Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10446

Unencoded 8bit characters in email headers

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.9
    • Fix Version/s: 3.0.10-RC1
    • Component/s: Other
    • Labels:
      None

      Description

      phpBB will add the username to the X-AntiAbuse header when creating an e-mail. However there is no checking on the username allowing 8bit characters in the header. This will cause INVALID HEADER: INVALID 8-BIT CHARACTERS IN HEADER SECTION errors.
      http://www.w3.org/Mail/unencoded-8bits.html

        Issue Links

          Activity

          Hide
          bantu Andreas Fischer added a comment -

          Calling utf8_clean_string() on the username should probably fix this.

          Show
          bantu Andreas Fischer added a comment - Calling utf8_clean_string() on the username should probably fix this.
          Hide
          bantu Andreas Fischer added a comment -

          Nope, that won't work.

          Show
          bantu Andreas Fischer added a comment - Nope, that won't work.
          Hide
          nickvergessen Joas Schilling added a comment -

          reason?

          Show
          nickvergessen Joas Schilling added a comment - reason?
          Hide
          bantu Andreas Fischer added a comment -

          It does not return an ASCII-only string.

          Show
          bantu Andreas Fischer added a comment - It does not return an ASCII-only string.
          Hide
          rxu Ruslan Uzdenov added a comment - - edited

          [2011-11-20 00:01:39] <nn-> does php encode subject for us?
          [2011-11-20 00:02:29] <nn-> function mail_encode
          [2011-11-20 00:02:32] <nn-> we have it already
          [2011-11-20 00:03:32] <nn-> i can write a patch for this

          And the patch (unfinished, tests required): https://github.com/p/phpbb3/compare/ticket%2F10446

          Show
          rxu Ruslan Uzdenov added a comment - - edited [2011-11-20 00:01:39] <nn-> does php encode subject for us? [2011-11-20 00:02:29] <nn-> function mail_encode [2011-11-20 00:02:32] <nn-> we have it already [2011-11-20 00:03:32] <nn-> i can write a patch for this And the patch (unfinished, tests required): https://github.com/p/phpbb3/compare/ticket%2F10446
          Hide
          Oleg Oleg [X] (Inactive) added a comment -

          https://github.com/p/phpbb3/compare/ticket%2F10446

          Useless $header parameter needs to be killed and we need tests for proper handling of spaces by mail_encode.

          (04:39:42) nx-_: you can encode a piece of text with spaces, which requires encoding spaces
          (04:39:58) nx-_: alternatively you can split text into words and encode each word individually

          Show
          Oleg Oleg [X] (Inactive) added a comment - https://github.com/p/phpbb3/compare/ticket%2F10446 Useless $header parameter needs to be killed and we need tests for proper handling of spaces by mail_encode. (04:39:42) nx-_: you can encode a piece of text with spaces, which requires encoding spaces (04:39:58) nx-_: alternatively you can split text into words and encode each word individually
          Hide
          bantu Andreas Fischer added a comment -

          I am pretty sure we use mail_encode() on Subject, so spaces should be properly encoded.
          But sure, tests are always good. Create a new ticket for 3.0.11-RC1?

          Show
          bantu Andreas Fischer added a comment - I am pretty sure we use mail_encode() on Subject, so spaces should be properly encoded. But sure, tests are always good. Create a new ticket for 3.0.11-RC1?

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              Erik Frèrejean Erik Frèrejean
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development