php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81403 mailparse_rfc822_parse_addresses not handling escaped quoted strings properly
Submitted: 2021-08-31 16:36 UTC Modified: 2021-09-21 15:39 UTC
From: kcochran at trolans dot net Assigned:
Status: Verified Package: mailparse (PECL)
PHP Version: 7.4.23 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
38 + 35 = ?
Subscribe to this entry?

 
 [2021-08-31 16:36 UTC] kcochran at trolans dot net
Description:
------------
Mailparse 3.1.1

Appears embedded quoted strings simply lose their "s when processed by mailparse_rfc822_parse_addresses.


Test script:
---------------
<?php

var_dump(mailparse_rfc822_parse_addresses('"Smith, Robert \"Bob\"" <user@domain.org>'));

Expected result:
----------------
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \ Bob\ "
    'address' =>
    string(15) "user@domain.org"
    'is_group' =>
    bool(false)
  }
}

Actual result:
--------------
array(1) {
  [0] =>
  array(3) {
    'display' =>
    string(21) "Smith, Robert \"Bob\""
    'address' =>
    string(15) "user@domain.org"
    'is_group' =>
    bool(false)
  }
}

The display string without escaping could also make sense.

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-31 21:04 UTC] kcochran at trolans dot net
The expected and actual outputs are invereted.
 [2021-08-31 21:05 UTC] kcochran at trolans dot net
The expected and actual output values in the ticket are inverted,
 [2021-09-01 20:08 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-09-01 20:08 UTC] cmb@php.net
Yes, this behavior is definetely wrong; I think it should be

    'display' =>
    string(19) "Smith, Robert "Bob""
 [2021-09-02 10:52 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #81403: mailparse_rfc822_parse_addresses drops escaped quotes
On GitHub:  https://github.com/php/pecl-mail-mailparse/pull/13
Patch:      https://github.com/php/pecl-mail-mailparse/pull/13.patch
 [2021-09-02 17:49 UTC] kcochran at trolans dot net
string(19) "Smith, Robert "Bob""

would be fine.  The definition of the 'display' attribute isn't clear as to in which context, so a normal string is likely expected, and a good baseline, suitable for further action, and most contexts can probably use it directly.  If it gets fed back into a header, the user should be checking for needed escapes already.

For some reason I was thinking var_dump() would escape embedded quotes too.
 [2021-09-21 15:39 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Nov 27 18:03:14 2021 UTC