php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81403 mailparse_rfc822_parse_addresses not handling escaped quoted strings properly
Submitted: 2021-08-31 16:36 UTC Modified: 2021-09-21 15:39 UTC
From: kcochran at trolans dot net Assigned:
Status: Closed Package: mailparse (PECL)
PHP Version: 7.4.23 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kcochran at trolans dot net
New email:
PHP Version: OS:

 

 [2021-08-31 16:36 UTC] kcochran at trolans dot net 
Description:
------------
Mailparse 3.1.1

Appears embedded quoted strings simply lose their "s when processed by mailparse_rfc822_parse_addresses.


Test script:
---------------
<?php

var_dump(mailparse_rfc822_parse_addresses('"Smith, Robert \"Bob\"" <user@domain.org>'));

Expected result:
----------------
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \ Bob\ "
    'address' =>
    string(15) "user@domain.org"
    'is_group' =>
    bool(false)
  }
}

Actual result:
--------------
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \"Bob\""
    'address' =>
    string(15) "user@domain.org"
    'is_group' =>
    bool(false)
  }
}

The display string without escaping could also make sense.

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-31 21:04 UTC] kcochran at trolans dot net 
The expected and actual outputs are invereted.
 [2021-08-31 21:05 UTC] kcochran at trolans dot net 
The expected and actual output values in the ticket are inverted,
 [2021-09-01 20:08 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-09-01 20:08 UTC] cmb@php.net 
Yes, this behavior is definetely wrong; I think it should be

    'display' =>
    string(19) "Smith, Robert "Bob""
 [2021-09-02 10:52 UTC] cmb@php.net 
The following pull request has been associated:

Patch Name: Fix #81403: mailparse_rfc822_parse_addresses drops escaped quotes
On GitHub:  https://github.com/php/pecl-mail-mailparse/pull/13
Patch:      https://github.com/php/pecl-mail-mailparse/pull/13.patch
 [2021-09-02 17:49 UTC] kcochran at trolans dot net 
string(19) "Smith, Robert "Bob""

would be fine.  The definition of the 'display' attribute isn't clear as to in which context, so a normal string is likely expected, and a good baseline, suitable for further action, and most contexts can probably use it directly.  If it gets fed back into a header, the user should be checking for needed escapes already.

For some reason I was thinking var_dump() would escape embedded quotes too.
 [2021-09-21 15:39 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 [2023-07-25 08:22 UTC] git@php.net 
Automatic comment on behalf of cmb69 (author) and remicollet (committer)
Revision: https://github.com/php/pecl-mail-mailparse/commit/c97ee56e25253116bdf37cf7467790081fb01617
Log: Fix #81403: mailparse_rfc822_parse_addresses drops escaped quotes
 [2023-07-25 08:22 UTC] git@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Mar 11 00:01:29 2025 UTC