From: u235e at hotmail dot com Operating system: * PHP version: 5.2.10 PHP Bug Type: mbstring related Bug description: Incorrect encoding in structured header field bodies
Description: ------------ Function: mb_encode_mimeheader When trying to construct a structured header field like From or To, only _words_ within phrases or ctext in comments may be encoded, especially not within "quoted strings" as of RFC 2047 section 5. This function does not take that into account, even worse it may make the field invalid as it greedily encodes everything after the first encountered WSP delimited text with non ASCII characters. This function is only useful for unstructured header fields as it is and thus only for the subject field in most common cases. Judging from the manual and the given example, I take it that this is not the only intended use. The example below would also apply to (comments) not just "quoted strings". Technically the quotes should probably not be part of the encoded word ("lexically invisible") where as the () in comments must stay in place to still recognize the text as a comment. And as a side note: I dont understand why digits are encoded and spaces not as underscores in "Q" scheme - renders the point of this scheme useless? Reproduce code: --------------- <?php mb_internal_encoding('ISO-8859-1'); $name = "Peter \"Der M\xFCller\""; // German - Peter <">Der Müller<"> // valid RFC 2822 display-name $mbox = "peter.mueller"; $doma = "example.com"; $addr = mb_encode_mimeheader($name, "ISO-8859-1", "Q") . " <" . $mbox . "@" . $doma . ">"; echo $addr; ?> Expected result: ---------------- should be: Peter =?ISO-8859-1?Q?=22Der=20M=FCller=22?= <peter.muel...@example.com> or very greedy: =?ISO-8859-1?Q?Peter=20=22Der=20M=FCller=22?= <peter.muel...@example.com> or maybe even with the quotes stripped: Peter =?ISO-8859-1?Q?Der=20M=FCller?= <peter.muel...@example.com> Actual result: -------------- Peter "Der =?ISO-8859-1?Q?M=FCller=22?= <peter.muel...@example.com> Which is not a valid RFC 2822 name-addr (display-name) any more! -- Edit bug report at http://bugs.php.net/?id=49272&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=49272&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=49272&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=49272&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=49272&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=49272&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=49272&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=49272&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=49272&r=needscript Try newer version: http://bugs.php.net/fix.php?id=49272&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=49272&r=support Expected behavior: http://bugs.php.net/fix.php?id=49272&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=49272&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=49272&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=49272&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49272&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=49272&r=dst IIS Stability: http://bugs.php.net/fix.php?id=49272&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=49272&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=49272&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=49272&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=49272&r=mysqlcfg