-diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c
---- php-5.2.0.org/ext/standard/mail.c 2006-01-01 13:50:15.000000000 +0100
-+++ php-5.2.0/ext/standard/mail.c 2006-12-01 12:46:40.000000000 +0100
+--- php-5.2.0/ext/standard/mail.c 2006-12-01 14:20:27.881416250 +0100
++++ php-5.2.4/ext/standard/mail.c 2007-08-31 19:25:50.777713042 +0300
@@ -21,6 +21,8 @@
#include <stdlib.h>
#include <ctype.h>
#include "php.h"
#include "ext/standard/info.h"
-@@ -36,6 +38,9 @@
+@@ -35,6 +37,8 @@
+ #include "php_ini.h"
#include "safe_mode.h"
#include "exec.h"
-
+#include "zend_operators.h"
+#include "zend_globals.h"
-+
- #if HAVE_SENDMAIL
+
#ifdef PHP_WIN32
#include "win32/sendmail.h"
-@@ -104,6 +109,27 @@
+@@ -107,6 +111,18 @@
return;
}
-+ /* check for spam attempts with buggy webforms */
-+ if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') || (to_len && to[to_len-1] != '\n')))
-+ || (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') || (to_len && to[to_len-1] != '\r')))) {
-+ zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
-+ RETURN_FALSE;
-+ }
-+
-+ if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') || (subject_len && subject[subject_len-1] != '\n')))
-+ || (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') || (subject_len && subject[subject_len-1] != '\r')))) {
-+ zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
-+ RETURN_FALSE;
-+ }
-+
-+ /* search for to, cc or bcc headers */
++ /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */
+ if (headers != NULL) {
+ if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
-+ zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
++ RETURN_FALSE;
++ }
++ if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent.");
+ RETURN_FALSE;
+ }
+ }
if (to_len > 0) {
to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
-@@ -228,8 +254,42 @@
+@@ -231,8 +247,42 @@
return 0;
}
#endif
- fprintf(sendmail, "To: %s\n", to);
- fprintf(sendmail, "Subject: %s\n", subject);
-+ {TSRMLS_FETCH();}
++ TSRMLS_FETCH();
+
+ if ((to != NULL) && (strlen(to)!=0)) {
+ fprintf(sendmail, "To: %s\n", to);
+ if ((subject != NULL) && (strlen(subject)!=0)) {
+ fprintf(sendmail, "Subject: %s\n", subject);
+ }
-+
++ zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC);
+ if (PG(http_globals)[TRACK_VARS_SERVER]) {
+ zval **remote_addr, **server_name, **server_port,
+ **script_name, **http_user_agent;