From: [EMAIL PROTECTED] Operating system: win 2000 PHP version: 4.3.0RC2 PHP Bug Type: Mail related Bug description: incorrect behavior of mail() with Bcc:
A bug in the SendText() function in php-4.3.0RC2\win32\sendmail.c module can cause incorrect sending of messages to addresses in Cc: and Bcc: fields in the additional headers string. mail($recipient, $subject, $message, $headers); Example: assume $recipient, adr1, adr2 etc represent valid addresses, and XX any other headers $headers = "Cc: adr1, adr2\nXX" sends messages for recipient, adr1 and adr2, ie. OK $headers = "Bcc: adr1, adr2\nXX" sends messages for recipient, and two copies for both adr1 and adr2. $headers = "Cc: adr1\nBcc: adr2\nXX" sends messages for recipient, adr1 and two copies for adr2. $headers = "BCc: adr1\nCc: adr2\nXX" sends messages for recipient, two copies for adr1 and none for adr2. The cause is in the SendText() parsing headers string for cc and bcc fields (from line 418 on). The code: if (headers && (pos1 = strstr(headers_lc, "cc:"))) { recognize cc: substring in the bcc: resulting in duplicating messages for bcc: addresses more robust code could look like: char *pos; if (headers) { pos=headers_lc; while ((pos=strstr(pos,"cc:"))) { if((pos>headers_lc)&&(*(pos-1)=='b')) { pos+=3; //bcc: found, skip it now } else { pos+=3; pos1=headers+(pos-headers_lc); ... the rest of the routine lines 423 to 444 } } // in case of more cc lines or bcc prior to cc } ... lines 447 to 471 // similar loop for bcc ie. pos=headers_lc; while ((pos=strstr(pos,"bcc:"))) { pos +=4; pos1=headers+(pos-headers_lc); ... the rest of the routine lines 477 to 519 with respective modifications to generating the stripped_header string. zbynek -- Edit bug report at http://bugs.php.net/?id=20707&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=20707&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=20707&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=20707&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=20707&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=20707&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=20707&r=support Expected behavior: http://bugs.php.net/fix.php?id=20707&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=20707&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=20707&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=20707&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20707&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=20707&r=dst IIS Stability: http://bugs.php.net/fix.php?id=20707&r=isapi