was the blockquote indenting which is visible in a Gmail reply, but is subsequently removed when forwarding, but when we manually removed the blockquote/indent and continued to send as a Reply, GLPI still failed to parse the email correctly, so this is maybe a red herring.

[hgpit]

Attaching the email sent as Reply and email sent as Forward for your consideration (reference to previous comment).

Thanks

Email_sent_as_reply-2024-12-13.txt
Email_sent_as_forward-2024-12-13.txt

[hgpit]

So, the only way we have been able to force GLPI to correctly display the ticket follow-ups which have come in from Gmail (in our case) is to apply the following fix, which we know is very janky and very situational and by no means is going to be the best solution. But it works for now.

We have edited src/MailCollector.php, replacing:

$content = preg_replace(
                    [
                        '/<style[^>]*>.*?<\/style>/s',
                        '/<script[^>]*>.*?<\/script>/s',
                     ],
                    '',
                    $content
                );

with:

               $content = preg_replace(
                    [
                        '/<style[^>]*>.*?<\/style>/s',
                        '/<script[^>]*>.*?<\/script>/s',
                        '/\s?style="display:none\s!important;display:none;visibility:hidden;mso-hide:all;font-size:1px;color:#ffffff;line-height:1px;max-height:0px;opacity:0;overflow:hidden;"/sU',
			'/\bOn\b.*,.*\bat\b.*,.*\bwrote\b:/sU',
                    ],
                    '',
                    $content
                );

This is stopping the content of the follow-up email from being hidden in GLPI's ticket timeline view, and also stripping out the unwanted "On this date and time, someone wrote"...

We are very eager to learn what a more appropriate fix for this could be.

Thank you!