zendframework
diff --git a/‎src/Address.php
Lines changed: 27 additions & 7 deletions b/‎src/Address.php
Lines changed: 27 additions & 7 deletions
diff --git a/‎src/Header/ContentType.php
Lines changed: 2 additions & 2 deletions b/‎src/Header/ContentType.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Header/GenericHeader.php
Lines changed: 14 additions & 21 deletions b/‎src/Header/GenericHeader.php
Lines changed: 14 additions & 21 deletions
diff --git a/‎src/Header/GenericMultiHeader.php
Lines changed: 8 additions & 14 deletions b/‎src/Header/GenericMultiHeader.php
Lines changed: 8 additions & 14 deletions
diff --git a/‎src/Header/Sender.php
Lines changed: 32 additions & 24 deletions b/‎src/Header/Sender.php
Lines changed: 32 additions & 24 deletions
diff --git a/‎src/Header/Subject.php
Lines changed: 24 additions & 11 deletions b/‎src/Header/Subject.php
Lines changed: 24 additions & 11 deletions
@@ -9,6 +9,9 @@
 
 namespace Zend\Mail;
 
+use Zend\Validator\EmailAddress as EmailAddressValidator;
+use Zend\Validator\Hostname;
+
 class Address implements Address\AddressInterface
 {
     protected $email;
@@ -24,15 +27,33 @@ class Address implements Address\AddressInterface
      */
     public function __construct($email, $name = null)
     {
-        if (!is_string($email)) {
-            throw new Exception\InvalidArgumentException('Email must be a string');
+        $emailAddressValidator = new EmailAddressValidator(Hostname::ALLOW_LOCAL);
+        if (! is_string($email) || empty($email)) {
+            throw new Exception\InvalidArgumentException('Email must be a valid email address');
+        }
+
+        if (preg_match("/[\r\n]/", $email)) {
+            throw new Exception\InvalidArgumentException('CRLF injection detected');
+        }
+
+        if (! $emailAddressValidator->isValid($email)) {
+            $invalidMessages = $emailAddressValidator->getMessages();
+            throw new Exception\InvalidArgumentException(array_shift($invalidMessages));
         }
-        if (null !== $name && !is_string($name)) {
-            throw new Exception\InvalidArgumentException('Name must be a string');
+
+        if (null !== $name) {
+            if (! is_string($name)) {
+                throw new Exception\InvalidArgumentException('Name must be a string');
+            }
+
+            if (preg_match("/[\r\n]/", $name)) {
+                throw new Exception\InvalidArgumentException('CRLF injection detected');
+            }
+
+            $this->name = $name;
         }
 
         $this->email = $email;
-        $this->name  = $name;
     }
 
     /**
@@ -68,7 +89,6 @@ public function toString()
             return $string;
         }
 
-        $string = $name . ' ' . $string;
-        return $string;
+        return $name . ' ' . $string;
     }
 }
@@ -124,8 +124,8 @@ public function getType()
      * @param  string $name
      * @param  string $value
      * @return ContentType
-     * @throws InvalidArgumentException for parameter names that do not follow RFC 2822
-     * @throws InvalidArgumentException for parameter values that do not follow RFC 2822
+     * @throws Exception\InvalidArgumentException for parameter names that do not follow RFC 2822
+     * @throws Exception\InvalidArgumentException for parameter values that do not follow RFC 2822
      */
     public function addParameter($name, $value)
     {
 
@@ -26,20 +26,16 @@ class GenericHeader implements HeaderInterface, UnstructuredInterface
     /**
      * Header encoding
      *
-     * @var string
+     * @var null|string
      */
-    protected $encoding = 'ASCII';
+    protected $encoding;
 
     public static function fromString($headerLine)
     {
         list($name, $value) = self::splitHeaderLine($headerLine);
-        $decodedValue = HeaderWrap::mimeDecodeValue($value);
-        $wasEncoded = ($decodedValue !== $value);
-        $value = $decodedValue;
+        $value  = HeaderWrap::mimeDecodeValue($value);
         $header = new static($name, $value);
-        if ($wasEncoded) {
-            $header->setEncoding('UTF-8');
-        }
+
         return $header;
     }
 
