invalid german umlauts üöä Zend\Mail\Header\HeaderValue #7501
Comments
Is this related to the advisory/fix or is this something that you've been built right now? |
I updated from 2.4 to 2.4.1 and now I get Zend\Mail\Header\Exception\InvalidArgumentException "Invalid Subject value detected". I found out that the problem is an "ü" in the mail subject. |
I'm having the same problem.
|
I can confirm this too. Question is, should ZF mime encode the header itself, or should the users do it before setting the subject? I would think ZF should take care of this. |
Did I miss something? $message = new \Zend\Mail\Message();
$message->setEncoding('UTF-8');
$message->setSubject('Test ÄÖÜ'); |
@froschdesign I dont' mean character encoding, but mime encoding |
I just looked into the issue. Internally we were already properly doing the mime-encoding in header fields. The problem with the new security fix is, that it's done before the mime-encoding. I don't know enough about this to propose a fix, but if I understand it right, it'd be enough to limit the check on strings provided with ASCII encoding set. |
Yes, the update to 2.3.8/2.4.1 breaks this: anything but ASCII chars (as per RFC) in the subject fails the validation. Workaround is to remove setEncoding() and MIME encode all other header values. The default encoding is UTF-8 if sending text/plain so the body encoding is fine. |
We're working on an update to fix this. However, as @fr00x indicates, a workaround you can use in for now is to call |
[mail] Fix set UTF-8 values to headers. Fix #7501
Those of you watching this issue: please do the following in your project root: $ composer require zendframework/zendframework:dev-master@dev and then test. #7506 was just merged, which should fix the issue. |
@CreativeNative , @Steffen185 , @Danielss89 , @fr00x — please test and provide feedback. Thanks! |
Works for me! 👍 |
Works for me, too! |
@weierophinney works for me too without any code changes as per 2.3.7 - but I was/am still on 2.3.x. (hence the workaround needed). Do you plan to release this as 2.3.9 anytime soon? |
@fr00x I'll be backporting the patch to the 2.3 series and issuing a new release there as well. |
@fr00x Patches are now released with both 2.4.2 and 2.3.9. |
@weierophinney brilliant - thank you! |
…x/mail-utf8 [mail] Fix set UTF-8 values to headers. Fix zendframework/zendframework#7501
…x/mail-utf8 [mail] Fix set UTF-8 values to headers. Fix zendframework/zendframework#7501
How do I have to encode german umlauts like ö ä ü for Zend\Mail\Header\Subject?
In my mail everything is UTF8 encoded. Did I missed something?
Zend\Mail\Header\HeaderValue::isValid() says they are invalid.
Zend\Mail\Header\HeaderValue::filter() strips all umlauts.
ZF Version: 2.4.1
Security Advisory: http://framework.zend.com/security/advisory/ZF2015-04
The text was updated successfully, but these errors were encountered: