ZF-10304: All Bcc's end up in the To line, as well as latter Bcc's get dumped in the open

Description

Similar to ZF-928

given the following code:


$mail = new Zend_Mail();
$mail->setSubject('my subject');
$mail->setBodyText('my body');
$mail->setFrom('from@myserver.com');
$mail->addTo('to.address@email.com');
$mail->addBcc('first.bcc@email.com');
$mail->addBcc('second.bcc@email.com');
print_r($mail);
$mail->send();

First off, the print_r($mail) output before sending the mail shows the Bcc's as _recipients (which later make their way onto the To: line


    [_headers:protected] => Array
        (
            [Subject] => Array
                (
                    [0] => my subject
                )

            [From] => Array
                (
                    [0] => from@myserver.com
                    [append] => 1
                )

            [To] => Array
                (
                    [0] => to.address@email.com
                    [append] => 1
                )

            [Bcc] => Array
                (
                    [0] => first.bcc@email.com
                    [append] => 1
                    [1] => second.bcc@email.com
                )

        )

    [_from:protected] => from@myserver.com
    [_to:protected] => Array
        (
            [0] => to.address@email.com
        )

    [_recipients:protected] => Array
        (
            [to.address@email.com] => 1
            [first.bcc@email.com] => 1
            [second.bcc@email.com] => 1
        )

The resulting email got the following messed up headers:


To: to.address@email.com,first.bcc@email.com,second.bcc@email.com
From: from@myserver.com
 second.bcc@email.com

When running the test again without the 'From' header, the results are as such:


To: to.address@email.com,first.bcc@email.com,second.bcc@email.com
 second.bcc@email.com

I would mark this higher than Major if at all possible due to the privacy issues involved.

My own alterations to fix this in the short-term include removing the $this->EOL from the implode() inside _prepareHeaders() and having getRecipients() return $this->_to rather than array_keys($this->_recipients);

Comments

Tested against r23236 and cannot reproduce. The unit test for ZF-928 -- testZf928ToAndBccHeadersShouldNotMix() located in tests/Zend/Mail/MailTest.php) -- seems to cover this. Please re-open with a working test case if the problem persists.

What mail transport are you using?