Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653)

CHANGELOG

@@ -5,6 +5,7 @@ CHANGELOG Roundcube Webmail
 - Fix XSS issue in SVG images handling (#1490625)
 - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#1490643)
 - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#1490647)
+- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653)
 
 RELEASE 1.0.8
 -------------

program/lib/Roundcube/rcube_smtp.php

@@ -458,15 +458,19 @@ class rcube_smtp
         }
 
         $addresses  = array();
+        $recipients = preg_replace('/[\s\t]*\r?\n/', '', $recipients);
         $recipients = rcube_utils::explode_quoted_string(',', $recipients);
 
         reset($recipients);
         foreach ($recipients as $recipient) {
             $a = rcube_utils::explode_quoted_string(' ', $recipient);
             foreach ($a as $word) {
-                if (strpos($word, "@") > 0 && $word[strlen($word)-1] != '"') {
-                    $word = preg_replace('/^<|>$/', '', trim($word));
-                    if (in_array($word, $addresses) === false) {
+                $word = trim($word);
+                $len  = strlen($word);
+
+                if ($len && strpos($word, "@") > 0 && $word[$len-1] != '"') {
+                    $word = preg_replace('/^<|>$/', '', $word);
+                    if (!in_array($word, $addresses)) {
                         array_push($addresses, $word);
                     }
                 }