Merge pull request #2504 from splitbrain/issue1569

Auth/Mailer: properly handle usernames including a comma
dokuwiki · May 19, 2019 · 8902b37 · 8902b37
2 parents cbdd2bc + 743792d
commit 8902b37
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 2 deletions.
diff --git a/_test/tests/inc/mailer.test.php b/_test/tests/inc/mailer.test.php
@@ -22,6 +22,9 @@ public function cleanHeaders() {
 
 }
 
+/**
+ * @group mailer_class
+ */
 class mailer_test extends DokuWikiTest {
 
 
@@ -94,11 +97,21 @@ function test_addresses(){
         $headers = $mail->prop('headers');
         $this->assertEquals('Andreas Gohr <andi@splitbrain.org>', $headers['To']);
 
+        $mail->to('"Andreas Gohr" <andi@splitbrain.org>');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('"Andreas Gohr" <andi@splitbrain.org>', $headers['To']);
+
         $mail->to('Andreas Gohr <andi@splitbrain.org> , foo <foo@example.com>');
         $mail->cleanHeaders();
         $headers = $mail->prop('headers');
         $this->assertEquals('Andreas Gohr <andi@splitbrain.org>, foo <foo@example.com>', $headers['To']);
 
+        $mail->to('"Foo, Dr." <foo@example.com> , foo <foo@example.com>');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('=?UTF-8?B?IkZvbywgRHIuIg==?= <foo@example.com>, foo <foo@example.com>', $headers['To']);
+
         $mail->to('Möp <moep@example.com> , foo <foo@example.com>');
         $mail->cleanHeaders();
         $headers = $mail->prop('headers');
@@ -334,5 +347,15 @@ function test_htmlmailsignaturecustom() {
         $this->assertRegexp('/' . preg_quote($expected_mail_body, '/') . '/', $dump);
 
     }
+
+    function test_getCleanName() {
+        $mail = new TestMailer();
+        $name = $mail->getCleanName('Foo Bar');
+        $this->assertEquals('Foo Bar', $name);
+        $name = $mail->getCleanName('Foo, Bar');
+        $this->assertEquals('"Foo, Bar"', $name);
+        $name = $mail->getCleanName('Foo" Bar');
+        $this->assertEquals('"Foo\" Bar"', $name);
+    }
 }
 //Setup VIM: ex: et ts=4 :
diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php
@@ -321,22 +321,51 @@ public function subject($subject) {
         $this->headers['Subject'] = $subject;
     }
 
+    /**
+     * Return a clean name which can be safely used in mail address
+     * fields. That means the name will be enclosed in '"' if it includes
+     * a '"' or a ','. Also a '"' will be escaped as '\"'.
+     *
+     * @param string $name the name to clean-up
+     * @see cleanAddress
+     */
+    public function getCleanName($name) {
+        $name = trim($name, ' \t"');
+        $name = str_replace('"', '\"', $name, $count);
+        if ($count > 0 || strpos($name, ',') !== false) {
+            $name = '"'.$name.'"';
+        }
+        return $name;
+    }
+
     /**
      * Sets an email address header with correct encoding
      *
      * Unicode characters will be deaccented and encoded base64
      * for headers. Addresses may not contain Non-ASCII data!
      *
+     * If @$addresses is a string then it will be split into multiple
+     * addresses. Addresses must be separated by a comma. If the display
+     * name includes a comma then it MUST be properly enclosed by '"' to
+     * prevent spliting at the wrong point.
+     * 
      * Example:
      *   cc("föö <foo@bar.com>, me@somewhere.com","TBcc");
+     *   to("foo, Dr." <foo@bar.com>, me@somewhere.com");
      *
      * @param string|string[]  $addresses Multiple adresses separated by commas or as array
      * @return false|string  the prepared header (can contain multiple lines)
      */
     public function cleanAddress($addresses) {
         $headers = '';
         if(!is_array($addresses)){
-            $addresses = explode(',', $addresses);
+            $count = preg_match_all('/\s*(?:("[^"]*"[^,]+),*)|([^,]+)\s*,*/', $addresses, $matches, PREG_SET_ORDER);
+            $addresses = array();
+            if ($count !== false && is_array($matches)) {
+                foreach ($matches as $match) {
+                    array_push($addresses, $match[0]);
+                }
+            }
         }
 
         foreach($addresses as $part) {

diff --git a/inc/auth.php b/inc/auth.php
@@ -827,7 +827,7 @@ function auth_sendPassword($user, $password) {
     );
 
     $mail = new Mailer();
-    $mail->to($userinfo['name'].' <'.$userinfo['mail'].'>');
+    $mail->to($mail->getCleanName($userinfo['name']).' <'.$userinfo['mail'].'>');
     $mail->subject($lang['regpwmail']);
     $mail->setBody($text, $trep);
     return $mail->send();