php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41297 bcc line not fully parsed if it contains \r\n
Submitted: 2007-05-05 14:51 UTC Modified: 2007-05-09 22:54 UTC
From: mattyrobuk at googlemail dot com Assigned:
Status: Not a bug Package: Mail related
PHP Version: 5.2.2 OS: All
Private report: No CVE-ID: None
 [2007-05-05 14:51 UTC] mattyrobuk at googlemail dot com
Description:
------------
RFC 822 and RFC2822 demand that the bcc header line is not 
more than 998 characters long but allows for inclusion of 
folding whitespace (\r\n).



Including \r\n in the BCC header causes additional email 
addresses in the BCC header to be ignored by the mail() function.

Reproduce code:
---------------
$to = 'to@domain.com';

$subject = 'Test message';

$body = 'Test message.';

$headers = 'From: Administrator <admin@prescriber.org.uk>' . "\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'bcc: bcc1@domain.com,\r\n bcc2@domain.com' . "\r\n";

Expected result:
----------------
Email should be sent to to@domain.com and BCC'd to 
bcc1@domain.com AND bcc2@domain.com.


Actual result:
--------------
Email is sent to to@domain.com and BCC'd to bcc1@domain.com

bcc2@domain.com never gets the email.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-05 14:55 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

You need to take out the space in front on the Bcc header.
 [2007-05-05 15:14 UTC] derick@php.net
Ilia, that's not how I read the RFC 2822 (http://www.faqs.org/rfcs/rfc2822.html, section 2.2.3):

   "The process of moving from this folded multiple-line representation
   of a header field to its single line representation is called
   "unfolding". Unfolding is accomplished by simply removing any CRLF
   that is immediately followed by WSP.  Each header field should be
   treated in its unfolded form for further syntactic and semantic
   evaluation."

So unless the normal BCC header does not allow a space there, the header as specified is totally valid.

However, I still don't see how this is a bug in PHP, as we simply pass on the headers to the sendmail binary on Unices.
 [2007-05-05 18:37 UTC] mattyrobuk at googlemail dot com
",\r\n " should be a valid inclusion within a BCC header according to 
the RFC standards.

If the BCC string is being passed direct to sendmail by the PHP mail() 
function unchanged then perhaps it is a bug in sendmail on in server 
configuration however this is a consistent issue on several different 
servers so I thought it might be a PHP bug.
 [2007-05-06 14:27 UTC] mattyrobuk at googlemail dot com
I've spent the last 24 hours messing around with the command line 
version of sendmail on my Mac.

If you create a file as follows:
<!-- file start -->
From: <from@domain.com>
To:  <to@domain.com>
bcc: <bcc1@domain.com>,
 <bcc2@domain.com>
Subject: This is a Postfix Sendmail Test

This message is sent with the sendmail front end from the postfix mail 
system
<!-- file end -->

And then send it via sendmail with:

cat filename | /usr/sbin/sendmail -t -bp -v

Both of the BCC recipients get the email, note the line break between 
addresses. I would propose that this means that sendmail is correctly 
coping with line breaks in the bcc header.

This points back to an issue in PHP mail() when passing headers with 
line breaks to the sendmail binary on Unices. This is why I have re-
opened this bug ticket.
 [2007-05-09 22:54 UTC] iliaa@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

I've just checked the code and PHP does not modify the header in anyway 
that would affect parsing of \n. The only header modification that is 
performed is an ASCIIZ check that strips \0 chars.

Aside from that the header is sent as is.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Oct 03 05:05:53 2022 UTC