#22939 [NEW]: imap_header_info crashes a page when the from, cc or bcc field is () or <>

Fri, 28 Mar 2003 07:51:30 -0800 

From:             simon dot wilmer at milestoneip dot com
Operating system: Red Hat 8.0
PHP version:      4.3.1
PHP Bug Type:     IMAP related
Bug description:  imap_header_info crashes a page when the from, cc or bcc field is () 
or <>

Hi,

Using PHP 4.3.0 and 4.3.1 with IMAP_2001.RELEASE-CANDIDATE.1 and
IMAP_2003.DEV.SNAP-0303181124 and Apache 1.3.27. The imap_header_info
function returns an obkect with headers from an email, when trying to read
the ->to, ->toaddress, ->cc, ->ccaddress, ->bcc, ->bccaddress values the
page will crash if the from, cc or bcc field in the email itself is "()"
or "<>" in the headers. Any normal text is fine, but the values above
cause the page to crash. 

There is no error message returned unfortunately. Below is some sample
code to test this.

Also you will need to set the "from" in an email to () or <> to cause the
problem. If anyone thinks it's a good idea I might email [EMAIL PROTECTED]
as someone could "break" the mailbox of any web based email system by
mailing an email with a "broken" from field.

Sample code:
<?
        $connection = imap_open('{localhost:143}INBOX', 'username', 'password');

        $headers = imap_headerinfo($connection, 1);
        echo $headers->subject." <br>";
                
        $var = $headers->from;
                
        if (is_array($var))
        {
                //This line is where the script "hangs"
                echo $var[0]->mailbox."@".$var[0]->host;
        }
?>
-- 
Edit bug report at http://bugs.php.net/?id=22939&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=22939&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=22939&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=22939&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=22939&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=22939&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=22939&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=22939&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=22939&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=22939&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=22939&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22939&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=22939&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=22939&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=22939&r=gnused

Reply via email to