version 1.1.1.2, 2012/05/29 12:34:43
|
version 1.1.1.2.2.1, 2013/07/22 01:44:16
|
Line 246 PHPAPI int php_mail(char *to, char *subject, char *mes
|
Line 246 PHPAPI int php_mail(char *to, char *subject, char *mes
|
efree(f); |
efree(f); |
} |
} |
|
|
/* Patched by Giam Teck Choon */ |
|
/* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
/* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */ |
|
char *headers2=NULL; |
|
|
|
// add a header in the form |
|
// X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr> |
|
while(1) { |
|
zval **server, **remote_addr, **forwarded_for, **php_self, **server_name; |
|
|
|
if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE) |
|
break; |
|
if (Z_TYPE_PP(server)!=IS_ARRAY) |
|
break; |
|
if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE) |
|
break; |
|
if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE) |
|
forwarded_for=NULL; |
|
if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE) |
|
break; |
|
if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE) |
|
break; |
|
headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self) |
|
+(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0) |
|
+Z_STRLEN_PP(remote_addr)); |
|
strcpy(headers2, "X-PHP-Script: "); |
|
strcat(headers2, Z_STRVAL_PP(server_name)); |
|
if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) { |
|
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self)); |
|
} |
|
else { |
|
strcat(headers2, Z_STRVAL_PP(php_self)); |
|
} |
|
strcat(headers2, " for "); |
|
if (forwarded_for) { |
|
strcat(headers2, Z_STRVAL_PP(forwarded_for)); |
|
strcat(headers2, ", "); |
|
} |
|
strcat(headers2, Z_STRVAL_PP(remote_addr)); |
|
break; |
|
} |
|
/* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
|
|
if (!sendmail_path) { |
if (!sendmail_path) { |
#if (defined PHP_WIN32 || defined NETWARE) |
#if (defined PHP_WIN32 || defined NETWARE) |
/* handle old style win smtp sending */ |
/* handle old style win smtp sending */ |
Line 352 PHPAPI int php_mail(char *to, char *subject, char *mes
|
Line 309 PHPAPI int php_mail(char *to, char *subject, char *mes
|
#endif |
#endif |
fprintf(sendmail, "To: %s\n", to); |
fprintf(sendmail, "To: %s\n", to); |
fprintf(sendmail, "Subject: %s\n", subject); |
fprintf(sendmail, "Subject: %s\n", subject); |
/* Patched by Giam Teck Choon */ |
|
/* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
/* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */ |
|
if (headers2 != NULL) { |
|
fprintf(sendmail, "%s\n", headers2); |
|
efree(headers2); |
|
} |
|
/* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
if (hdr != NULL) { |
if (hdr != NULL) { |
fprintf(sendmail, "%s\n", hdr); |
fprintf(sendmail, "%s\n", hdr); |
} |
} |