#20707 [NEW]: incorrect behavior of mail() with Bcc:

Thu, 28 Nov 2002 15:34:43 -0800 

From:             [EMAIL PROTECTED]
Operating system: win 2000
PHP version:      4.3.0RC2
PHP Bug Type:     Mail related
Bug description:  incorrect behavior of mail() with Bcc:

A bug in the SendText() function in php-4.3.0RC2\win32\sendmail.c module
can cause incorrect sending of messages to addresses in Cc: and Bcc:
fields in the additional headers string.

mail($recipient, $subject, $message, $headers);
Example:
assume $recipient, adr1, adr2 etc represent valid addresses, and XX any
other headers

$headers = "Cc: adr1, adr2\nXX" 
sends messages for recipient, adr1 and adr2, ie. OK
$headers = "Bcc: adr1, adr2\nXX" 
sends messages for recipient, and two copies for both adr1 and adr2.
$headers = "Cc: adr1\nBcc: adr2\nXX" 
sends messages for recipient, adr1 and two copies for adr2.
$headers = "BCc: adr1\nCc: adr2\nXX" 
sends messages for recipient, two copies for adr1 and none for adr2.

The cause is in the SendText() parsing headers string for cc and bcc
fields (from line 418 on). The code:
        if (headers && (pos1 = strstr(headers_lc, "cc:"))) {
recognize cc: substring in the bcc: resulting in duplicating messages for
bcc: addresses

more robust code could look like:
char *pos;
if (headers) {
    pos=headers_lc;
    while ((pos=strstr(pos,"cc:"))) {
        if((pos>headers_lc)&&(*(pos-1)=='b')) {
            pos+=3;   //bcc: found, skip it now
        } else {
            pos+=3;
            pos1=headers+(pos-headers_lc);
            ... the rest of the routine lines 423 to 444
        }
    } // in case of more cc lines or bcc prior to cc
}
... lines 447 to 471
// similar loop for bcc ie.
    pos=headers_lc;
    while ((pos=strstr(pos,"bcc:"))) {
        pos +=4;
        pos1=headers+(pos-headers_lc);
        ... the rest of the routine lines 477 to 519 with respective
modifications to generating the stripped_header string.

zbynek




-- 
Edit bug report at http://bugs.php.net/?id=20707&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=20707&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=20707&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=20707&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=20707&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=20707&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=20707&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=20707&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=20707&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=20707&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=20707&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20707&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=20707&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=20707&r=isapi

Reply via email to