invalid german umlauts üöä Zend\Mail\Header\HeaderValue

[CreativeNative]

How do I have to encode german umlauts like ö ä ü for Zend\Mail\Header\Subject?

In my mail everything is UTF8 encoded. Did I missed something?

Zend\Mail\Header\HeaderValue::isValid() says they are invalid.
Zend\Mail\Header\HeaderValue::filter() strips all umlauts.

ZF Version: 2.4.1
Security Advisory: http://framework.zend.com/security/advisory/ZF2015-04

[Ocramius]

Is this related to the advisory/fix or is this something that you've been built right now?

[CreativeNative]

I updated from 2.4 to 2.4.1 and now I get Zend\Mail\Header\Exception\InvalidArgumentException "Invalid Subject value detected". I found out that the problem is an "ü" in the mail subject.

[steffenweber]

I'm having the same problem. Zend\Mail\Header\HeaderValue::isValid returns false for multibyte UTF-8 characters.

<?php
require 'vendor/autoload.php';

$m = new \Zend\Mail\Message();
$m->setSubject('Test ÄÖÜ');

$ php cli/zf-mail-test.php

Fatal error: Uncaught exception 'Zend\Mail\Header\Exception\InvalidArgumentException' with message 'Invalid Subject value detected' in vendor/zendframework/zendframework/library/Zend/Mail/Header/Subject.php:76
Stack trace:
#0 vendor/zendframework/zendframework/library/Zend/Mail/Message.php(336): Zend\Mail\Header\Subject->setSubject('Test \xC3\x84\xC3\x96\xC3\x9C')
#1 cli/zf-mail-test.php(5): Zend\Mail\Message->setSubject('Test \xC3\x84\xC3\x96\xC3\x9C')
#2 {main}
  thrown in vendor/zendframework/zendframework/library/Zend/Mail/Header/Subject.php on line 76

[Danielss89]

I can confirm this too. Question is, should ZF mime encode the header itself, or should the users do it before setting the subject?
We've been given a static method to do it: https://github.com/zendframework/zf2/blob/master/library/Zend/Mail/Header/HeaderWrap.php#L93

I would think ZF should take care of this.

[froschdesign]

Did I miss something?

$message = new \Zend\Mail\Message();
$message->setEncoding('UTF-8');
$message->setSubject('Test ÄÖÜ');

[Danielss89]

@froschdesign I dont' mean character encoding, but mime encoding

[DASPRiD]

I just looked into the issue. Internally we were already properly doing the mime-encoding in header fields. The problem with the new security fix is, that it's done before the mime-encoding. I don't know enough about this to propose a fix, but if I understand it right, it'd be enough to limit the check on strings provided with ASCII encoding set.

[FabianRahm]

Yes, the update to 2.3.8/2.4.1 breaks this: anything but ASCII chars (as per RFC) in the subject fails the validation.

Workaround is to remove setEncoding() and MIME encode all other header values. The default encoding is UTF-8 if sending text/plain so the body encoding is fine.

[weierophinney]

We're working on an update to fix this. However, as @fr00x indicates, a workaround you can use in for now is to call Mime::encodeQuotedPrintableHeader($value, $charset) on the value before passing it to the header instance.

[weierophinney]

Those of you watching this issue: please do the following in your project root:

$ composer require zendframework/zendframework:dev-master@dev

and then test. #7506 was just merged, which should fix the issue.

[weierophinney]

@CreativeNative , @Steffen185 , @Danielss89 , @fr00x — please test and provide feedback. Thanks!

[CreativeNative]

Works for me! 👍

[steffenweber]

Works for me, too!

[FabianRahm]

@weierophinney works for me too without any code changes as per 2.3.7 - but I was/am still on 2.3.x. (hence the workaround needed).

Do you plan to release this as 2.3.9 anytime soon?

[weierophinney]

@fr00x I'll be backporting the patch to the 2.3 series and issuing a new release there as well.

[weierophinney]

@fr00x Patches are now released with both 2.4.2 and 2.3.9.

[FabianRahm]

@weierophinney brilliant - thank you!