1 --- php-4.3.0/ext/standard/mail.c Thu Jan 2 12:37:54 2003
2 +++ php-5.1.4-mail/ext/standard/mail.c 2006-06-07 17:48:45.197705968 +0300
10 #include "ext/standard/info.h"
13 #include "safe_mode.h"
16 +#include "zend_operators.h"
17 +#include "zend_globals.h"
21 #include "win32/sendmail.h"
26 + /* check for spam attempts with buggy webforms */
27 + if (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL) {
28 + zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
32 + if (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL) {
33 + zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
37 + /* search for to, cc or bcc headers */
38 + if (headers != NULL) {
39 + if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
40 + zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Mail not sent.");
44 + if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || strcasestr(headers, "\ncc:")) {
45 + zend_error(E_WARNING, "CC: headers aren't allowed in the additional_headers parameter. Mail not sent.");
49 + if (strncasecmp(headers, "bcc:", sizeof("bcc:") - 1) == 0 || strcasestr(headers, "\nbcc:")) {
50 + zend_error(E_WARNING, "BCC: headers aren't allowed in the additional_headers parameter. Mail not sent.");
56 to_r = estrndup(to, to_len);
57 for (; to_len; to_len--) {
62 - fprintf(sendmail, "To: %s\n", to);
63 - fprintf(sendmail, "Subject: %s\n", subject);
66 + if ((to != NULL) && (strlen(to)!=0)) {
67 + fprintf(sendmail, "To: %s\n", to);
69 + if ((subject != NULL) && (strlen(subject)!=0)) {
70 + fprintf(sendmail, "Subject: %s\n", subject);
73 + if (PG(http_globals)[TRACK_VARS_SERVER]) {
74 + zval **remote_addr, **server_name, **server_port,
75 + **script_name, **http_user_agent;
77 + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) {
78 + convert_to_string_ex(remote_addr);
79 + fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr));
81 + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) {
82 + convert_to_string_ex(server_name);
83 + fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name));
84 + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) {
85 + convert_to_string_ex(server_port);
86 + fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port));
88 + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
89 + convert_to_string_ex(script_name);
90 + fprintf(sendmail, "%s", Z_STRVAL_PP(script_name));
92 + fprintf(sendmail, "\n");
94 + if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) {
95 + convert_to_string_ex(http_user_agent);
96 + fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent));
100 if (headers != NULL) {
101 fprintf(sendmail, "%s\n", headers);