[wp-trac] [WordPress Trac] #62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on quoted-string when including a "<", ">" or ", "

WordPress Trac noreply at wordpress.org
Wed Sep 3 13:11:29 UTC 2025 

#62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on
quoted-string when including a "<", ">" or ","
-------------------------------------------------+-------------------------
 Reporter:  bhujagendra                          |       Owner:  jdeep
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Mail                                 |     Version:  2.1.1
 Severity:  normal                               |  Resolution:
 Keywords:  needs-unit-tests has-test-info has-  |     Focuses:
  patch                                          |
-------------------------------------------------+-------------------------

Comment (by jdeep):

 @SirLouen I made some refactoring to eliminating closure usage and
 removing regex parsing.

 > I think its a great opportunity to do a massive revamp here (including
 $to)
 > So by the time all addresses reach this section we already have them
 sorted out.
 > There are no filters in between, so there won't be any compat issues.

 Yes. This would be a good revamp. The only issue is however, are these two
 actions:
 1. [https://github.com/SirLouen/wordpress-
 develop/blob/413b7ea23c6bca900ea4b9523ba98c5e4faa1169/src/wp-
 includes/pluggable.php#L638 wp_mail_succeeded]
 2. [https://github.com/SirLouen/wordpress-
 develop/blob/413b7ea23c6bca900ea4b9523ba98c5e4faa1169/src/wp-
 includes/pluggable.php#L652 wp_mail_failed]

 These actions pass `$mail_data` to the action handlers
 [https://github.com/SirLouen/wordpress-
 develop/blob/413b7ea23c6bca900ea4b9523ba98c5e4faa1169/src/wp-
 includes/pluggable.php#L612 which is] basically:

 {{{#!php
 <?php
 $mail_data = compact( 'to', 'subject', 'message', 'headers', 'attachments'
 );
 }}}

 Now if we were to change the structure of `$to` to the return type of
 `parseAddresses()`, then it would break existing plugins who use this
 action.

 You can see the draft changes in the [https://github.com/WordPress
 /wordpress-develop/pull/9697/files Pull Request]. It simply passes the
 tests by changing the test assertions itself which is not to be done.

 I thought of doing it conditionally but then I would need to write
 bandaid-fixes later on in the code to maintain backward compatibility
 which I feel is not good.

 I would like to know your approach for this.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62940#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list