]>
Commit | Line | Data |
---|---|---|
16fd5964 ER |
1 | --- php-4.3.0/ext/standard/mail.c Thu Jan 2 12:37:54 2003 |
2 | +++ php-5.1.4-mail/ext/standard/mail.c 2006-06-07 17:48:45.197705968 +0300 | |
5316c927 AF |
3 | @@ -21,6 +21,8 @@ |
4 | #include <stdlib.h> | |
5 | #include <ctype.h> | |
6 | #include <stdio.h> | |
7 | +#include <syslog.h> | |
8 | +#include <string.h> | |
9 | #include "php.h" | |
804cfcec | 10 | #include "ext/standard/info.h" |
8135bbee JB |
11 | |
12 | @@ -36,6 +38,9 @@ | |
804cfcec AM |
13 | #include "safe_mode.h" |
14 | #include "exec.h" | |
15 | ||
16 | +#include "zend_operators.h" | |
804cfcec AM |
17 | +#include "zend_globals.h" |
18 | + | |
19 | #if HAVE_SENDMAIL | |
20 | #ifdef PHP_WIN32 | |
21 | #include "win32/sendmail.h" | |
16fd5964 ER |
22 | @@ -104,6 +109,35 @@ |
23 | return; | |
24 | } | |
25 | ||
26 | + /* check for spam attempts with buggy webforms */ | |
27 | + if (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL) { | |
af917294 | 28 | + zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent."); |
16fd5964 ER |
29 | + RETURN_FALSE; |
30 | + } | |
31 | + | |
32 | + if (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL) { | |
af917294 | 33 | + zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent."); |
16fd5964 ER |
34 | + RETURN_FALSE; |
35 | + } | |
36 | + | |
37 | + /* search for to, cc or bcc headers */ | |
38 | + if (headers != NULL) { | |
39 | + if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) { | |
af917294 | 40 | + zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Mail not sent."); |
16fd5964 ER |
41 | + RETURN_FALSE; |
42 | + } | |
43 | + | |
44 | + if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || strcasestr(headers, "\ncc:")) { | |
af917294 | 45 | + zend_error(E_WARNING, "CC: headers aren't allowed in the additional_headers parameter. Mail not sent."); |
16fd5964 ER |
46 | + RETURN_FALSE; |
47 | + } | |
48 | + | |
49 | + if (strncasecmp(headers, "bcc:", sizeof("bcc:") - 1) == 0 || strcasestr(headers, "\nbcc:")) { | |
af917294 | 50 | + zend_error(E_WARNING, "BCC: headers aren't allowed in the additional_headers parameter. Mail not sent."); |
16fd5964 ER |
51 | + RETURN_FALSE; |
52 | + } | |
53 | + } | |
54 | + | |
55 | if (to_len > 0) { | |
56 | to_r = estrndup(to, to_len); | |
57 | for (; to_len; to_len--) { | |
58 | @@ -196,8 +230,42 @@ | |
8135bbee JB |
59 | return 0; |
60 | } | |
61 | #endif | |
5316c927 AF |
62 | - fprintf(sendmail, "To: %s\n", to); |
63 | - fprintf(sendmail, "Subject: %s\n", subject); | |
edf77de8 | 64 | + TSRMLS_FETCH(); |
65 | + | |
5316c927 AF |
66 | + if ((to != NULL) && (strlen(to)!=0)) { |
67 | + fprintf(sendmail, "To: %s\n", to); | |
68 | + } | |
69 | + if ((subject != NULL) && (strlen(subject)!=0)) { | |
70 | + fprintf(sendmail, "Subject: %s\n", subject); | |
71 | + } | |
804cfcec | 72 | + |
804cfcec AM |
73 | + if (PG(http_globals)[TRACK_VARS_SERVER]) { |
74 | + zval **remote_addr, **server_name, **server_port, | |
bfb8a2ed | 75 | + **script_name, **http_user_agent; |
804cfcec AM |
76 | + |
77 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) { | |
78 | + convert_to_string_ex(remote_addr); | |
79 | + fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr)); | |
80 | + } | |
81 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) { | |
82 | + convert_to_string_ex(server_name); | |
b4e19d31 | 83 | + fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name)); |
804cfcec AM |
84 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) { |
85 | + convert_to_string_ex(server_port); | |
86 | + fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port)); | |
87 | + } | |
18e705dd | 88 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) { |
bfb8a2ed AM |
89 | + convert_to_string_ex(script_name); |
90 | + fprintf(sendmail, "%s", Z_STRVAL_PP(script_name)); | |
804cfcec AM |
91 | + } |
92 | + fprintf(sendmail, "\n"); | |
93 | + } | |
94 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) { | |
95 | + convert_to_string_ex(http_user_agent); | |
96 | + fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent)); | |
97 | + } | |
98 | + } | |
99 | + | |
5316c927 AF |
100 | if (headers != NULL) { |
101 | fprintf(sendmail, "%s\n", headers); | |
102 | } |