[wp-trac] [WordPress Trac] #62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on quoted-string when including a "<", ">" or ", "

WordPress Trac noreply at wordpress.org
Fri Sep 12 08:29:52 UTC 2025 

#62940: wp_mail(): Address header parsing is not RFC-5322 complient and fails on
quoted-string when including a "<", ">" or ","
-------------------------------------------------+-------------------------
 Reporter:  bhujagendra                          |       Owner:  jdeep
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Mail                                 |     Version:  2.1.1
 Severity:  normal                               |  Resolution:
 Keywords:  needs-unit-tests has-test-info has-  |     Focuses:
  patch changes-requested                        |
-------------------------------------------------+-------------------------

Comment (by jdeep):

 Replying to [comment:23 SirLouen]:
 > @jdeep I've been thinking and we have to refactor again the code
 > We cannot parse addresses on the fly
 > Because the content-type has to be set **before** we start parsing
 > If the content type is the last line in the headers, it will be parsed
 too late leaving the rest of the headers without a content-type (by
 default its almost always going to be `utf-8` but we have to respect the
 content-type set in the headers
 >
 > For this reason, we have to do an address parsing after the headers have
 been set in the switch, not during.

 I have refactored the code to set the charset from `Content-Type` before
 parsing any other headers.

 > Also, the test you sent me look good. They are simply but escalable.

 Okay. I will then add some more testcases.

 > I've been thinking that since you repeat so much the exact same test,
 maybe we should do them the other way around (testing for all the  types
 the same, and adding new addresses, will simply test for all types). Even
 you can use the exact same dataProvider for all, including the To (and
 leave the From dataprovider independent because we can only test with a
 single address). Remember I'm just giving some ideas that come to my mind,
 if you have any idea to improve comment it.

 Yup that would work as well. Since the headers of `To`, `Reply-To`, `CC`,
 `BCC` are similar and differ only in the header type, we can have a single
 list of content (address list) for these headers and test them for each
 header.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62940#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list