wp_mail incorrectly parses multiline From header

[arty.name]

wp_mail tries to parse From: header when it is contained in headers. It fails when the header is multiline. Multiline headers are common when non-ascii characters are used and quoted-printable escaping kicks in.

Example input:

From: =?UTF-8?Q?=D0=92=D0=B7=D0=B3=D0=BB=D1=8F=D0=B4=20=D0=BD=D0=B0=20=D0=BE?=
 =?UTF-8?Q?=D0=BA=D1=80=D1=83=D0=B6=D0=B0=D1=8E=D1=89=D0=B8=D0=B9=20=D0=BC?=
 =?UTF-8?Q?=D0=B8=D1=80?= <live-positive@yandex.ru>

Parsed email in $from_email:

=?UTF-8?Q?=D0=92=D0=B7=D0=B3=D0=BB=D1=8F=D0=B4=20=D0=BD=D0=B0=20=D0=BE?=

[arty.name]

proposed fix

[arty.name]

I have attached a patch which might fix the problem by improving how wordpress parses headers. First of all, it treats multiline headers as one (continuation of header can be easily detected by first character being a whitespace). Second, if there's a mb_decode_mimeheader present, it is used to parse the $from_name.

[arty.name]

Any chance for this to get some attention?

[stephenharris]

Refreshed patch added, includes unit test.

[desrosj]

28473-2.diff​ needs to be refreshed.

Trac ticket: #28473

[SirLouen]

First, this patch is missing a part: ​According to RFC 5322 lines could start by any WSP character which also includes a horizontal tab.

( ' ' === $tempheaders[ $index ][0] || "\t" === $tempheaders[ $index ][0] ) )

Also instead of checking for the array value itself, I would check if its isset like

if ( $index > 0 && isset( $tempheaders[ $index ] ) && ( ' ' === $tempheaders[ $index ][0] || "\t" === $tempheaders[ $index ][0] ) ) {

Second, apart from this, I don't love that iterator. Instead of exploding the $headers first, and then running this, we could do both actions in the same run. The for is Ok, but I would have chosen a foreach because it's easier to follow.

With this review, I'm looking forward to seeing those changes in code. The unit test refresh looks good.

[SirLouen]

Testing workflow

[SirLouen]

Done

[SirLouen]

@sainathpoojary did you see the last comment? Since you only sent the PR I feel you are not subscribed to this report, so maybe you did not receive the request for changes in patch.

[sainathpoojary]

@SirLouen Thanks for the feedback! I've made the requested changes. Please let me know if there's anything else that needs adjustment.

[SirLouen]

@sainathpoojary I have reviewd this ticket
It has a problem we cannot solve for now

We are working currently in a patch in #62940 that must introduce parseAddresses
For this reason we won't need this part:

if ( function_exists( 'mb_decode_mimeheader' ) && ( str_contains( $content, "\n" ) || str_contains( $from_name, '=?' ) ) ) {
										$from_name = mb_decode_mimeheader( $from_name );

Also for the test, just focus on the multiline part, ignore the single line tests

The first part looks good to me.

Once we have #62940 merged, we will be able to pass test_wp_mail_multiline_header. So I'm going to leave this patch in stand-by. If you want for now, you can simply clean it (I've added some reviews within the PR)