|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81403 mailparse_rfc822_parse_addresses not handling escaped quoted strings properly
Submitted: 2021-08-31 16:36 UTC Modified: 2021-09-21 15:39 UTC
From: kcochran at trolans dot net Assigned:
Status: Verified Package: mailparse (PECL)
PHP Version: 7.4.23 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: kcochran at trolans dot net
New email:
PHP Version: OS:


 [2021-08-31 16:36 UTC] kcochran at trolans dot net
Mailparse 3.1.1

Appears embedded quoted strings simply lose their "s when processed by mailparse_rfc822_parse_addresses.

Test script:

var_dump(mailparse_rfc822_parse_addresses('"Smith, Robert \"Bob\"" <>'));

Expected result:
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \ Bob\ "
    'address' =>
    string(15) ""
    'is_group' =>

Actual result:
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \"Bob\""
    'address' =>
    string(15) ""
    'is_group' =>

The display string without escaping could also make sense.


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-31 21:04 UTC] kcochran at trolans dot net
The expected and actual outputs are invereted.
 [2021-08-31 21:05 UTC] kcochran at trolans dot net
The expected and actual output values in the ticket are inverted,
 [2021-09-01 20:08 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-09-01 20:08 UTC]
Yes, this behavior is definetely wrong; I think it should be

    'display' =>
    string(19) "Smith, Robert "Bob""
 [2021-09-02 10:52 UTC]
The following pull request has been associated:

Patch Name: Fix #81403: mailparse_rfc822_parse_addresses drops escaped quotes
On GitHub:
 [2021-09-02 17:49 UTC] kcochran at trolans dot net
string(19) "Smith, Robert "Bob""

would be fine.  The definition of the 'display' attribute isn't clear as to in which context, so a normal string is likely expected, and a good baseline, suitable for further action, and most contexts can probably use it directly.  If it gets fed back into a header, the user should be checking for needed escapes already.

For some reason I was thinking var_dump() would escape embedded quotes too.
 [2021-09-21 15:39 UTC]
-Assigned To: cmb +Assigned To:
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Jun 03 16:03:34 2023 UTC