This repository has been archived by the owner on Jan 8, 2020. It is now read-only.
[mail/mime] Fix content-type has invalid characters in field value. Fix #7503 #7510
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This bug has been introduced in v2.4.1 due the security patch ZF2015-04 for to prevent CRLF injection. Zend\Mime\Part line was originally introduced in ZF1@583 with the following commit message > * Correctly handle multipart/alternative to close #59: > * If both text and html body present, create multipart/alternative part > * If text, html, and attachments are present, create multipart/alternative > part for text+html, but mark email as multipart/mixed > * Note: Zend_Mime::LINEEND as \r\n is causing issues on multipart emails (too > many line breaks); switching to \n fixes the issue, but doesn't follow > standards. Need reviewers. Zend_Mime::LINEEND was replaced by $EOL argument on ZF1@598 with the following commit message > * Refactoring of Zend_Mail/Zend_Mime; mail message construction happens in > transport. Fixes #134 and #106. RFC 2045 section 5.1 defines the syntax of Content-Type Header field as this (only relevant parts of the syntax posted): > In the Augmented BNF notation of RFC 822, a Content-Type header field > value is defined as follows: > > ``` > content := "Content-Type" ":" type "/" subtype > *(";" parameter) > ; Matching of media type and subtype > ; is ALWAYS case-insensitive. > > parameter := attribute "=" value > > attribute := token > ; Matching of attributes > ; is ALWAYS case-insensitive. > > value := token / quoted-string > > token := 1*<any (US-ASCII) CHAR except SPACE, CTLs, > or tspecials> > > tspecials := "(" / ")" / "<" / ">" / "@" / > "," / ";" / ":" / "\" / <"> > "/" / "[" / "]" / "?" / "=" > ; Must be in quoted-string, > ; to use within parameter values > ``` Finally on ZF2 has been duplicated the same behavior on Zend\Mail\Header\ContentType 297ba86#diff-78a765eeca5dcb0c4d8fa594675622f6R76
Maks3w
changed the title
|
Seems to break each parameter in his own line is just a cosmetic change for pretty print the header using the header folding feature. Fix:
Don't fix:
|
|
Just a note for those coming to this issue: ContentType currently uses |
| @@ -165,7 +165,7 @@ public function getParameter($name) | |||
| if (isset($this->parameters[$name])) { | |||
| return $this->parameters[$name]; | |||
| } | |||
| return; | |||
| return null; | |||
There was a problem hiding this comment.
Why have a return statement at all?
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This bug has been introduced in v2.4.1 due the security patch ZF2015-04 for to prevent CRLF injection.
Zend\Mime\Part line was originally introduced in ZF1@583 with the following commit message
Zend_Mime::LINEEND was replaced by $EOL argument on ZF1@598 with the following commit message
RFC 2045 section 5.1 defines the syntax of Content-Type Header field as this (only relevant parts of the syntax posted):
Finally on ZF2 has been duplicated the same behavior on Zend\Mail\Header\ContentType
297ba86#diff-78a765eeca5dcb0c4d8fa594675622f6R76