ZF-10304: All Bcc's end up in the To line, as well as latter Bcc's get dumped in the open
Description
Similar to ZF-928
given the following code:
$mail = new Zend_Mail();
$mail->setSubject('my subject');
$mail->setBodyText('my body');
$mail->setFrom('from@myserver.com');
$mail->addTo('to.address@email.com');
$mail->addBcc('first.bcc@email.com');
$mail->addBcc('second.bcc@email.com');
print_r($mail);
$mail->send();
First off, the print_r($mail) output before sending the mail shows the Bcc's as _recipients (which later make their way onto the To: line
[_headers:protected] => Array
(
[Subject] => Array
(
[0] => my subject
)
[From] => Array
(
[0] => from@myserver.com
[append] => 1
)
[To] => Array
(
[0] => to.address@email.com
[append] => 1
)
[Bcc] => Array
(
[0] => first.bcc@email.com
[append] => 1
[1] => second.bcc@email.com
)
)
[_from:protected] => from@myserver.com
[_to:protected] => Array
(
[0] => to.address@email.com
)
[_recipients:protected] => Array
(
[to.address@email.com] => 1
[first.bcc@email.com] => 1
[second.bcc@email.com] => 1
)
The resulting email got the following messed up headers:
To: to.address@email.com,first.bcc@email.com,second.bcc@email.com
From: from@myserver.com
second.bcc@email.com
When running the test again without the 'From' header, the results are as such:
To: to.address@email.com,first.bcc@email.com,second.bcc@email.com
second.bcc@email.com
I would mark this higher than Major if at all possible due to the privacy issues involved.
My own alterations to fix this in the short-term include removing the $this->EOL from the implode() inside _prepareHeaders() and having getRecipients() return $this->_to rather than array_keys($this->_recipients);
Comments
Posted by Marc Hodgins (mjh_ca) on 2010-10-25T16:59:32.000+0000
Tested against r23236 and cannot reproduce. The unit test for ZF-928 -- testZf928ToAndBccHeadersShouldNotMix() located in tests/Zend/Mail/MailTest.php) -- seems to cover this. Please re-open with a working test case if the problem persists.
What mail transport are you using?