1. Kayako Download customers: we will continue to develop and support Kayako Download beyond July 2017, alongside the new Kayako for existing customers.

    Find out more.

  2. The forum you are viewing relates to Kayako Classic. If you signed up or upgraded to the new Kayako (after the 4th July 2016), the information in this thread may not apply to you. You can visit the forums for the new Kayako here.

Issue with email addresses with apostrophe

Discussion in 'Using Kayako Classic' started by Martin Bremer, Apr 2, 2019.

  1. Martin Bremer

    Martin Bremer New Member

    We are running Kayako classic 4.91.0 and have issues when a user has an email address containing an apostrophe, like John.O'Doe@example.com
    When a ticket arrives via email into Kayako, the ticket is created, but the details of the creator are not correct.
    The Creator's Name becomes John.O'
    The Creator's Email Address becomes doe@example.com

    As a result when we reply to the ticket, it is sent to the wrong address. The workaround is to edit the ticket before our staff answer to that ticket. If we edit the ticket and manually put the proper name and email address in the mentioned fields, then we can properly reply via email to that ticket.

    So it appears to be a bug when creating the ticket, assuming that the apostrophe is not properly escaped and is seen as a string end or something similar.

    Can you confirm this is a bug? If so, is there a fix for it?

    Best regards,
    Martin
     
  2. bear

    bear Kayako Guru

    Which also means the input it not being sanitized, and it's not being handled as a "string" (which would be seen as just characters and not the content), but instead evaluated. Great way to get hacked, that.
    'drop%20table@victim.com
     
  3. Martin Bremer

    Martin Bremer New Member

    Is there nobody from Kayako who can confirm this is a bug after 2 weeks?
     
  4. bear

    bear Kayako Guru

    They probably didn't see this with all the spam that's been flooding the forum.
    It's also something that would normally be handled via support, and not the forum, since there's only been one Kayako staff person here in recent months, and his appearances are few and far between.

    If he does respond, you can wager the reply will contain "that's been addressed in version xxx", which will be within the subscription support and not earlier. Even security issues won't matter, and that's a big one.
     

Share This Page