From owner-freebsd-www@FreeBSD.ORG Tue Sep 14 07:20:01 2010 Return-Path: Delivered-To: freebsd-www@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FFDB10656B7 for ; Tue, 14 Sep 2010 07:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EDF658FC14 for ; Tue, 14 Sep 2010 07:20:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o8E7K0WB070117 for ; Tue, 14 Sep 2010 07:20:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o8E7K0QD070116; Tue, 14 Sep 2010 07:20:00 GMT (envelope-from gnats) Resent-Date: Tue, 14 Sep 2010 07:20:00 GMT Resent-Message-Id: <201009140720.o8E7K0QD070116@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-www@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Daniel Ylitalo Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2FE41065673 for ; Tue, 14 Sep 2010 07:11:56 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id A23368FC14 for ; Tue, 14 Sep 2010 07:11:56 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o8E7BtqO078212 for ; Tue, 14 Sep 2010 07:11:55 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o8E7Bt12078211; Tue, 14 Sep 2010 07:11:55 GMT (envelope-from nobody) Message-Id: <201009140711.o8E7Bt12078211@www.freebsd.org> Date: Tue, 14 Sep 2010 07:11:55 GMT From: Daniel Ylitalo To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: www/150550: Bug in mail header patch for PHP when using UTF-8 X-BeenThere: freebsd-www@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD Project Webmasters List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2010 07:20:01 -0000 >Number: 150550 >Category: www >Synopsis: Bug in mail header patch for PHP when using UTF-8 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-www >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 14 07:20:00 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Daniel Ylitalo >Release: 8.1 >Organization: Produktion 203 AB >Environment: FreeBSD www.p203.se 8.1-RELEASE FreeBSD 8.1-RELEASE #1: Thu Aug 12 07:07:57 CEST 2010 daniel@www.p203.se:/usr/obj/usr/src/sys/GENERIC i386 >Description: Hi! I found a bug in the mail header patch when using UTF-8. If you have a url that contains custom chars, such as å ä ö, the mail header patch breaks that utf-8 encoding when it puts the path into the mailheader. You will then have a malformed header (see attached screenshot) and will be picked up by spamdetection softwares as "BAD HEADER". you can find a screenshot of a mailsource of such an email here: http://www.blodan.se/mail-header-patch-bug.jpg >How-To-Repeat: create a rewritten url, either with htaccess in apache or in the rewrite config in lighttpd, with one of the chars å ä ö, or probably any other multibyte char. Make sure to set the header and encodings to utf-8 for that site. Send a mail using mail(); >Fix: Make sure to use utf-8 compatible functiosn in the mail header patch >Release-Note: >Audit-Trail: >Unformatted: