| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 1.10.12 |
| Request #14232 | RFC2231: Improve tspecials encoding in _buildHeaderParam() | ||
|---|---|---|---|
| Submitted: | 2008-06-25 06:27 UTC | ||
| From: | alec | Assigned: | alec |
| Status: | Closed | Package: | Mail_Mime (version CVS) |
| PHP Version: | 5.2.6 | OS: | |
| Roadmaps: | 1.5.3 | ||
[2008-06-25 06:27 UTC] alec
(Aleksander Machniak)
Description:
------------
According to RFC2231/2047 special characters ie. ', ", etc. (in RFC's named 'tspecials') must be encoded like other non-ascii characters.
Comments
[2008-07-26 13:45 UTC] doconnor
(Daniel O'Connor)
Hey Akekander, any chance of a small test script showing the broken behaviour - that way we can easily verify your patch and prevent regressions :)
[2008-09-03 17:23 UTC] arekm
(Arkadiusz Miskiewicz)
roundcube related part of this bug is at http://trac.roundcube.net/ticket/1485151
I'm not convinced that this patch is correct. Details in roudcube bug report comments.
The primary problem with it is that even pure-ascii headers are being encoded.
[2008-09-03 18:43 UTC] arekm
(Arkadiusz Miskiewicz)
Daniel, the tspecial handling actually seems to be missing in the code.
rfc2183 content-disposition grammar says:
"filename-parm := "filename" "=" value"
then
"NOTE ON PARAMETER VALUE LENGHTS: A short (length <= 78 characters)
parameter value containing only non-`tspecials' characters SHOULD be
represented as a single `token'. A short parameter value containing
only ASCII characters, but including `tspecials' characters, SHOULD
be represented as `quoted-string'. Parameter values longer than 78
characters, or which contain non-ASCII characters, MUST be encoded as
specified in [RFC 2184]."
we are interested in "A short parameter value containing
only ASCII characters, but including `tspecials' characters, SHOULD
be represented as `quoted-string'. "
RFC2045 defines tspecials as:
tspecials := "(" / ")" / "<" / ">" / "@" /
"," / ";" / ":" / "\" / <">
"/" / "[" / "]" / "?" / "="
; Must be in quoted-string,
; to use within parameter values
then RFC822 defines quoted-string as:
quoted-string = <"> *(qtext/quoted-pair) <">; Regular qtext or
; quoted chars.
so we end up with:
quoted-pair = "\" CHAR ; may quote any char
So to me it looks like tspecials should be simply escaped with backslash. Current _buildHeaderParam() code doesn't care about tspecials.
Correct? Note that I followed Content-disposition (rfc/docs) path only and I'm not sure if this applies to other mime cheaders, too.
[2008-09-04 07:35 UTC] arekm
(Arkadiusz Miskiewicz)
tspecialspear.patch adds tspecial characters escaping.
[2008-09-05 06:49 UTC] alec
(Aleksander Machniak)
mimePart.patch added. I think we can do things more simple. Because tspecials escaping in quoted-strings is not compatible with some clients (Thunderbird) and probably with RFC2822. I think we can do escaping only for " and \ signs. Tested with Thunderbird and Roundcube.
[2009-12-21 16:00 UTC] alec
(Aleksander Machniak)
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: alec
-Roadmap Versions:
+Roadmap Versions: 1.5.3
This bug has been fixed in SVN.
If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.