[wp-trac] [WordPress Trac] #62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on quoted-string when including a "<", ">" or ", "

Tue Sep 9 16:43:29 UTC 2025

#62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on
quoted-string when including a "<", ">" or ","
-------------------------------------------------+-------------------------
 Reporter:  bhujagendra                          |       Owner:  jdeep
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Mail                                 |     Version:  2.1.1
 Severity:  normal                               |  Resolution:
 Keywords:  needs-unit-tests has-test-info has-  |     Focuses:
  patch changes-requested                        |
-------------------------------------------------+-------------------------
Changes (by SirLouen):

 * keywords:  needs-unit-tests has-test-info has-patch => needs-unit-tests
     has-test-info has-patch changes-requested

Comment:

 @jdeep I have added a patch with a big code review
 https://core.trac.wordpress.org/attachment/ticket/62940/62940.diff
 And a sample and interesting test, because currently, we are not
 supporting encoded addresses but with `parseAddresses` we will.

 But we need a couple more tests.

 In this patch, I'm also adding support for the `From` address better not
 leave them behind. We are not going to be supporting multiple From for
 many reasons (principally because PHPMailer doesnt not suppor them because
 dealing with DKIM and PHPMailer is not supported and will not be
 supported). So Multiple From Addresses is going to be a `maybelater` for
 now.

 So basically in the remaining tests we should be testing:

 1. One From address, Multiple CC, To, BCC, Reply-To, addresses, but with
 weird forms and charsets for the addresses (like the ones provided in the
 OP). We will be testing based on a `mbstring` active (because its going to
 be always active by default in the testing suite). Forget about the no
 `mbstring` environment.

 2. The only scenario that is not working is the multiple line header that
 has to be sorted in #28473. I will cover this in that ticket once this is
 sorted an merged. So just don't add this. All From/CC/BCC/Reply-To must be
 single-lines (no `\n`).

 3. You can use a dataProvider. This always looks great. You can use a
 single test, add all the elements as variables coming from the
 dataProvider. The dataProvider variables can look like: "Type" and
 "Address/es".

 For example:
 {{{
 "type" => "From",
 "addr" => "John Smith <johnny at example.com>"
 }}}

 Then in the test, you can be setting one or another with a case for the
 test (and can use default values for the other values that are not set).
 Or maybe you have another idea.

 We need to push this fast because the other ticket I mentioned is going to
 be dependent on this to proceed, and I would like to have them both ready
 before 6.9.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62940#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform