]>
Commit | Line | Data |
---|---|---|
adff5a0e AM |
1 | --- php-7.1.22.org/ext/standard/mail.c 2018-09-11 16:08:35.000000000 +0200 |
2 | +++ php-7.1.22/ext/standard/mail.c 2018-09-14 11:40:47.086119608 +0200 | |
bd091b41 | 3 | @@ -46,6 +46,8 @@ |
c0240cb1 | 4 | #include "php_ini.h" |
bd091b41 | 5 | #include "php_string.h" |
c0240cb1 | 6 | #include "exec.h" |
7 | +#include "zend_operators.h" | |
8 | +#include "zend_globals.h" | |
9 | ||
10 | #ifdef PHP_WIN32 | |
11 | #include "win32/sendmail.h" | |
adff5a0e | 12 | @@ -125,6 +127,18 @@ PHP_FUNCTION(mail) |
bd091b41 | 13 | MAIL_ASCIIZ_CHECK(ZSTR_VAL(extra_cmd), ZSTR_LEN(extra_cmd)); |
c0240cb1 | 14 | } |
15 | ||
16 | + /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */ | |
17 | + if (headers != NULL) { | |
18 | + if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) { | |
19 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent."); | |
20 | + RETURN_FALSE; | |
21 | + } | |
22 | + if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) { | |
23 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent."); | |
24 | + RETURN_FALSE; | |
25 | + } | |
26 | + } | |
27 | + | |
28 | if (to_len > 0) { | |
29 | to_r = estrndup(to, to_len); | |
30 | for (; to_len; to_len--) { | |
adff5a0e | 31 | @@ -397,8 +411,42 @@ PHPAPI int php_mail(char *to, char *subj |
bd091b41 | 32 | MAIL_RET(0); |
c0240cb1 | 33 | } |
34 | #endif | |
35 | - fprintf(sendmail, "To: %s\n", to); | |
36 | - fprintf(sendmail, "Subject: %s\n", subject); | |
37 | + TSRMLS_FETCH(); | |
6737bc38 ER |
38 | + |
39 | + if ((to != NULL) && (strlen(to)!=0)) { | |
c0240cb1 | 40 | + fprintf(sendmail, "To: %s\n", to); |
41 | + } | |
42 | + if ((subject != NULL) && (strlen(subject)!=0)) { | |
43 | + fprintf(sendmail, "Subject: %s\n", subject); | |
44 | + } | |
bd091b41 AM |
45 | + if (Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY |
46 | + || zend_is_auto_global_str(ZEND_STRL("_SERVER"))) { | |
47 | + zval *remote_addr, *server_name, *server_port, *script_name, *http_user_agent; | |
48 | + remote_addr = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]), | |
49 | + "REMOTE_ADDR", sizeof("REMOTE_ADDR")-1); | |
50 | + server_name = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]), | |
51 | + "SERVER_NAME", sizeof("SERVER_NAME")-1); | |
52 | + server_port = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]), | |
53 | + "SERVER_PORT", sizeof("SERVER_PORT")-1); | |
54 | + script_name = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]), | |
55 | + "SCRIPT_NAME", sizeof("SCRIPT_NAME")-1); | |
56 | + http_user_agent = zend_hash_str_find(Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]), | |
57 | + "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT")-1); | |
6737bc38 | 58 | + |
bd091b41 AM |
59 | + if (remote_addr && Z_TYPE_P(remote_addr) == IS_STRING) |
60 | + fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_P(remote_addr)); | |
adff5a0e | 61 | + if (server_name && Z_TYPE_P(server_name) == IS_STRING) { |
bd091b41 | 62 | + fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_P(server_name)); |
adff5a0e AM |
63 | + if (server_port && Z_TYPE_P(server_port) == IS_STRING) |
64 | + fprintf(sendmail, ":%s", Z_STRVAL_P(server_port)); | |
65 | + if (script_name && Z_TYPE_P(script_name) == IS_STRING) | |
66 | + fprintf(sendmail, "%s", Z_STRVAL_P(script_name)); | |
67 | + fprintf(sendmail, "\n"); | |
68 | + } | |
bd091b41 AM |
69 | + if (http_user_agent && Z_TYPE_P(http_user_agent) == IS_STRING) |
70 | + fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_P(http_user_agent)); | |
c0240cb1 | 71 | + } |
72 | + | |
73 | if (hdr != NULL) { | |
74 | fprintf(sendmail, "%s\n", hdr); | |
75 | } |