[packages/php.git] / php-mail.patch

diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c
--- php-5.2.0.org/ext/standard/mail.c	2006-01-01 13:50:15.000000000 +0100
+++ php-5.2.0/ext/standard/mail.c	2006-12-01 12:46:40.000000000 +0100
@@ -21,6 +21,8 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <stdio.h>
+#include <syslog.h>
+#include <string.h>
 #include "php.h"
 #include "ext/standard/info.h"
 
@@ -36,6 +38,9 @@
 #include "safe_mode.h"
 #include "exec.h"
 
+#include "zend_operators.h"
+#include "zend_globals.h"
+
 #if HAVE_SENDMAIL
 #ifdef PHP_WIN32
 #include "win32/sendmail.h"
@@ -104,6 +109,27 @@
 		return;
 	}
 
+    /* check for spam attempts with buggy webforms */
+	if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') || (to_len && to[to_len-1] != '\n')))
+			|| (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') || (to_len && to[to_len-1] != '\r')))) {
+        zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
+        RETURN_FALSE;
+    }
+
+    if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') || (subject_len && subject[subject_len-1] != '\n')))
+			|| (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') || (subject_len && subject[subject_len-1] != '\r')))) {
+        zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
+        RETURN_FALSE;
+    }
+
+    /* search for to, cc or bcc headers */
+    if (headers != NULL) {
+        if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
+            zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
+            RETURN_FALSE;
+        }
+    }
+
 	if (to_len > 0) {
 		to_r = estrndup(to, to_len);
 		for (; to_len; to_len--) {
@@ -228,8 +254,42 @@
 			return 0;
 		}
 #endif
-		fprintf(sendmail, "To: %s\n", to);
-		fprintf(sendmail, "Subject: %s\n", subject);
+		TSRMLS_FETCH();
+		
+		if ((to != NULL) && (strlen(to)!=0)) { 
+			fprintf(sendmail, "To: %s\n", to);
+		}
+		if ((subject != NULL) && (strlen(subject)!=0)) {
+			fprintf(sendmail, "Subject: %s\n", subject);
+		}
+
+		if (PG(http_globals)[TRACK_VARS_SERVER]) {
+			zval **remote_addr, **server_name, **server_port,
+				**script_name, **http_user_agent;
+			
+			if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) {
+				convert_to_string_ex(remote_addr);
+				fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr));
+			}
+			if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) {
+				convert_to_string_ex(server_name);
+				fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name));
+				if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) {
+					convert_to_string_ex(server_port);
+					fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port));
+				}	
+				if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
+					convert_to_string_ex(script_name);
+					fprintf(sendmail, "%s", Z_STRVAL_PP(script_name));
+				}
+				fprintf(sendmail, "\n");
+			}
+			if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) {
+				convert_to_string_ex(http_user_agent);
+					fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent));
+			}
+		}
+
 		if (headers != NULL) {
 			fprintf(sendmail, "%s\n", headers);
 		}
Commit	Line	Data
07f426dc AM	1	diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c
	2	--- php-5.2.0.org/ext/standard/mail.c 2006-01-01 13:50:15.000000000 +0100
	3	+++ php-5.2.0/ext/standard/mail.c 2006-12-01 12:46:40.000000000 +0100
5316c927 AF	4	@@ -21,6 +21,8 @@
	5	#include <stdlib.h>
	6	#include <ctype.h>
	7	#include <stdio.h>
	8	+#include <syslog.h>
	9	+#include <string.h>
	10	#include "php.h"
804cfcec	11	#include "ext/standard/info.h"
8135bbee JB	12
8135bbee JB	13	@@ -36,6 +38,9 @@
804cfcec AM	14	#include "safe_mode.h"
	15	#include "exec.h"
	16
	17	+#include "zend_operators.h"
804cfcec AM	18	+#include "zend_globals.h"
	19	+
	20	#if HAVE_SENDMAIL
	21	#ifdef PHP_WIN32
	22	#include "win32/sendmail.h"
07f426dc	23	@@ -104,6 +109,27 @@
16fd5964 ER	24	return;
	25	}
	26
	27	+ /* check for spam attempts with buggy webforms */
07f426dc AM	28	+ if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') \|\| (to_len && to[to_len-1] != '\n')))
07f426dc AM	29	+ \|\| (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') \|\| (to_len && to[to_len-1] != '\r')))) {
af917294	30	+ zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
16fd5964 ER	31	+ RETURN_FALSE;
	32	+ }
	33	+
07f426dc AM	34	+ if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') \|\| (subject_len && subject[subject_len-1] != '\n')))
07f426dc AM	35	+ \|\| (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') \|\| (subject_len && subject[subject_len-1] != '\r')))) {
af917294	36	+ zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
16fd5964 ER	37	+ RETURN_FALSE;
	38	+ }
	39	+
	40	+ /* search for to, cc or bcc headers */
	41	+ if (headers != NULL) {
	42	+ if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 \|\| strcasestr(headers, "\nto:")) {
9be9df81	43	+ zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
16fd5964 ER	44	+ RETURN_FALSE;
16fd5964 ER	45	+ }
16fd5964 ER	46	+ }
	47	+
	48	if (to_len > 0) {
	49	to_r = estrndup(to, to_len);
	50	for (; to_len; to_len--) {
07f426dc	51	@@ -228,8 +254,42 @@
8135bbee JB	52	return 0;
	53	}
	54	#endif
5316c927 AF	55	- fprintf(sendmail, "To: %s\n", to);
5316c927 AF	56	- fprintf(sendmail, "Subject: %s\n", subject);
b9a39e32	57	+ TSRMLS_FETCH();
edf77de8	58	+
5316c927 AF	59	+ if ((to != NULL) && (strlen(to)!=0)) {
	60	+ fprintf(sendmail, "To: %s\n", to);
	61	+ }
	62	+ if ((subject != NULL) && (strlen(subject)!=0)) {
	63	+ fprintf(sendmail, "Subject: %s\n", subject);
	64	+ }
804cfcec	65	+
804cfcec AM	66	+ if (PG(http_globals)[TRACK_VARS_SERVER]) {
804cfcec AM	67	+ zval remote_addr, server_name, **server_port,
bfb8a2ed	68	+ script_name, http_user_agent;
804cfcec AM	69	+
	70	+ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) {
	71	+ convert_to_string_ex(remote_addr);
	72	+ fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr));
	73	+ }
	74	+ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) {
	75	+ convert_to_string_ex(server_name);
b4e19d31	76	+ fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name));
804cfcec AM	77	+ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) {
	78	+ convert_to_string_ex(server_port);
	79	+ fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port));
	80	+ }
18e705dd	81	+ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
bfb8a2ed AM	82	+ convert_to_string_ex(script_name);
bfb8a2ed AM	83	+ fprintf(sendmail, "%s", Z_STRVAL_PP(script_name));
804cfcec AM	84	+ }
	85	+ fprintf(sendmail, "\n");
	86	+ }
	87	+ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) {
	88	+ convert_to_string_ex(http_user_agent);
	89	+ fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent));
	90	+ }
	91	+ }
	92	+
5316c927 AF	93	if (headers != NULL) {
	94	fprintf(sendmail, "%s\n", headers);
	95	}