---- php-4.3.0/ext/standard/mail.c.orig Fri Nov 29 12:15:43 2002
-+++ php-4.3.0/ext/standard/mail.c Thu Jan 2 12:37:54 2003
+diff -urNp -x '*.orig' php-5.2.17.org/ext/standard/mail.c php-5.2.17/ext/standard/mail.c
+--- php-5.2.17.org/ext/standard/mail.c 2010-07-19 15:38:53.000000000 +0200
++++ php-5.2.17/ext/standard/mail.c 2021-10-23 18:57:39.619791815 +0200
@@ -21,6 +21,8 @@
#include <stdlib.h>
#include <ctype.h>
#include "php.h"
#include "ext/standard/info.h"
-@@ -36,6 +38,9 @@
+@@ -42,6 +44,8 @@
+ #include "php_string.h"
#include "safe_mode.h"
#include "exec.h"
-
+#include "zend_operators.h"
+#include "zend_globals.h"
-+
- #if HAVE_SENDMAIL
+
#ifdef PHP_WIN32
#include "win32/sendmail.h"
-@@ -196,8 +201,42 @@
+@@ -131,6 +135,18 @@ PHP_FUNCTION(mail)
+ MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
+ }
+
++ /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */
++ if (headers != NULL) {
++ if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
++ RETURN_FALSE;
++ }
++ if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent.");
++ RETURN_FALSE;
++ }
++ }
++
+ if (to_len > 0) {
+ to_r = estrndup(to, to_len);
+ for (; to_len; to_len--) {
+@@ -276,8 +292,42 @@ PHPAPI int php_mail(char *to, char *subj
return 0;
}
#endif
+ if ((subject != NULL) && (strlen(subject)!=0)) {
+ fprintf(sendmail, "Subject: %s\n", subject);
+ }
-+
++ zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC);
+ if (PG(http_globals)[TRACK_VARS_SERVER]) {
+ zval **remote_addr, **server_name, **server_port,
+ **script_name, **http_user_agent;
+ convert_to_string_ex(server_port);
+ fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port));
+ }
-+ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &scrip_name)==SUCCESS) {
++ if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
+ convert_to_string_ex(script_name);
+ fprintf(sendmail, "%s", Z_STRVAL_PP(script_name));
+ }