1 diff -ur php-7.1.18.org/ext/standard/mail.c php-7.1.18.new/ext/standard/mail.c
2 --- php-7.1.18.org/ext/standard/mail.c 2018-05-23 20:14:41.000000000 +0200
3 +++ php-7.1.18.new/ext/standard/mail.c 2018-07-09 10:06:56.968650606 +0200
6 #include "php_string.h"
8 +#include "zend_operators.h"
9 +#include "zend_globals.h"
12 #include "win32/sendmail.h"
14 MAIL_ASCIIZ_CHECK(ZSTR_VAL(extra_cmd), ZSTR_LEN(extra_cmd));
17 + /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */
18 + if (headers != NULL) {
19 + if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
20 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
23 + if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) {
24 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent.");
30 to_r = estrndup(to, to_len);
31 for (; to_len; to_len--) {
36 - fprintf(sendmail, "To: %s\n", to);
37 - fprintf(sendmail, "Subject: %s\n", subject);
40 + if ((to != NULL) && (strlen(to)!=0)) {
41 + fprintf(sendmail, "To: %s\n", to);
43 + if ((subject != NULL) && (strlen(subject)!=0)) {
44 + fprintf(sendmail, "Subject: %s\n", subject);
46 + if (Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY
47 + || zend_is_auto_global_str(ZEND_STRL("_SERVER"))) {
48 + zval *remote_addr, *server_name, *server_port, *script_name, *http_user_agent;
49 + remote_addr = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
50 + "REMOTE_ADDR", sizeof("REMOTE_ADDR")-1);
51 + server_name = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
52 + "SERVER_NAME", sizeof("SERVER_NAME")-1);
53 + server_port = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
54 + "SERVER_PORT", sizeof("SERVER_PORT")-1);
55 + script_name = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
56 + "SCRIPT_NAME", sizeof("SCRIPT_NAME")-1);
57 + http_user_agent = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
58 + "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT")-1);
60 + if (remote_addr && Z_TYPE_P(remote_addr) == IS_STRING)
61 + fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_P(remote_addr));
62 + if (server_name && Z_TYPE_P(server_name) == IS_STRING)
63 + fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_P(server_name));
64 + if (server_port && Z_TYPE_P(server_port) == IS_STRING)
65 + fprintf(sendmail, ":%s", Z_STRVAL_P(server_port));
66 + if (script_name && Z_TYPE_P(script_name) == IS_STRING)
67 + fprintf(sendmail, "%s", Z_STRVAL_P(script_name));
68 + fprintf(sendmail, "\n");
69 + if (http_user_agent && Z_TYPE_P(http_user_agent) == IS_STRING)
70 + fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_P(http_user_agent));
74 fprintf(sendmail, "%s\n", hdr);