[ZendTo] Mail header bug on Ubuntu 22.04 / PHP 8.1

Jules Field Jules at Zend.To
Mon Nov 14 09:45:26 GMT 2022 

Eek! No :-(

On 14/11/2022 8:57 am, Sangster, Mark via ZendTo wrote:
> There is a current thread on the issue here:
> https://github.com/php/php-src/issues/8086
>
> The ugly cludge of dos2unix setting sendmail_path to
> '/usr/bin/dos2unix -u|/usr/sbin/sendmail -t -i'
>
> It does seem like the PHP devs are not seeing this as their issue.
>
> Cheers
> Mark
>
> -----Original Message-----
> From: ZendTo<zendto-bounces at zend.to>  On Behalf Of Adam Thorn via ZendTo
> Sent: 11 November 2022 18:07
> To: ZendTo Users<zendto at zend.to>
> Cc: Adam Thorn<alt36 at cam.ac.uk>
> Subject: [ZendTo] Mail header bug on Ubuntu 22.04 / PHP 8.1
>
> CAUTION: External email. Ensure this message is from a trusted source before clicking links/attachments.
>
>
> I'm working on deploying ZendTo to a new Ubuntu 22.04 server. My current ZendTo instance is on Ubuntu 18.04: in both cases I'm using the stock Ubuntu-provided PHP packages, so am moving from PHP 7.4 to PHP 8.1. I'm also moving from ZendTo 5.17-6 to 6.13-2 but I don't think that change is too relevant, as the bug I've spotted is in code which is identical between those ZendTo versions.
>
> The specific problem I've spotted is in NSSDropbox.php : there may be similar problems elsewhere. I don't use phpmailer so am looking at the code path through deliverEmail() which ends in a call to PHP's mail() function.
>
> On the older PHP7.4 server, when I make a dropoff which in turn sends a mail, everything about the mail is fine, and when I view the mail headers in Thunderbird I see e.g.
>
> From: ZendTo Service<no-reply at cam.ac.uk>
> Reply-to:alt36 at cam.ac.uk
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 8bit
>
> However, making a similar dropoff on PHP8.1 the equivalent header lines read...
>
> From: ZendTo Service<no-reply at cam.ac.uk>
>    Reply-to:alt36 at cam.ac.uk
>    Content-Type: text/plain; charset=UTF-8; format=flowed
>    Content-Transfer-Encoding: 8bit
>
> i.e. there's an extra leading space on the lines after From: which are generated within deliverEmail(). This is invalid, and leads to my mail client displaying a mangled From: which is the concatenation of the above four lines, and with no Reply-To set (and presumably ignoring Content-Type etc as well)
>
> I note the same code block would also generate the bcc: header lines if needed, so I suspect this bug would also lead to the bcc: recipients being ignored, but I haven't experimented there.
>
> My minimal demo of the problem, and then also what I believe is the fix, is....
>
> # begin demo, following the code used in deliverEmail()
>
> $headers = '';
>
> $to = 'alt36 at cam.ac.uk';
> $sender = 'no-reply at example.com';
>
> $subject = 'Test subject';
> $content = 'This is a test email';
>
> $fromAddr = 'sender at example.com';
>
> $headers = sprintf("From: %s", $sender) . PHP_EOL .
> sprintf("Reply-to: %s", $fromAddr) . PHP_EOL . $headers; $headers .= "MIME-Version: 1.0".PHP_EOL; $headers .= "Content-Type: text/plain; charset=UTF-8; format=flowed".PHP_EOL; $headers .= "Content-Transfer-Encoding: 8bit".PHP_EOL;
>
> mail($to, $subject, $content, $headers);
>
> # end demo
>
> The problem is the use of PHP_EOL, which of course on my Ubuntu system is the LF character. However, the PHP docs
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.php.net%2Fmanual%2Fen%2Ffunction.mail.php&data=05%7C01%7Cm.v.sangster%40abdn.ac.uk%7Cf481c9547bf842ca68ff08dac40f9939%7C8c2b19ad5f9c49d490773ec3cfc52b3f%7C0%7C0%7C638037868523859206%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oz156zAl2%2BZEQZ6uzwoirGCcvzMZjqhRmfYHLY0vMnU%3D&reserved=0  state that the $headers need to be separated by CRLF. The use of CRLF is also specified e.g. in RFC 2822.
>
> If I replace the PHP_EOL uses in my example above with literal "\r\n"
> strings, the unwanted leading spaces in the headers of the sent mail disappear and my mail client displays everything as I'd expect.
>
> Given the above, I speculate that there's been a change in the behaviour of mail() between the PHP versions but haven't gone searching through changelogs. I also haven't attempted to understand why the use of just PHP_EOL leads to those extra leading spaces appearing - that may just be an artefact of how my mail client ends up displaying a string with embedded LF characters when it's expecting CRLF, though. And, I've not looked more widely to see if there are other places in ZendTo with the same issue.
>
> Regards,
>
> Adam
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fmailman%2Flistinfo%2Fzendto&data=05%7C01%7Cm.v.sangster%40abdn.ac.uk%7Cf481c9547bf842ca68ff08dac40f9939%7C8c2b19ad5f9c49d490773ec3cfc52b3f%7C0%7C0%7C638037868523859206%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=c4wqnsKQnAlH77pk1kDIv%2FVu78OdLiPKu8q3DpAeaF8%3D&reserved=0
>
>
> The University of Aberdeen is a charity registered in Scotland, No SC013683.
> Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. SC013683.
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Find a place inside where there's joy, and the joy will burn out
  the pain.' - Joseph Campbell

www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20221114/32d55b17/attachment-0001.html>

More information about the ZendTo mailing list