[PEAR-BUG] Bug #11263 [Asn->Csd]: content disposition filename bug with apostophe

Edit report at http://pear.php.net/bugs/bug.php?id=11263&edit=1

ID: 11263
Updated by: [email protected]
Reported By: alan at xnote dot com
Summary: content disposition filename bug with apostophe
-Status: Assigned
+Status: Closed
Type: Bug
Package: Mail_mimeDecode
Operating System: Fedora 7
PHP Version: 5.2.1
Assigned To: cipri
Roadmap Versions:
New Comment:

-Status: Assigned
+Status: Closed
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pear.php.net/get/




Previous Comments:
------------------------------------------------------------------------

[2007-06-10 04:24:38] xnote

Description:
------------
I have found that the function _parseHeaderValue skips any filename with
an apostrophe in it.

For example, If I were to send a file/attachment with the
filename="Ain't it beautiful" it would skip due to the ' in Ain't.

I did a str_replace on $input after strlen($input) and omitted the ' and
it works correctly.

I don't know if it's the regex incorrectly parsing due to my novice
knowledge of regular expressions.

Test script:
---------------
if (($pos = strpos($input, ';')) !== false) {

$return['value'] = trim(substr($input, 0, $pos));
$input = trim(substr($input, $pos+1));

if (strlen($input) > 0) {
$input = str_replace("'","",$input);
// This splits on a semi-colon, if there's no preceeding
backslash
// Now works with quoted values; had to glue the \;
breaks in PHP
// the regex is already bordering on incomprehensible
$splitRegex =
'/([^;\'"]*[\'"]([^\'"]*([^\'"]*)*)[\'"][^;\'"]*|([^;]+))(;|$)/';
preg_match_all($splitRegex, $input, $matches);
$parameters = array();
for ($i=0; $i<count($matches[0]); $i++) {
$param = $matches[0][$i];
while (substr($param, -2) == '\;') {
$param .= $matches[0][++$i];
}
$parameters[] = $param;
}

Expected result:
----------------
n/a no need to expound due to it's simplicity of explaining it
beforehand.

Actual result:
--------------
n/a no need to expound due to it's simplicity of explaining it
beforehand.

------------------------------------------------------------------------