From: u235e at hotmail dot com
Operating system: *
PHP version: 5.2.10
PHP Bug Type: mbstring related
Bug description: Incorrect encoding in structured header field bodies
Description:
------------
Function: mb_encode_mimeheader
When trying to construct a structured header field like From or To, only
_words_ within phrases or ctext in comments may be encoded, especially not
within "quoted strings" as of RFC 2047 section 5.
This function does not take that into account, even worse it may make the
field invalid as it greedily encodes everything after the first encountered
WSP delimited text with non ASCII characters.
This function is only useful for unstructured header fields as it is and
thus only for the subject field in most common cases.
Judging from the manual and the given example, I take it that this is not
the only intended use.
The example below would also apply to (comments) not just "quoted
strings". Technically the quotes should probably not be part of the encoded
word ("lexically invisible") where as the () in comments must stay in place
to still recognize the text as a comment.
And as a side note: I dont understand why digits are encoded and spaces
not as underscores in "Q" scheme - renders the point of this scheme
useless?
Reproduce code:
---------------
<?php
mb_internal_encoding('ISO-8859-1');
$name = "Peter \"Der M\xFCller\""; // German - Peter <">Der Müller<">
// valid RFC 2822 display-name
$mbox = "peter.mueller";
$doma = "example.com";
$addr = mb_encode_mimeheader($name, "ISO-8859-1", "Q") . " <" . $mbox .
"@" . $doma . ">";
echo $addr;
?>
Expected result:
----------------
should be:
Peter =?ISO-8859-1?Q?=22Der=20M=FCller=22?= <peter.muel...@example.com>
or very greedy:
=?ISO-8859-1?Q?Peter=20=22Der=20M=FCller=22?= <peter.muel...@example.com>
or maybe even with the quotes stripped:
Peter =?ISO-8859-1?Q?Der=20M=FCller?= <peter.muel...@example.com>
Actual result:
--------------
Peter "Der =?ISO-8859-1?Q?M=FCller=22?= <peter.muel...@example.com>
Which is not a valid RFC 2822 name-addr (display-name) any more!
--
Edit bug report at http://bugs.php.net/?id=49272&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=49272&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=49272&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=49272&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=49272&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=49272&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=49272&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=49272&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=49272&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=49272&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=49272&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=49272&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=49272&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=49272&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=49272&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49272&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=49272&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=49272&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=49272&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=49272&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=49272&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=49272&r=mysqlcfg
