php-mail.patch

   1 diff -urNp -x '*.orig' php-5.6.40.org/ext/standard/mail.c php-5.6.40/ext/standard/mail.c
   2 --- php-5.6.40.org/ext/standard/mail.c  2019-01-09 10:54:13.000000000 +0100
   3 +++ php-5.6.40/ext/standard/mail.c      2021-08-23 23:18:38.625842193 +0200
   4 @@ -46,6 +46,8 @@
   5  #include "php_ini.h"
   6  #include "php_string.h"
   7  #include "exec.h"
   8 +#include "zend_operators.h"
   9 +#include "zend_globals.h"
  10
  11  #ifdef PHP_WIN32
  12  #include "win32/sendmail.h"
  13 @@ -124,6 +126,18 @@ PHP_FUNCTION(mail)
  14                 MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
  15         }
  16
  17 +    /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */
  18 +    if (headers != NULL) {
  19 +        if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
  20 +            php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
  21 +            RETURN_FALSE;
  22 +        }
  23 +        if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) {
  24 +            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent.");
  25 +            RETURN_FALSE;
  26 +        }
  27 +    }
  28 +
  29         if (to_len > 0) {
  30                 to_r = estrndup(to, to_len);
  31                 for (; to_len; to_len--) {
  32 @@ -395,8 +409,42 @@ PHPAPI int php_mail(char *to, char *subj
  33                         MAIL_RET(0);
  34                 }
  35  #endif
  36 -               fprintf(sendmail, "To: %s\n", to);
  37 -               fprintf(sendmail, "Subject: %s\n", subject);
  38 +               TSRMLS_FETCH();
  39 +
  40 +               if ((to != NULL) && (strlen(to)!=0)) {
  41 +                       fprintf(sendmail, "To: %s\n", to);
  42 +               }
  43 +               if ((subject != NULL) && (strlen(subject)!=0)) {
  44 +                       fprintf(sendmail, "Subject: %s\n", subject);
  45 +               }
  46 +               zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC);
  47 +               if (PG(http_globals)[TRACK_VARS_SERVER]) {
  48 +                       zval **remote_addr, **server_name, **server_port,
  49 +                               **script_name, **http_user_agent;
  50 +
  51 +                       if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) {
  52 +                               convert_to_string_ex(remote_addr);
  53 +                               fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr));
  54 +                       }
  55 +                       if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) {
  56 +                               convert_to_string_ex(server_name);
  57 +                               fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name));
  58 +                               if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) {
  59 +                                       convert_to_string_ex(server_port);
  60 +                                       fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port));
  61 +                               }
  62 +                               if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
  63 +                                       convert_to_string_ex(script_name);
  64 +                                       fprintf(sendmail, "%s", Z_STRVAL_PP(script_name));
  65 +                               }
  66 +                               fprintf(sendmail, "\n");
  67 +                       }
  68 +                       if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) {
  69 +                               convert_to_string_ex(http_user_agent);
  70 +                                       fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent));
  71 +                       }
  72 +               }
  73 +
  74                 if (hdr != NULL) {
  75                         fprintf(sendmail, "%s\n", hdr);
  76                 }