php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51250 iconv_mime_decode() does not ignore malformed Q-encoded words
Submitted: 2010-03-09 20:49 UTC Modified: 2010-12-01 15:04 UTC
From: tomlove at gmail dot com Assigned: iliaa
Status: Closed Package: ICONV related
PHP Version: 5.2.13 OS: Linux / Windows
Private report: No CVE-ID:
 [2010-03-09 20:49 UTC] tomlove at gmail dot com
Description:
------------
When calling iconv_mime_decode() with $mode = ICONV_MIME_DECODE_CONTINUE_ON_ERROR, 
the manual states that "iconv_mime_decode_headers() attempts to ignore any 
grammatical errors and continue to process a given header."

Accordingly, B-encoded encoded-words (as per RFC 2047) are silently ignored.

But when using Q (quoted-printable) encoding, encoded-words with illegal 
characters (> 127) cause iconv_mime_decode() to return false as if 
ICONV_MIME_DECODE_CONTINUE_ON_ERROR was not specified. 

As such it is not resilient towards malformed headers. 

Test script:
---------------
$m = ICONV_MIME_DECODE_CONTINUE_ON_ERROR;

var_dump(iconv_mime_decode("Legal encoded-word: =?utf-8?B?Kg==?= .", $m));
var_dump(iconv_mime_decode("Legal encoded-word: =?utf-8?Q?*?= .", $m));
var_dump(iconv_mime_decode("Illegal encoded-word: =?utf-8?B?".chr(0xA1)."?= .", $m));
var_dump(iconv_mime_decode("Illegal encoded-word: =?utf-8?Q?".chr(0xA1)."?= .", $m));

Expected result:
----------------
string(23) "Legal encoded-word: * ."
string(23) "Legal encoded-word: * ."
string(24) "Illegal encoded-word:  ."
string(24) "Illegal encoded-word:  ."

Actual result:
--------------
string(23) "Legal encoded-word: * ."
string(23) "Legal encoded-word: * ."
string(24) "Illegal encoded-word:  ."
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-19 12:30 UTC] tomlove at gmail dot com
Correction - this sentence: "Accordingly, B-encoded encoded-words (as per RFC 
2047) are silently ignored"  should read  "Accordingly, MALFORMED B-encoded 
encoded-words are silently ignored"
 [2010-12-01 15:04 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa
 [2010-12-01 15:04 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 20:01:57 2014 UTC