[BACK]Return to mail.c CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / standard

Diff for /embedaddon/php/ext/standard/mail.c between versions 1.1.1.4 and 1.1.1.4.2.1

version 1.1.1.4, 2013/10/14 08:02:34 version 1.1.1.4.2.1, 2013/10/14 08:17:38
Line 281  PHPAPI int php_mail(char *to, char *subject, char *mes Line 281  PHPAPI int php_mail(char *to, char *subject, char *mes
                 efree(f);                  efree(f);
         }          }
   
           /* Patched by Giam Teck Choon */
           /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
           /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
           char *headers2=NULL;
   
           // add a header in the form
           //      X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr>
           while(1) {
                   zval **server, **remote_addr, **forwarded_for, **php_self, **server_name;
   
                   if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE)
                           break;
                   if (Z_TYPE_PP(server)!=IS_ARRAY)
                           break;
                   if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE)
                           break;
                   if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE)
                           forwarded_for=NULL;
                   if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE)
                           break;
                   if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE)
                           break;
                   headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self)
                           +(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0)
                           +Z_STRLEN_PP(remote_addr));
                   strcpy(headers2, "X-PHP-Script: ");
                   strcat(headers2, Z_STRVAL_PP(server_name));
                   if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) {
                           php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self));
                   }
                   else {
                           strcat(headers2, Z_STRVAL_PP(php_self));
                   }
                   strcat(headers2, " for ");
                   if (forwarded_for) {
                           strcat(headers2, Z_STRVAL_PP(forwarded_for));
                           strcat(headers2, ", ");
                   }
                   strcat(headers2, Z_STRVAL_PP(remote_addr));
                   break;
           }
           /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
   
         if (!sendmail_path) {          if (!sendmail_path) {
 #if (defined PHP_WIN32 || defined NETWARE)  #if (defined PHP_WIN32 || defined NETWARE)
                 /* handle old style win smtp sending */                  /* handle old style win smtp sending */
Line 344  PHPAPI int php_mail(char *to, char *subject, char *mes Line 387  PHPAPI int php_mail(char *to, char *subject, char *mes
 #endif  #endif
                 fprintf(sendmail, "To: %s\n", to);                  fprintf(sendmail, "To: %s\n", to);
                 fprintf(sendmail, "Subject: %s\n", subject);                  fprintf(sendmail, "Subject: %s\n", subject);
                   /* Patched by Giam Teck Choon */
                   /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
                   /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
                   if (headers2 != NULL) {
                           fprintf(sendmail, "%s\n", headers2);
                           efree(headers2);
                   }
                   /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
                 if (hdr != NULL) {                  if (hdr != NULL) {
                         fprintf(sendmail, "%s\n", hdr);                          fprintf(sendmail, "%s\n", hdr);
                 }                  }
Removed from v.1.1.1.4  
changed lines
  Added in v.1.1.1.4.2.1

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>