Skip to content

mb_send_mail may delimit headers with LF only #7902

Closed
@tbali0524

Description

@tbali0524

Description

The following code:

<?php
mb_internal_encoding("UTF-8");
mb_language("uni");
$to = "[email protected]";
$subject = "test mail";
$message = "body of testing php mail";
$header["Mime-Version"] = "1.0";
$header["Content-Type"] = "text/html; charset=UTF-8";
$header["From"] = "[email protected]";
$header["X-Mailer"] = "PHP/" . phpversion();
mb_send_mail($to, $subject, $message, $header);

Resulted in this output:

Ym9keSBvZiB0ZXN0aW5nIHBocCBtYWls
(body of email)

But I expected this output instead:

body of testing php mail

The mail is sent with proper base64 encoded body, but because of a problem in mail header the receiving client cannot decode it. It seems that mb_send_mail() adds a Content-Transfer-Encoding element to the mail header without any linefeed separation after the user supplied header elements:

Part of received mail header:

X-Mailer: PHP/8.0.12 Content-Transfer-Encoding: BASE64

Should have been:

X-Mailer: PHP/8.0.12
Content-Transfer-Encoding: BASE64

Notes:

  • I tried to add extra trailing LF or extra CRLF to my $header and tried both array and string concatenated versions, but it seems php strips any user-supplied trailing linefeeds.
  • Works in PHP 7.4.
  • A similar bug was reported in 2021/06 at https://bugs.php.net/bug.php?id=81158 and was reclassified as documentation problem, but imho my above bug report is slightly different because Content-Transfer-Encoding is not set by me but the php function.
  • The only workaround I found was to use mail() directly, with manually setting Content-Transfer-Encoding header and manually passing base64_encode($message) to mail. But that is a less generic solution than mb_send_mail(), which would support several mb_language() settings.
  • I am not familiar with php-src to dare a pull request, though it seems that this part is it:
    mbfl_memory_device_strncat(&device, "\n", 1);
    . Interestingly, it does try to add an LF but not a CRLF as the IETF RFC would suggest.

PHP Version

PHP 8.0.12

Operating System

Cloudlinux (hosted by a provider)

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions