0

My email id have email with subject line "=?UTF-8?Q?=e2=99=a3?= Styles =?UTF-8?Q?=e2=99=a3?=" Now I want to use imap_search to search email with this subject line. But I am getting an error-:

Notice: Unknown: Unknown search criterion: STYLES (errflg=2) in Unknown on line 0

Below is search code I am using:

    $ToSearch=trim("=?UTF-8?Q?=e2=99=a3?= Styles to Freshen Up Your Home =?UTF-8?Q?=e2=99=a3?=");
        $unreadEmails= imap_search($loginToInbox,'SUBJECT  '.$ToSearch.' SINCE '.$dateToSearch.'');
var_dump($unreadEmails);

how can I search email with subject line.

abhinav dixit
  • 241
  • 3
  • 14

2 Answers2

1

It seems pretty clear to me: it's tripping on the word "Styles". That's because there's a space so it thinks there should be a new IMAP keyword. Try enclosing it in quotes:

$unreadEmails = imap_search($loginToInbox,'SUBJECT "'.$ToSearch.'" SINCE '.$dateToSearch);

You'll also have to be careful with that $dateToSearch - you'll probably have to enclose it in quotes as well, and also make sure it's in the format that the server expects (most likely RFC2822 - see section 3.3, Date and Time Specification. See this other question for an example of what it should look like.

Community
  • 1
  • 1
Gigi
  • 28,163
  • 29
  • 106
  • 188
  • RFC 3501 specifies search date format, it has no time portion so it is not RFC 2822. – Max May 08 '14 at 00:19
  • Interesting. May I ask in which section the date format is defined? – Gigi May 08 '14 at 06:57
  • 1
    It is shown by example in 6.4.4: `C: A282 SEARCH FLAGGED SINCE 1-Feb-1994 NOT FROM "Smith"` It is defined in Section 9 in Formal Syntax, in `search-key`, and `date` and related syntax specifiers. – Max May 08 '14 at 19:16
0

The code is extremely dangerous -- it contains "IMAP command injection", similar to SQL injection you would get if you passed user-controlled data straight into your SQL database.

You absolutely have to sanitize the user-provided data before you feed them into the IMAP connection. Read RFC3501, see how strings can be transmitted, find out whether PHP's imap_search can do something for you for free (when it comes to literals, you do not want to handle them from the application code), and make sure you only pass sanitized data to the server.

The current version of code is vulnerable to grave mistakes; an attacker can delete all e-mails through that.

Community
  • 1
  • 1
Jan Kundrát
  • 3,700
  • 1
  • 18
  • 29
  • Your question is "Why did I get an error message Unknown search criterion: STYLES". Read my answer once again, understand the requirements of the ``quoted-string`` syntax as defined in RFC3501, and see what you are actually passing to the IMAP server. How is that string going to be interpreted by the server? After you have done that, you will know why you did get the error message you got. – Jan Kundrát May 10 '14 at 11:40