[wp-trac] [WordPress Trac] #62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on quoted-string when including a "<", ">" or ", "

WordPress Trac noreply at wordpress.org
Tue Sep 2 13:39:42 UTC 2025 

#62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on
quoted-string when including a "<", ">" or ","
-------------------------------------------------+-------------------------
 Reporter:  bhujagendra                          |       Owner:  jdeep
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Mail                                 |     Version:  2.1.1
 Severity:  normal                               |  Resolution:
 Keywords:  needs-unit-tests has-test-info has-  |     Focuses:
  patch                                          |
-------------------------------------------------+-------------------------

Comment (by SirLouen):

 Hey @jdeep

 First, I can't remember the use of a closure outside a hook in Core.
 I've been doing a search, and I have found none, so despite your proposed
 patch is good, we should avoid the closure. I would prefer not to add a
 function either, because, ideally, I would like in the  near future to
 encapsulate the `wp_mail` function, so a method with private visibility
 would be ideal for this case, but adding a function now will only bring
 future back-compat dread. So I feel a litte in a crossroad for this. 100%
 I would prefer a closure for now but I doubt it will pass.

 > For the unit tests, how should we approach them? Since parseAddresses()
 relies on the IMAP extension, should the tests be written to verify
 headers against fully RFC-5322-compliant cases only when the IMAP
 extension is available?
 Its not exactly like that. `parseAddresses` does work without IMAP
 extension. Problem is that is not 822 compliant. Only works with very
 basic Addresses. I feel that the premises in the OP are exaggeratedly
 academic.

 For Unit Tests, I would do the two versions: with and without imap.
 (skipping when IMAP is not available). I'm not 100% sure, but I would bet
 that the CI pipelines are not testing currently all skipped tests. And I'm
 not sure either if they come with IMAP by default, give it a check. To be
 sincere, I'm not confident which is the approach. Can you check another
 example of Unit Test for [https://make.wordpress.org/hosting/handbook
 /server-environment/#php-extensions another non required library] in
 similar circumstances?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62940#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list