Issues
- cfmail subject doesn't sanitise new linesLDEV-1021Resolved issue: LDEV-1021Igal Sapir
- SQL Server as a DB causes Lucee to spin up many threadsLDEV-991Resolved issue: LDEV-991Michael Offner
- Emails with attachments should be multipart/mixed but appear to be multipart/relatedLDEV-770Resolved issue: LDEV-770Igal Sapir
- yesNoFormat() does not do what it's supposed toLDEV-755Resolved issue: LDEV-755
- ImageGetEXIFTag doesn't workLDEV-653Resolved issue: LDEV-653
- EXIF data missing from ImageGetExifMetadata and ImageInfo functionsLDEV-652Resolved issue: LDEV-652Michael Offner
- inspect template double check leads to missingIncludeExceptionLDEV-599Resolved issue: LDEV-599Michael Offner
- Writing image after using imageGreyScale throws error "Metadata components != number of destination bands"LDEV-595Resolved issue: LDEV-595Michael Offner
- ImageResize results in NPE when height not setLDEV-585Resolved issue: LDEV-585Michael Offner
- Errors/timeouts occur if using threads via the java concurrency framework (JCF)LDEV-579Michael Offner
- Executing a cfthread inside of a closure failsLDEV-578Pothys - MitrahSoft
- Add CacheIDExists as synonym for CacheKeyExistsLDEV-576Resolved issue: LDEV-576
- Access to variables scope in onSessionStart() is not thread safeLDEV-571Resolved issue: LDEV-571Michael Offner
- cfmail / cfmailparam with attachment contains wrong mimetypeLDEV-570Resolved issue: LDEV-570Michael Offner
Description
Environment
Details
Assignee
Igal SapirReporter
Ben BluemelPriority
MinorFix versions
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
None
Details
Details
Assignee
Reporter
Priority
Fix versions
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
Activity
Igal Sapir1 June 2018 at 18:53
Pothys - MitrahSoft6 February 2018 at 07:40
HI @Igal Sapir,
I've checked with latest version of lucee stil the issue is reproduced. Still you need more input on this ticket?
Igal Sapir8 November 2016 at 22:19
OK, then it looks like we're going the "ACF Way" on this:
Trim the subject and replace all whitespace with chr(32), removing all consecutive whitespace characters.
Joseph Gooch8 November 2016 at 19:45
My goal would be that there's no way for a user to shoot themselves in the foot with cfmail - it should always be legit, and the user shouldn't have to know the SMTP spec to accomplish that.
To that end, line folding is just a way in the SMTP spec to do really long headers - the only reason to do that on purpose is if you care what "view source" looks like. If there's line folding, I would expect the SMTP library to do that. (Especially because the other end is going to remove the newlines and concatenate anyway, so it really is just a cosmetic source issue)
I'd do subject.replace(/(\r|\n|[^[:isprint:]])+/g, " "); and let the header wrap (if necessary) where it may.
(In English - remove all consecutive sequences of newline, CR, and non printable characters with a single space)
Igal Sapir8 November 2016 at 19:22
It seems to me that the "correct" way to fix this issue is not to strip out whitespace characters, but rather inject a whitespace character after a newline if there is none, so to take the OP's example, it will inject a whitespace character (space) just before the word "End", effectively changing
Subject: testing
End of Subject
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: Lucee Mail
<p>Testing</p>into
Subject: testing
End of Subject
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: Lucee Mail
<p>Testing</p>The other option is to become ACF compatible and remove all of the subsequent non-space whitespace.
Subject line is now trimmed and subsequent whitespace characters are removed. The single whitespace characters that remain are converted to a standard chr(32) space if they are a different character.