@@ -128,21 +124,17 @@ public function getFieldName()
      */
     public function setFieldValue($fieldValue)
     {
-        $fieldValue  = (string) $fieldValue;
+        $fieldValue = (string) $fieldValue;
 
-        // Raw values will be encoded when cast to string; as such we need to
-        // mark them as quoted-printable to allow validation to work correctly.
-        if (!HeaderWrap::canBeEncoded($fieldValue)) {
+        if (! HeaderWrap::canBeEncoded($fieldValue)) {
             throw new Exception\InvalidArgumentException(
                 'Header value must be composed of printable US-ASCII characters and valid folding sequences.'
             );
         }
 
-        if (!Mime::isPrintable($fieldValue)) {
-            $this->setEncoding('UTF-8');
-        }
-
         $this->fieldValue = $fieldValue;
+        $this->encoding   = null;
+
         return $this;
     }
 
@@ -163,19 +155,20 @@ public function setEncoding($encoding)
 
     public function getEncoding()
     {
+        if (! $this->encoding) {
+            $this->encoding = Mime::isPrintable($this->fieldValue) ? 'ASCII' : 'UTF-8';
+        }
+
         return $this->encoding;
     }
 
     public function toString()
     {
-        $name  = $this->getFieldName();
+        $name = $this->getFieldName();
         if (empty($name)) {
-          throw new Exception\RuntimeException('Header name is not set, use setFieldName()');
+            throw new Exception\RuntimeException('Header name is not set, use setFieldName()');
         }
         $value = $this->getFieldValue(HeaderInterface::FORMAT_ENCODED);
-        if (empty($value)) {
-          throw new Exception\RuntimeException('Header value is not set, use setFieldValue()');
-        }
 
         return $name . ': ' . $value;
     }
 
@@ -17,25 +17,17 @@ class GenericMultiHeader extends GenericHeader implements MultipleHeadersInterfa
     public static function fromString($headerLine)
     {
         list($fieldName, $fieldValue) = GenericHeader::splitHeaderLine($headerLine);
-        $decodedValue = HeaderWrap::mimeDecodeValue($fieldValue);
-        $wasEncoded = ($decodedValue !== $fieldValue);
-        $fieldValue = $decodedValue;
+        $fieldValue = HeaderWrap::mimeDecodeValue($fieldValue);
 
         if (strpos($fieldValue, ',')) {
             $headers = array();
-            $encoding = ($wasEncoded) ? 'UTF-8' : 'ASCII';
             foreach (explode(',', $fieldValue) as $multiValue) {
-                $header = new static($fieldName, $multiValue);
-                $headers[] = $header->setEncoding($encoding);
+                $headers[] = new static($fieldName, $multiValue);
             }
             return $headers;
-        } else {
-            $header = new static($fieldName, $fieldValue);
-            if ($wasEncoded) {
-                $header->setEncoding('UTF-8');
-            }
-            return $header;
         }
+
+        return new static($fieldName, $fieldValue);
     }
 
     /**
@@ -47,16 +39,18 @@ public static function fromString($headerLine)
      */
     public function toStringMultipleHeaders(array $headers)
     {
-        $name  = $this->getFieldName();
+        $name   = $this->getFieldName();
         $values = array($this->getFieldValue(HeaderInterface::FORMAT_ENCODED));
+
         foreach ($headers as $header) {
-            if (!$header instanceof static) {
+            if (! $header instanceof static) {
                 throw new Exception\InvalidArgumentException(
                     'This method toStringMultipleHeaders was expecting an array of headers of the same type'
                 );
             }
             $values[] = $header->getFieldValue(HeaderInterface::FORMAT_ENCODED);
         }
+
         return $name . ': ' . implode(',', $values);
     }
 }
@@ -10,7 +10,14 @@
 namespace Zend\Mail\Header;
 
 use Zend\Mail;
+use Zend\Mime\Mime;
 
