php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #44170 mail() function arguments ambiguity
Submitted: 2008-02-19 14:39 UTC Modified: 2011-02-21 20:49 UTC
From: marijn at monomelodies dot nl Assigned:
Status: Open Package: Mail related
PHP Version: 5.2.6 OS: *
Private report: No CVE-ID: None
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
7 + 17 = ?
Subscribe to this entry?

 
 [2008-02-19 14:39 UTC] marijn at monomelodies dot nl
Description:
------------
The docs for the mail() function state the first parameter ($to) as being obligatory. They also state that "the formatting of this string must comply with ? RFC 2822".
This would lead me to expect that passing a string not containing a valid address would cause a warning or at least a notice. This isn't so.
While technically I'm fairly sure this is correct behaviour (AFAICT RFC 2822 states that either To, Cc or Bcc should be included, so leaving *out* To shouldn't be a problem and in fact isn't, and non-email addresses are also supported) the docs suggest that under PHP it is in fact illegal.
I would expect that passing NULL or an empty string would result in the entire To: field being omitted in the headers (it's now in fact empty, which doesn't seem to conform to RFC 2822 which says that if you *do* include any such header it should contain a comma-separated list of at *least* 1 address). Whether or not a notice should follow something that doesn't appear to be an emailaddress is a matter for debate - I'd personally leave regexing to the users of the function, but then the manual isn't correct.

So, actually it's something of a bug/feature in the mail() function as well I believe, and passing NULL as the first parameter should cause the To-header to be omitted.
But since including a To-header seems like good form mostly the docs are, I feel, somewhat incomplete in this respect.

Reproduce code:
---------------
<?php

mail(
        NULL,
        'test',
        NULL,
        <<<EOT
Bcc: marijn@monomelodies.nl

test

EOT
);

Expected result:
----------------
Depending on how you feel about $to being obligatory, either a better-formed email being sent, or a notice or even warning thrown by PHP.

Actual result:
--------------
[...snip...]
To:           <-- violates RFC 2822
Subject: test

test

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 20:49 UTC] jani@php.net
-Package: Feature/Change Request +Package: Mail related -Operating System: irrelevant +Operating System: *
 [2011-03-17 18:07 UTC] anrdaemon at freemail dot ru
IMO, the mail() "to" parameter should represent mail envelope RCPT-TO value, not the mail "To" header. And should never be substituted into header "To:" field if it not defined by user.
Else it defeats the use of mail() function, when you are writing, i.e., a mailing list handler.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC