]>
Commit | Line | Data |
---|---|---|
07f426dc AM |
1 | diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c |
2 | --- php-5.2.0.org/ext/standard/mail.c 2006-01-01 13:50:15.000000000 +0100 | |
3 | +++ php-5.2.0/ext/standard/mail.c 2006-12-01 12:46:40.000000000 +0100 | |
5316c927 AF |
4 | @@ -21,6 +21,8 @@ |
5 | #include <stdlib.h> | |
6 | #include <ctype.h> | |
7 | #include <stdio.h> | |
8 | +#include <syslog.h> | |
9 | +#include <string.h> | |
10 | #include "php.h" | |
804cfcec | 11 | #include "ext/standard/info.h" |
8135bbee JB |
12 | |
13 | @@ -36,6 +38,9 @@ | |
804cfcec AM |
14 | #include "safe_mode.h" |
15 | #include "exec.h" | |
16 | ||
17 | +#include "zend_operators.h" | |
804cfcec AM |
18 | +#include "zend_globals.h" |
19 | + | |
20 | #if HAVE_SENDMAIL | |
21 | #ifdef PHP_WIN32 | |
22 | #include "win32/sendmail.h" | |
07f426dc | 23 | @@ -104,6 +109,27 @@ |
16fd5964 ER |
24 | return; |
25 | } | |
26 | ||
27 | + /* check for spam attempts with buggy webforms */ | |
07f426dc AM |
28 | + if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') || (to_len && to[to_len-1] != '\n'))) |
29 | + || (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') || (to_len && to[to_len-1] != '\r')))) { | |
af917294 | 30 | + zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent."); |
16fd5964 ER |
31 | + RETURN_FALSE; |
32 | + } | |
33 | + | |
07f426dc AM |
34 | + if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') || (subject_len && subject[subject_len-1] != '\n'))) |
35 | + || (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') || (subject_len && subject[subject_len-1] != '\r')))) { | |
af917294 | 36 | + zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent."); |
16fd5964 ER |
37 | + RETURN_FALSE; |
38 | + } | |
39 | + | |
40 | + /* search for to, cc or bcc headers */ | |
41 | + if (headers != NULL) { | |
42 | + if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) { | |
9be9df81 | 43 | + zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent."); |
16fd5964 ER |
44 | + RETURN_FALSE; |
45 | + } | |
16fd5964 ER |
46 | + } |
47 | + | |
48 | if (to_len > 0) { | |
49 | to_r = estrndup(to, to_len); | |
50 | for (; to_len; to_len--) { | |
07f426dc | 51 | @@ -228,8 +254,42 @@ |
8135bbee JB |
52 | return 0; |
53 | } | |
54 | #endif | |
5316c927 AF |
55 | - fprintf(sendmail, "To: %s\n", to); |
56 | - fprintf(sendmail, "Subject: %s\n", subject); | |
b9a39e32 | 57 | + TSRMLS_FETCH(); |
edf77de8 | 58 | + |
5316c927 AF |
59 | + if ((to != NULL) && (strlen(to)!=0)) { |
60 | + fprintf(sendmail, "To: %s\n", to); | |
61 | + } | |
62 | + if ((subject != NULL) && (strlen(subject)!=0)) { | |
63 | + fprintf(sendmail, "Subject: %s\n", subject); | |
64 | + } | |
804cfcec | 65 | + |
804cfcec AM |
66 | + if (PG(http_globals)[TRACK_VARS_SERVER]) { |
67 | + zval **remote_addr, **server_name, **server_port, | |
bfb8a2ed | 68 | + **script_name, **http_user_agent; |
804cfcec AM |
69 | + |
70 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) { | |
71 | + convert_to_string_ex(remote_addr); | |
72 | + fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr)); | |
73 | + } | |
74 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) { | |
75 | + convert_to_string_ex(server_name); | |
b4e19d31 | 76 | + fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name)); |
804cfcec AM |
77 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) { |
78 | + convert_to_string_ex(server_port); | |
79 | + fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port)); | |
80 | + } | |
18e705dd | 81 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) { |
bfb8a2ed AM |
82 | + convert_to_string_ex(script_name); |
83 | + fprintf(sendmail, "%s", Z_STRVAL_PP(script_name)); | |
804cfcec AM |
84 | + } |
85 | + fprintf(sendmail, "\n"); | |
86 | + } | |
87 | + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) { | |
88 | + convert_to_string_ex(http_user_agent); | |
89 | + fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent)); | |
90 | + } | |
91 | + } | |
92 | + | |
5316c927 AF |
93 | if (headers != NULL) { |
94 | fprintf(sendmail, "%s\n", headers); | |
95 | } |