+/**
+ * Sender header class methods.
+ *
+ * @see https://tools.ietf.org/html/rfc2822 RFC 2822
+ * @see https://tools.ietf.org/html/rfc2047 RFC 2047
+ */
 class Sender implements HeaderInterface
 {
     /**
@@ -21,38 +28,35 @@ class Sender implements HeaderInterface
     /**
      * Header encoding
      *
-     * @var string
+     * @var null|string
      */
-    protected $encoding = 'ASCII';
+    protected $encoding;
 
     public static function fromString($headerLine)
     {
         list($name, $value) = GenericHeader::splitHeaderLine($headerLine);
-        $decodedValue = HeaderWrap::mimeDecodeValue($value);
-        $wasEncoded = ($decodedValue !== $value);
-        $value = $decodedValue;
+        $value = HeaderWrap::mimeDecodeValue($value);
 
         // check to ensure proper header type for this factory
         if (strtolower($name) !== 'sender') {
             throw new Exception\InvalidArgumentException('Invalid header line for Sender string');
         }
 
-        $header = new static();
-        if ($wasEncoded) {
-            $header->setEncoding('UTF-8');
-        }
+        $header      = new static();
+        $senderName  = '';
+        $senderEmail = '';
 
         // Check for address, and set if found
         if (preg_match('/^(?P<name>.*?)<(?P<email>[^>]+)>$/', $value, $matches)) {
-            $name = $matches['name'];
-            if (empty($name)) {
-                $name = null;
-            } else {
-                $name = iconv_mime_decode($name, ICONV_MIME_DECODE_CONTINUE_ON_ERROR, 'UTF-8');
+            $senderName = trim($matches['name']);
+            if (empty($senderName)) {
+                $senderName = null;
             }
-            $header->setAddress($matches['email'], $name);
+            $senderEmail = $matches['email'];
         }
 
+        $header->setAddress($senderEmail, $senderName);
+
         return $header;
     }
 
@@ -63,25 +67,23 @@ public function getFieldName()
 
     public function getFieldValue($format = HeaderInterface::FORMAT_RAW)
     {
-        if (!$this->address instanceof Mail\Address\AddressInterface) {
+        if (! $this->address instanceof Mail\Address\AddressInterface) {
             return '';
         }
 
         $email = sprintf('<%s>', $this->address->getEmail());
         $name  = $this->address->getName();
 
-        HeaderValue::assertValid($email);
-        HeaderValue::assertValid($name);
-
         if (!empty($name)) {
-            $encoding = $this->getEncoding();
-            if ($format == HeaderInterface::FORMAT_ENCODED
-                && 'ASCII' !== $encoding
-            ) {
-                $name  = HeaderWrap::mimeEncodeValue($name, $encoding);
+            if ($format == HeaderInterface::FORMAT_ENCODED) {
+                $encoding = $this->getEncoding();
+                if ('ASCII' !== $encoding) {
+                    $name  = HeaderWrap::mimeEncodeValue($name, $encoding);
+                }
             }
             $email = sprintf('%s %s', $name, $email);
         }
+
         return $email;
     }
 
@@ -93,6 +95,12 @@ public function setEncoding($encoding)
 
     public function getEncoding()
     {
+        if (! $this->encoding) {
+            $this->encoding = Mime::isPrintable($this->getFieldValue(HeaderInterface::FORMAT_RAW))
+                ? 'ASCII'
+                : 'UTF-8';
+        }
+
         return $this->encoding;
     }
 
 
@@ -9,6 +9,14 @@
 
 namespace Zend\Mail\Header;
 
+use Zend\Mime\Mime;
+
+/**
+ * Subject header class methods.
+ *
+ * @see https://tools.ietf.org/html/rfc2822 RFC 2822
+ * @see https://tools.ietf.org/html/rfc2047 RFC 2047
+ */
 class Subject implements UnstructuredInterface
 {
     /**
@@ -19,26 +27,21 @@ class Subject implements UnstructuredInterface
     /**
      * Header encoding
      *
-     * @var string
+     * @var null|string
      */
-    protected $encoding = 'ASCII';
+    protected $encoding;
 
     public static function fromString($headerLine)
     {
         list($name, $value) = GenericHeader::splitHeaderLine($headerLine);
-        $decodedValue = HeaderWrap::mimeDecodeValue($value);
-        $wasEncoded = ($decodedValue !== $value);
-        $value = $decodedValue;
+        $value = HeaderWrap::mimeDecodeValue($value);
 
