php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70145 From field incorrectly parsed from headers
Submitted: 2015-07-27 00:43 UTC Modified: 2015-07-27 13:43 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mberchtold at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Mail related
PHP Version: 7.0.0beta2 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mberchtold at gmail dot com
New email:
PHP Version: OS:

 

 [2015-07-27 00:43 UTC] mberchtold at gmail dot com 
Description:
------------
the mail function incorrectly parses the From field from the headers.

For example the when passing the following headers:
$headers = "DKIM-Signature: v=1; a=rsa-sha1; bh=ZOokPFyLIFHFdZq7e/+JaJ+LVDI=; c=relaxed; d=test.com; h=from:to:subject; s=mail;
Date: Mon, 27 Jul 2015 00:24:55 +0000
From: =?UTF-8?Q?test?= <sales@test.com>
To: mb@test.com";

the mail function fails and logs the following warning:
PHP Warning:  mail(): &quot;sendmail_from&quot; not set in php.ini or custom &quot;From:&quot; header missing in test.php on line 1

The problem seems to be that the mail implementation is confused by the extra from in the first header:
 h=from:to:subject; s=mail; 


Test script:
---------------
// reproduces the bug
mail("mb@test.com", "subject", "message1", "DKIM-Signature: v=1; a=rsa-sha1; bh=ZOokPFyLIFHFdZq7e/+JaJ+LVDI=; c=relaxed; d=test.com; h=from:to:subject; s=mail; 
Date: Mon, 27 Jul 2015 00:24:55 +0000
From: =?UTF-8?Q?test?= <sales@test.com>
To: mb@test.com");

// does not reproduce the bug
mail("mb@test.com", "subject", "message1", "DKIM-Signature: v=1; a=rsa-sha1; bh=ZOokPFyLIFHFdZq7e/+JaJ+LVDI=; c=relaxed; d=test.com;
Date: Mon, 27 Jul 2015 00:24:55 +0000
From: =?UTF-8?Q?test?= <sales@test.com>
To: mb@test.com");


Expected result:
----------------
no warning

Actual result:
--------------
PHP Warning:  mail(): &quot;sendmail_from&quot; not set in php.ini or custom &quot;From:&quot; header missing in test.php on line 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-27 00:49 UTC] mberchtold at gmail dot com 
The bug is here:
https://github.com/php/php-src/blob/master/win32/sendmail.c#L245

	} else if (	headers_lc &&
				(pos1 = strstr(headers_lc->val, "from:")) &&
				((pos1 == headers_lc->val) || (*(pos1-1) == '\n'))
	) {
 [2015-07-27 13:02 UTC] cmb@php.net
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: cmb
 [2015-07-27 13:02 UTC] cmb@php.net 
Indeed, the algorithm is too limited. We'd need to loop over
headers_lc looking for additional potetential From header fields.
 [2015-08-19 09:08 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0562ec85df659dc3675ca26bec102b30ab25329d
Log: Fix bug #70145 From field incorrectly parsed from headers
 [2015-08-19 09:08 UTC] ab@php.net
-Status: Analyzed +Status: Closed
 [2015-09-03 18:10 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0562ec85df659dc3675ca26bec102b30ab25329d
Log: Fix bug #70145 From field incorrectly parsed from headers
 [2016-07-20 11:36 UTC] davey@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0562ec85df659dc3675ca26bec102b30ab25329d
Log: Fix bug #70145 From field incorrectly parsed from headers
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC