Edit report at https://bugs.php.net/bug.php?id=52941&edit=1
ID: 52941
Comment by: sheldon dot chang at hyperlinked dot com
Reported by: lomakin dot d at gmail dot com
Summary: The 'iconv_mime_decode_headers' function is skipping
headers
Status: Closed
Type: Bug
Package: ICONV related
Operating System: Ubuntu Linux
PHP Version: 5.2.14
Assigned To: aharvey
Block user comment: N
Private report: N
New Comment:
This big has become an issue for anyone still on PHP 5.2 and has PCI compliance
concerns. PHP 5.2.x is affected and this fix was not applied to PHP 5.2 even
though it was reported against PHP 5.2.14. It is only fixed in PHP 5.3.4 and
above. I just tried the test script on a PHP 5.2.17 install and it failed.
Previous Comments:
------------------------------------------------------------------------
[2010-09-30 13:05:24] [email protected]
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Well, that ended up being a bit more interesting than I expected. The
new behaviour will be to leave the offending header undecoded if and
only if ICONV_MIME_DECODE_CONTINUE_ON_ERROR is set -- the only other
options are really to swallow the content whole, which seems even worse.
------------------------------------------------------------------------
[2010-09-30 13:04:22] [email protected]
Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&revision=303890
Log: Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
headers).
------------------------------------------------------------------------
[2010-09-30 11:10:09] [email protected]
That's a decidedly odd encoding for the Subject -- neither iconv nor mbstring
support it, which is presumably why the function is bailing.
Realistically, though, iconv_mime_decode_headers() should be doing something
more
useful than silently discarding the remaining results, so I'll have a looksee
if
we can at least raise an error rather than returning an incomplete result.
------------------------------------------------------------------------
[2010-09-28 12:24:58] lomakin dot d at gmail dot com
Description:
------------
The above mentioned function is skipping all headers below "Subject:
=?ks_c_5601-1987?B?UkU6odk=?=". Please see the Test script for details.
Test script:
---------------
<?php
$headers = <<< HEADERS
X-Account-Key: account2
X-Mozilla-Keys:
Received: (qmail 7033 invoked from network); 22 Sep 2010 22:36:58 +0200
Received: from mailu.d-server.nl (77.243.232.197)
by ns250.d-server.nl with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 Sep 2010
22:36:58 +0200
Received-SPF: softfail (ns250.d-server.nl: transitioning SPF record at
spf-d.hotmail.com does not designate 77.243.232.197 as permitted sender)
Received: from blu0-omc1-s18.blu0.hotmail.com ([65.55.116.29])
by mailu.d-server.nl with esmtp (Exim 4.72)
(envelope-from <[email protected]>)
id 1OyW3V-000314-PM
for [email protected]; Wed, 22 Sep 2010 22:36:45 +0200
Received: from BLU143-W18 ([65.55.116.7]) by blu0-omc1-s18.blu0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 22 Sep 2010 13:36:30 -0700
Message-ID: <[email protected]>
Content-Type: multipart/alternative;
boundary="_5faabef1-4b2f-4c37-977f-1cac859be8fc_"
X-Originating-IP: [123.53.127.17]
From: ly le <[email protected]>
To: <[email protected]>
Subject: =?ks_c_5601-1987?B?UkU6odk=?=
Date: Wed, 22 Sep 2010 22:36:30 +0200
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 22 Sep 2010 20:36:30.0206 (UTC)
FILETIME=[D64B09E0:01CB5A95]
X-Freemail-From: hotmail.com
X-OLS-BogusWarn: No x-mailer header
X-Fake-Warning: OK - 1500 points
X-Filter-ID:
EBeX41zdON1/WS6F8A16Scry9n8e9nAlDAG4uEnVrxnWlQQ8DA2EuQjnekIVwEYMERWeKKG4PAQY
Nyavp7c49MEiDeiU27bNK6MWc6r/fu8K/7rMaqpnz9Yd9XZIQkQ8USI3MwKmEUYJf9GJ38D865XI
AbAHneIqHmkglGhfNTnUlDWGeOsBMR8LIBTuWMUK9RODrYcwiXQqz/WrUmIAZCG7X+t1TW39Ja77
LGPpOwBMBGbLubtCpXj0DRd/MR4N8leOuAdtaqgib7p+ZzXcC1Hvcf3fM3mNrQ59Q/Suw447KKcB
dq4z+D8utKo08iPkiypR5tCsk9GA489CmWCks4KyjhDWJzYmRAlJPR/rE/nelaj/seXgynpektoc
ovznGplHcpVCCoX989hgB8R+yKl0dkxDswM/rxLamQaQKQP+RYfqJCPhtNgNFMaRa/ty
X-SpamExperts-Class: unsure;
X-SpamExperts-Score: 0.46817445882
X-SpamExperts-Evidence: 'ole': 0.50; 'crm114': 0.50; 'spambayes.hashed': 0.92;
'direct': 0.50; 'spambayes.global_tokens': 0.51; 'pyzor': 0.50; 'sa': 0.00;
'os': 0.97; 'dnsbl': 0.50; 'sender': 0.50
X-SpamExperts-Thermostat:
X-Antivirus: avast! (VPS 100922-0, 22-09-2010), Inbound message
X-Antivirus-Status: Clean
HEADERS;
$headers = iconv_mime_decode_headers($headers,
ICONV_MIME_DECODE_CONTINUE_ON_ERROR, "ISO-8859-1");
var_dump($headers);
Expected result:
----------------
The function should return an associative array containing all headers which
are present in raw headers representation.
Actual result:
--------------
array
'X-Account-Key' => string 'account2' (length=8)
'X-Mozilla-Keys' => string '' (length=0)
'Received' =>
array
0 => string '(qmail 7033 invoked from network); 22 Sep 2010 22:36:58
+0200' (length=61)
1 => string 'from mailu.d-server.nl (77.243.232.197) by ns250.d-server.nl
with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 Sep 2010 22:36:58 +0200'
(length=129)
2 => string 'from blu0-omc1-s18.blu0.hotmail.com ([65.55.116.29]) by
mailu.d-server.nl with esmtp (Exim 4.72) (envelope-from <[email protected]>)
id 1OyW3V-000314-PM for [email protected]; Wed, 22 Sep 2010 22:36:45 +0200'
(length=210)
3 => string 'from BLU143-W18 ([65.55.116.7]) by
blu0-omc1-s18.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 22
Sep 2010 13:36:30 -0700' (length=136)
'Received-SPF' => string 'softfail (ns250.d-server.nl: transitioning SPF
record at spf-d.hotmail.com does not designate 77.243.232.197 as permitted
sender)' (length=129)
'Message-ID' => string '<[email protected]>'
(length=45)
'Content-Type' => string 'multipart/alternative;
boundary="_5faabef1-4b2f-4c37-977f-1cac859be8fc_"' (length=72)
'X-Originating-IP' => string '[123.53.127.17]' (length=15)
'From' => string 'ly le <[email protected]>' (length=27)
'To' => string '<[email protected]>' (length=31)
'Subject' => string '=?ks_c_5601-1987?B?UkU6odk' (length=26)
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=52941&edit=1