         // check to ensure proper header type for this factory
         if (strtolower($name) !== 'subject') {
             throw new Exception\InvalidArgumentException('Invalid header line for Subject string');
         }
 
         $header = new static();
-        if ($wasEncoded) {
-            $header->setEncoding('UTF-8');
-        }
         $header->setSubject($value);
 
         return $header;
@@ -66,16 +69,26 @@ public function setEncoding($encoding)
 
     public function getEncoding()
     {
+        if (! $this->encoding) {
+            $this->encoding = Mime::isPrintable($this->subject) ? 'ASCII' : 'UTF-8';
+        }
+
         return $this->encoding;
     }
 
     public function setSubject($subject)
     {
         $subject = (string) $subject;
-        if (! HeaderValue::isValid($subject)) {
-            throw new Exception\InvalidArgumentException('Invalid Subject value detected');
+
+        if (! HeaderWrap::canBeEncoded($subject)) {
+            throw new Exception\InvalidArgumentException(
+                'Subject value must be composed of printable US-ASCII or UTF-8 characters.'
+            );
         }
-        $this->subject = $subject;
+
+        $this->subject  = $subject;
+        $this->encoding = null;
+
         return $this;
     }
Original file line number	Diff line number	Diff line change
`@@ -17,25 +17,17 @@ class GenericMultiHeader extends GenericHeader implements MultipleHeadersInterfa`
`17`	`17`	`public static function fromString($headerLine)`
`18`	`18`	`{`
`19`	`19`	`list($fieldName, $fieldValue) = GenericHeader::splitHeaderLine($headerLine);`
`20`		`- $decodedValue = HeaderWrap::mimeDecodeValue($fieldValue);`
`21`		`- $wasEncoded = ($decodedValue !== $fieldValue);`
`22`		`- $fieldValue = $decodedValue;`
	`20`	`+ $fieldValue = HeaderWrap::mimeDecodeValue($fieldValue);`
`23`	`21`
`24`	`22`	`if (strpos($fieldValue, ',')) {`
`25`	`23`	`$headers = array();`
`26`		`- $encoding = ($wasEncoded) ? 'UTF-8' : 'ASCII';`
`27`	`24`	`foreach (explode(',', $fieldValue) as $multiValue) {`
`28`		`- $header = new static($fieldName, $multiValue);`
`29`		`- $headers[] = $header->setEncoding($encoding);`
	`25`	`+ $headers[] = new static($fieldName, $multiValue);`
`30`	`26`	`}`
`31`	`27`	`return $headers;`
`32`		`- } else {`
`33`		`- $header = new static($fieldName, $fieldValue);`
`34`		`- if ($wasEncoded) {`
`35`		`- $header->setEncoding('UTF-8');`
`36`		`- }`
`37`		`- return $header;`
`38`	`28`	`}`
	`29`	`+`
	`30`	`+ return new static($fieldName, $fieldValue);`
`39`	`31`	`}`
`40`	`32`
`41`	`33`	`/**`
`@@ -47,16 +39,18 @@ public static function fromString($headerLine)`
`47`	`39`	`*/`
`48`	`40`	`public function toStringMultipleHeaders(array $headers)`
`49`	`41`	`{`
`50`		`- $name = $this->getFieldName();`
	`42`	`+ $name = $this->getFieldName();`
`51`	`43`	`$values = array($this->getFieldValue(HeaderInterface::FORMAT_ENCODED));`
	`44`	`+`
`52`	`45`	`foreach ($headers as $header) {`
`53`		`- if (!$header instanceof static) {`
	`46`	`+ if (! $header instanceof static) {`
`54`	`47`	`throw new Exception\InvalidArgumentException(`
`55`	`48`	`'This method toStringMultipleHeaders was expecting an array of headers of the same type'`
`56`	`49`	`);`
`57`	`50`	`}`
`58`	`51`	`$values[] = $header->getFieldValue(HeaderInterface::FORMAT_ENCODED);`
`59`	`52`	`}`
	`53`	`+`
`60`	`54`	`return $name . ': ' . implode(',', $values);`
`61`	`55`	`}`
`62`	`56`	`}`