Quotation marks in subject lines are entity-encoded

Question

Quotation marks in subject lines are entity-encoded

Closed this issue 8 years ago · 1 comments

If you try to use a subject line that contains a quotation mark it is entity-encoded.

E.g. $mail->setSubject("Amy O'Neil"); becomes

Subject: Amy O'Neil in the resulting email message.

setSubject() runs the subject string through filterOther().

filterOther() uses FILTER_SANITIZE_STRING which will encode quotes by default (as it's meant for sanitizing HTML, not plain text).

A quick fix would be to add the FILTER_FLAG_NO_ENCODE_QUOTES flag as you've done in filterName()

That doesn't necessarily fix the underlying problem of filtering subject lines as if they are HTML though. E.g. you still can't have as a subject line anything that looks like an HTML tag as it will be stripped.

Answer 1 · 2017-02-17T01:22:16.000Z

Fixed on November 15th, 2015