Patch fixing newline-in-From:-bug

Oliver Lineham oliver at
Tue Nov 7 22:17:07 CET 2006


> I'm not subscribed to the list, so I can't read replies without a cc:
> Also, please accept my apologies if this issue has already been discussed.
> After checking out rc to a new site from svn some days ago (rev 631), I
> found an odd bug in the mail-header-list. Some of my contacts send mails
> containing an newline or carriage return in the From: header, thus
> breaking the _parse_address_list() in I'm not quite sure
> exactly which method is failing, but the result is that quotes are not
> removed, and the newline is converted to a html break inside the html
> anchor's href attribute, thus breaking the HTML validity.
> I'm not sure if this newline is allowed in the From: header according to
> the RFCs, but it appeared.
> Anyway: adding this single line patch to rcube_imap the problem
> disappeared from my installation.
> Hopefully someone can use this knowledge to make RoundCube even better!
> Thanks!
> .øs
> Index: roundcubemail/program/include/
> ===================================================================
> --- roundcubemail/program/include/        (revision 361)
> +++ roundcubemail/program/include/        (working copy)
> @@ -2377,6 +2377,10 @@
>    function _parse_address_list($str)
>      {
> +
> +    // Remove any newlines and carriage returns from address list
> +    $str = preg_replace( "/[\r\n]/", " ", $str );
> +
>      $a = $this->_explode_quoted_string(',', $str);
>      $result = array();

I encountered this bug also.  Submitted a patch here a couple of months ago:

But I forgot to announce it to the list.  My patch is in a slightly different place but the effect is probably similar.

If someone could accept my or Øystein's patch that'd be great.  It really does generate some wildly invalid HTML if there is a newline in the From.



More information about the Dev mailing list