Date: Tue, 14 Sep 2010 07:11:55 GMT From: Daniel Ylitalo <daniel@produktion203.se> To: freebsd-gnats-submit@FreeBSD.org Subject: www/150550: Bug in mail header patch for PHP when using UTF-8 Message-ID: <201009140711.o8E7Bt12078211@www.freebsd.org> Resent-Message-ID: <201009140720.o8E7K0QD070116@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 150550 >Category: www >Synopsis: Bug in mail header patch for PHP when using UTF-8 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-www >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 14 07:20:00 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Daniel Ylitalo >Release: 8.1 >Organization: Produktion 203 AB >Environment: FreeBSD www.p203.se 8.1-RELEASE FreeBSD 8.1-RELEASE #1: Thu Aug 12 07:07:57 CEST 2010 daniel@www.p203.se:/usr/obj/usr/src/sys/GENERIC i386 >Description: Hi! I found a bug in the mail header patch when using UTF-8. If you have a url that contains custom chars, such as å ä ö, the mail header patch breaks that utf-8 encoding when it puts the path into the mailheader. You will then have a malformed header (see attached screenshot) and will be picked up by spamdetection softwares as "BAD HEADER". you can find a screenshot of a mailsource of such an email here: http://www.blodan.se/mail-header-patch-bug.jpg >How-To-Repeat: create a rewritten url, either with htaccess in apache or in the rewrite config in lighttpd, with one of the chars å ä ö, or probably any other multibyte char. Make sure to set the header and encodings to utf-8 for that site. Send a mail using mail(); >Fix: Make sure to use utf-8 compatible functiosn in the mail header patch >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009140711.o8E7Bt12078211>