This repository has been archived by the owner on Jan 8, 2020. It is now read-only.
[mail/mime] Fix content-type has invalid characters in field value. Fix #7503 #7510
Commits on May 10, 2015
-
[mail/mime] Fix content-type has invalid characters in field value
This bug has been introduced in v2.4.1 due the security patch ZF2015-04 for to prevent CRLF injection. Zend\Mime\Part line was originally introduced in ZF1@583 with the following commit message > * Correctly handle multipart/alternative to close #59: > * If both text and html body present, create multipart/alternative part > * If text, html, and attachments are present, create multipart/alternative > part for text+html, but mark email as multipart/mixed > * Note: Zend_Mime::LINEEND as \r\n is causing issues on multipart emails (too > many line breaks); switching to \n fixes the issue, but doesn't follow > standards. Need reviewers. Zend_Mime::LINEEND was replaced by $EOL argument on ZF1@598 with the following commit message > * Refactoring of Zend_Mail/Zend_Mime; mail message construction happens in > transport. Fixes #134 and #106. RFC 2045 section 5.1 defines the syntax of Content-Type Header field as this (only relevant parts of the syntax posted): > In the Augmented BNF notation of RFC 822, a Content-Type header field > value is defined as follows: > > ``` > content := "Content-Type" ":" type "/" subtype > *(";" parameter) > ; Matching of media type and subtype > ; is ALWAYS case-insensitive. > > parameter := attribute "=" value > > attribute := token > ; Matching of attributes > ; is ALWAYS case-insensitive. > > value := token / quoted-string > > token := 1*<any (US-ASCII) CHAR except SPACE, CTLs, > or tspecials> > > tspecials := "(" / ")" / "<" / ">" / "@" / > "," / ";" / ":" / "\" / <"> > "/" / "[" / "]" / "?" / "=" > ; Must be in quoted-string, > ; to use within parameter values > ``` Finally on ZF2 has been duplicated the same behavior on Zend\Mail\Header\ContentType 297ba86#diff-78a765eeca5dcb0c4d8fa594675622f6R76
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.