Closed pali closed 8 years ago
Hrm. The encoding of the From
and To
headers was in response to #6. Not sure how best to fix that, now. Took a look at Email::Address, but it doesn't appear to have a method returning an address encoded for a header. :-(
If you want to support MIME encoding of phrase part of email address, then you need something like Email::Address. But important! Email::Address can be DOSed, see CVE-2015-7686. I'm planning to introduce new XS based module which will be backward compatible with Email::Address, but without CVE-2015-7686 problem.
This code should do that encoding:
my $address = Email::Address->parse($input); $address->phrase(Encode::encode('MIME-Q', $address->phrase)); my $output = $address->format;
Would it make sense to use the MIME-Header encoding for these header values, instead?
Anyway, for generating email I would suggest to use Email::MIME module, which will take care about more low level stuff. But above problem is not solved yet... After I finished my new module I will try to fix Email::MIME too.
No! You cannot use MIME-Header for From/To/Cc/... headers! MIME-Header is for encoding unstructured MIME header.
Headers with list of email addresses (like From, To, Cc, ...) are special where you need to MIME encode only some parts (e.g. phrase, group name, comments), but email addresses itself must not be encoded. This is reason why above code for Email::Addresses is used -- it split input addresses into tokens, then encode just phrase and generate output string.
@theory Email::Address is affected by CVE-2015-7686 problem. I released new module Email::Address::XS which is not affected by CVE-2015-7686 anymore. See: https://metacpan.org/pod/Email::Address::XS
Hi @theory! Look at module Email::MIME::Header::AddressList which encode & construct To
header correctly.
Ah, I see, brackets weren't getting encoded before. Great, thank you, I fixed the rest of the failures in 6c83099.