Quantcast

Process $body with decodeHeader()?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Process $body with decodeHeader()?

taca
Hi,

This isn't a bug report but a simple question.

In src/compose.php, body of a message is passed to decodeHeader().
Why $body is passed to decodeHeader()?

SM-1_4-STABLE: about line 1316 of src/compose.php:

    echo sm_encode_html_special_chars(decodeHeader($body,false,false,true));

trunk: about line 1398 of src/compose.php:

    $body_str = sm_encode_html_special_chars(decodeHeader($body,false,false));

There was a bad scenario.

1. Accidently (or intentionally) body text contains encoded MIME
   header string such as "=?iso-2022-jp?B ...".

2. decodeHeader() decodes such ""=?iso-2022-jp?B ..." string into
   iso-2022-jp (or other none UTF-8 string) encoded string.

3. Body is expected to UTF-8 or EUC-JP and really contain such string
   in the encoding.

4. As a result, multiple text encopding are miexed and it cause
   strange garbled characters.

I hope $body should be already properly encoded and no need to decode
header any more at that time.

Best regards.

--
Takahiro Kambe <[hidden email]>

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Process $body with decodeHeader()?

Paul Lesniewski
神部さん、おひさしぶりです。

On Thu, Oct 24, 2013 at 4:26 AM, Takahiro Kambe <[hidden email]> wrote:
> Hi,
>
> This isn't a bug report but a simple question.
>
> In src/compose.php, body of a message is passed to decodeHeader().
> Why $body is passed to decodeHeader()?

I'm not certain.  Marc introduced it long, long ago:

http://sourceforge.net/p/squirrelmail/code/4565/

If you look at the code around there, a few things that aren't headers
(such as $signature) are being passed to decodeHeader() so it may have
been a safety mechanism to catch values of many different strings that
were possibly encoded.

> SM-1_4-STABLE: about line 1316 of src/compose.php:
>     echo sm_encode_html_special_chars(decodeHeader($body,false,false,true));
>
> trunk: about line 1398 of src/compose.php:
>
>     $body_str = sm_encode_html_special_chars(decodeHeader($body,false,false));
>
> There was a bad scenario.
>
> 1. Accidently (or intentionally) body text contains encoded MIME
>    header string such as "=?iso-2022-jp?B ...".

I see.  Although a quick test replying to a text/plain message in
quoted-printable encoding seems to show that the message is already
decoded by the time it gets here (thus it seems this decodeHeader()
call isn't needed to convert the QP blocks/entities), I'm hesitant to
touch this since there was presumably good reason for the change.  If
you want to remove all the calls to decodeHeader($body...) (I see at
least three of them) and test for a while, your feedback would be
welcomed.

> 2. decodeHeader() decodes such ""=?iso-2022-jp?B ..." string into
>    iso-2022-jp (or other none UTF-8 string) encoded string.
>
> 3. Body is expected to UTF-8 or EUC-JP and really contain such string
>    in the encoding.
>
> 4. As a result, multiple text encopding are miexed and it cause
>    strange garbled characters.
>
> I hope $body should be already properly encoded and no need to decode
> header any more at that time.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Process $body with decodeHeader()?

taca
In message <CAHog114WmSVjpuTw+2+pR2hLV=[hidden email]>
        on Thu, 24 Oct 2013 16:45:32 -0700,
        Paul Lesniewski <[hidden email]> wrote:
> 神部さん、おひさしぶりです。
お久しぶりです。

>> In src/compose.php, body of a message is passed to decodeHeader().
>> Why $body is passed to decodeHeader()?
>
> I'm not certain.  Marc introduced it long, long ago:
>
> http://sourceforge.net/p/squirrelmail/code/4565/
Thanks for your pointer.

> If you look at the code around there, a few things that aren't headers
> (such as $signature) are being passed to decodeHeader() so it may have
> been a safety mechanism to catch values of many different strings that
> were possibly encoded.
First, I guessed it was intended to handle forward (text in body) or
cited message when replying.  But I noticed later, the codes handle
saved signature using MIME encoded format.

>> 1. Accidently (or intentionally) body text contains encoded MIME
>>    header string such as "=?iso-2022-jp?B ...".
>
> I see.  Although a quick test replying to a text/plain message in
> quoted-printable encoding seems to show that the message is already
> decoded by the time it gets here (thus it seems this decodeHeader()
> call isn't needed to convert the QP blocks/entities), I'm hesitant to
> touch this since there was presumably good reason for the change.  If
> you want to remove all the calls to decodeHeader($body...) (I see at
> least three of them) and test for a while, your feedback would be
> welcomed.
I already tested a few case by removing decodeHeader() for body and it
works fine.  But we should consider what character encoding (or
encoded string) are used in each part of codes...

--
Takahiro Kambe / 神戸 隆博 <[hidden email]>

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Loading...