From bde85428d69069637782d9507475df78890f08d0 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 10 May 2013 09:35:24 +0200
Subject: Fix handling of invalid email addresses in headers (#1489092)

Conflicts:

	CHANGELOG
	program/steps/mail/func.inc
---
 CHANGELOG                            | 1 +
 program/lib/Roundcube/rcube_mime.php | 5 +++++
 program/steps/mail/func.inc          | 7 ++++---
 tests/Framework/Mime.php             | 4 ++++
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 65ae904af..8c1c721f1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix handling of invalid email addresses in headers (#1489092)
 - Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090)
 - Fix various PHP code bugs found using static analysis (#1489086)
 - Fix backslash character handling on vCard import (#1489085)
diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index 63549fbec..596828814 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -361,6 +361,11 @@ class rcube_mime
                 $address = $m[1];
                 $name    = '';
             }
+            // special case (#1489092)
+            else if (preg_match('/(\s*<MAILER-DAEMON>)$/', $val, $m)) {
+                $address = 'MAILER-DAEMON';
+                $name    = substr($val, 0, -strlen($m[1]));
+            }
             else {
                 $name = $val;
             }
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 7ef821676..0dae6de57 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1441,9 +1441,10 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
     $name   = $part['name'];
     $mailto = $part['mailto'];
     $string = $part['string'];
+    $valid  = check_email($mailto, false);
 
     // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
-    if ($name && $name != $mailto && strpos($name, '@')) {
+    if ($name && $valid && $name != $mailto && strpos($name, '@')) {
       $name = '';
     }
 
@@ -1459,7 +1460,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
       // for printing we display all addresses
       continue;
     }
-    else if (check_email($part['mailto'], false)) {
+    else if ($valid) {
       if ($linked) {
         $address = html::a(array(
             'href' => 'mailto:'.$mailto,
@@ -1492,7 +1493,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
       if ($name)
         $address .= Q($name);
       if ($mailto)
-        $address .= (strlen($address) ? ' ' : '') . sprintf('&lt;%s&gt;', Q($mailto));
+        $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto));
     }
 
     $address = html::span('adr', $address);
diff --git a/tests/Framework/Mime.php b/tests/Framework/Mime.php
index 3035ba062..d9f4163ec 100644
--- a/tests/Framework/Mime.php
+++ b/tests/Framework/Mime.php
@@ -39,6 +39,8 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
             19 => 'Test <"test test"@domain.tld>',
             20 => '<"test test"@domain.tld>',
             21 => '"test test"@domain.tld',
+            // invalid (#1489092)
+            22 => '"John Doe @ SomeBusinessName" <MAILER-DAEMON>',
         );
 
         $results = array(
@@ -64,6 +66,8 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
             19 => array(1, 'Test', '"test test"@domain.tld'),
             20 => array(1, '', '"test test"@domain.tld'),
             21 => array(1, '', '"test test"@domain.tld'),
+            // invalid (#1489092)
+            22 => array(1, 'John Doe @ SomeBusinessName', 'MAILER-DAEMON'),
         );
 
         foreach ($headers as $idx => $header) {
-- 
cgit v1.2.3