PHP :: Bug #81403 :: mailparse_rfc822_parse_addresses not handling escaped quoted strings properly

Bug #81403	mailparse_rfc822_parse_addresses not handling escaped quoted strings properly
Submitted:	2021-08-31 16:36 UTC	Modified:	2021-09-21 15:39 UTC
From:	kcochran at trolans dot net	Assigned:
Status:	Verified	Package:	mailparse (PECL)
PHP Version:	7.4.23	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	kcochran at trolans dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2021-08-31 16:36 UTC] kcochran at trolans dot net

Description:
------------
Mailparse 3.1.1

Appears embedded quoted strings simply lose their "s when processed by mailparse_rfc822_parse_addresses.


Test script:
---------------
<?php

var_dump(mailparse_rfc822_parse_addresses('"Smith, Robert \"Bob\"" <user@domain.org>'));

Expected result:
----------------
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \ Bob\ "
    'address' =>
    string(15) "user@domain.org"
    'is_group' =>
    bool(false)
  }
}

Actual result:
--------------
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \"Bob\""
    'address' =>
    string(15) "user@domain.org"
    'is_group' =>
    bool(false)
  }
}

The display string without escaping could also make sense.

Patches

Add a Patch

Pull Requests

Pull requests:

Fix #81403: mailparse_rfc822_parse_addresses drops escaped quotes (pecl-mail-mailparse/13)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-08-31 21:04 UTC] kcochran at trolans dot net

The expected and actual outputs are invereted.

[2021-08-31 21:05 UTC] kcochran at trolans dot net

The expected and actual output values in the ticket are inverted,

[2021-09-01 20:08 UTC] cmb@php.net

-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb

[2021-09-01 20:08 UTC] cmb@php.net

Yes, this behavior is definetely wrong; I think it should be

    'display' =>
    string(19) "Smith, Robert "Bob""

[2021-09-02 10:52 UTC] cmb@php.net

The following pull request has been associated:

Patch Name: Fix #81403: mailparse_rfc822_parse_addresses drops escaped quotes
On GitHub:  https://github.com/php/pecl-mail-mailparse/pull/13
Patch:      https://github.com/php/pecl-mail-mailparse/pull/13.patch

[2021-09-02 17:49 UTC] kcochran at trolans dot net

string(19) "Smith, Robert "Bob""

would be fine.  The definition of the 'display' attribute isn't clear as to in which context, so a normal string is likely expected, and a good baseline, suitable for further action, and most contexts can probably use it directly.  If it gets fed back into a header, the user should be checking for needed escapes already.

For some reason I was thinking var_dump() would escape embedded quotes too.

[2021-09-21 15:39 UTC] cmb@php.net

-Assigned To: cmb +Assigned To:

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Sat Jun 03 16:03:34 2023 UTC