php-mail.patch

   1 diff -ur php-7.1.18.org/ext/standard/mail.c php-7.1.18.new/ext/standard/mail.c
   2 --- php-7.1.18.org/ext/standard/mail.c  2018-05-23 20:14:41.000000000 +0200
   3 +++ php-7.1.18.new/ext/standard/mail.c  2018-07-09 10:06:56.968650606 +0200
   4 @@ -46,6 +46,8 @@
   5  #include "php_ini.h"
   6  #include "php_string.h"
   7  #include "exec.h"
   8 +#include "zend_operators.h"
   9 +#include "zend_globals.h"
  10
  11  #ifdef PHP_WIN32
  12  #include "win32/sendmail.h"
  13 @@ -125,6 +127,18 @@
  14                 MAIL_ASCIIZ_CHECK(ZSTR_VAL(extra_cmd), ZSTR_LEN(extra_cmd));
  15         }
  16
  17 +    /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */
  18 +    if (headers != NULL) {
  19 +        if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
  20 +            php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
  21 +            RETURN_FALSE;
  22 +        }
  23 +        if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) {
  24 +            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent.");
  25 +            RETURN_FALSE;
  26 +        }
  27 +    }
  28 +
  29         if (to_len > 0) {
  30                 to_r = estrndup(to, to_len);
  31                 for (; to_len; to_len--) {
  32 @@ -397,8 +411,41 @@
  33                         MAIL_RET(0);
  34                 }
  35  #endif
  36 -               fprintf(sendmail, "To: %s\n", to);
  37 -               fprintf(sendmail, "Subject: %s\n", subject);
  38 +               TSRMLS_FETCH();
  39 +
  40 +               if ((to != NULL) && (strlen(to)!=0)) {
  41 +                       fprintf(sendmail, "To: %s\n", to);
  42 +               }
  43 +               if ((subject != NULL) && (strlen(subject)!=0)) {
  44 +                       fprintf(sendmail, "Subject: %s\n", subject);
  45 +               }
  46 +               if (Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY
  47 +                               || zend_is_auto_global_str(ZEND_STRL("_SERVER"))) {
  48 +                                       zval *remote_addr, *server_name, *server_port, *script_name, *http_user_agent;
  49 +                                       remote_addr = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
  50 +                                                       "REMOTE_ADDR", sizeof("REMOTE_ADDR")-1);
  51 +                                       server_name = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
  52 +                                                       "SERVER_NAME", sizeof("SERVER_NAME")-1);
  53 +                                       server_port = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
  54 +                                                       "SERVER_PORT", sizeof("SERVER_PORT")-1);
  55 +                                       script_name = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
  56 +                                                       "SCRIPT_NAME", sizeof("SCRIPT_NAME")-1);
  57 +                                       http_user_agent = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
  58 +                                                       "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT")-1);
  59 +
  60 +                                       if (remote_addr && Z_TYPE_P(remote_addr) == IS_STRING)
  61 +                                               fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_P(remote_addr));
  62 +                                       if (server_name && Z_TYPE_P(server_name) == IS_STRING)
  63 +                                               fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_P(server_name));
  64 +                                       if (server_port && Z_TYPE_P(server_port) == IS_STRING)
  65 +                                               fprintf(sendmail, ":%s", Z_STRVAL_P(server_port));
  66 +                                       if (script_name && Z_TYPE_P(script_name) == IS_STRING)
  67 +                                               fprintf(sendmail, "%s", Z_STRVAL_P(script_name));
  68 +                                       fprintf(sendmail, "\n");
  69 +                                       if (http_user_agent && Z_TYPE_P(http_user_agent) == IS_STRING)
  70 +                                               fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_P(http_user_agent));
  71 +               }
  72 +
  73                 if (hdr != NULL) {
  74                         fprintf(sendmail, "%s\n", hdr);
  75                 }