summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-05-10 09:35:24 +0200
committerAleksander Machniak <alec@alec.pl>2013-05-10 09:35:24 +0200
commitfd0fd3b0a0c82a1a5cce4dc775886154e9bf9e14 (patch)
tree80bd63bba4a25c7f387f0594ee07615dbbc089f9
parent621a2e7f1c6ea22c6fa8804f6ef3f3a876acf296 (diff)
Fix handling of invalid email addresses in headers (#1489092)
-rw-r--r--CHANGELOG1
-rw-r--r--program/lib/Roundcube/rcube_mime.php5
-rw-r--r--program/steps/mail/func.inc7
-rw-r--r--tests/Framework/Mime.php4
4 files changed, 14 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 43935159f..9a4fa70e6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix handling of invalid email addresses in headers (#1489092)
- Added attachment_reminder plugin
- Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090)
- Fix various PHP code bugs found using static analysis (#1489086)
diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index 63549fbec..596828814 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -361,6 +361,11 @@ class rcube_mime
$address = $m[1];
$name = '';
}
+ // special case (#1489092)
+ else if (preg_match('/(\s*<MAILER-DAEMON>)$/', $val, $m)) {
+ $address = 'MAILER-DAEMON';
+ $name = substr($val, 0, -strlen($m[1]));
+ }
else {
$name = $val;
}
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index f86140eb1..7e763a2d8 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1417,9 +1417,10 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
$name = $part['name'];
$mailto = $part['mailto'];
$string = $part['string'];
+ $valid = check_email($mailto, false);
// phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
- if (!$show_email && $name && $name != $mailto && strpos($name, '@')) {
+ if (!$show_email && $valid && $name && $name != $mailto && strpos($name, '@')) {
$name = '';
}
@@ -1435,7 +1436,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
// for printing we display all addresses
continue;
}
- else if (check_email($part['mailto'], false)) {
+ else if ($valid) {
if ($linked) {
$attrs = array(
'href' => 'mailto:' . $mailto,
@@ -1476,7 +1477,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
if ($name)
$address .= Q($name);
if ($mailto)
- $address .= (strlen($address) ? ' ' : '') . sprintf('&lt;%s&gt;', Q($mailto));
+ $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto));
}
$address = html::span('adr', $address);
diff --git a/tests/Framework/Mime.php b/tests/Framework/Mime.php
index 3035ba062..d9f4163ec 100644
--- a/tests/Framework/Mime.php
+++ b/tests/Framework/Mime.php
@@ -39,6 +39,8 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
19 => 'Test <"test test"@domain.tld>',
20 => '<"test test"@domain.tld>',
21 => '"test test"@domain.tld',
+ // invalid (#1489092)
+ 22 => '"John Doe @ SomeBusinessName" <MAILER-DAEMON>',
);
$results = array(
@@ -64,6 +66,8 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
19 => array(1, 'Test', '"test test"@domain.tld'),
20 => array(1, '', '"test test"@domain.tld'),
21 => array(1, '', '"test test"@domain.tld'),
+ // invalid (#1489092)
+ 22 => array(1, 'John Doe @ SomeBusinessName', 'MAILER-DAEMON'),
);
foreach ($headers as $idx => $header) {