Emails with certain valid subjects are not sent, an exception Prohibited input ...
is thrown.
Email subject should contain @
char and some extra non-domain accepted chars next, see the subject example below.
Execute the following code:
$app = \JFactory::getApplication();
$mailer = \JFactory::getMailer();
$to = 'test@test.com';
$subject = 'Test email for test@test.com {test}';
$body = 'Test';
// PHP mail works.
mail($to, $subject, $body);
// Joomla way fails.
try
{
$mailer->sendMail($app->get('mailfrom'), $app->get('fromname'), $to, $subject, $body, 1);
}
catch (\Exception $e)
{
echo $e->getMessage();
die;
}
Two emails should be sent.
Only the first email is sent via mail(), the second email throws an exception Prohibited input U+00000020
.
We can see that the subject string is valid.
4.0 nightly
Joomla\CMS\Mail\Mail::setSubject()
calls MailHelper::cleanLine()
MailHelper::cleanLine()
for unknown reason calls PunycodeHelper::emailToPunycode()
which is only intended to convert the email address to Punycode if required.
Joomla 3 uses the \idna_convert
class which actually doesn't create issues with such subjects.
Joomla 4 started to use Algo26\IdnaConvert\ToIdn
for Punycode conversion which throws an exception on invalid domain pattern the subject is validated as.
The main issue is that MailHelper::cleanLine()
is used for non-email address checks, i.e. for a subject or for a sender name.
We have MailHelper::cleanSubject()
and MailHelper::cleanAddress()
but they are not used at all. Note that cleanAddress()
actually doesn't perform Punycode conversion.
Logically, even the current Mail
code in Joomla 3 is invalid, even though it allows sending emails with such subjects.
All MailHelper::cleanXXX()
methods should be re-checked and used in the proper manner.
Labels |
Added:
?
|
Labels |
Added:
No Code Attached Yet
bug
Removed: ? |
I have this problem too especially when web site title contains diacritics and username is in shape email@site.tld.
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-07-11 12:12:28 |
Closed_By | ⇒ | richard67 |
I did the test with 4.3.3 version where I add in all registration fields the same value test2@testcz.cz and get 500 error.
This issue is cropping up in a variety of situations, not just to do with email addresses, nor always to do with the same character. It is now over 2 years since it was reported, and it is occurring in Joomla 4.2.6. If it isn't possible to stop it happening, can documentation please be provided as to what tests are being done to what data? Otherwise developers have great difficulty knowing what they are dealing with.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31768.