|
version 1.1.1.4.2.1, 2013/10/14 08:17:38
|
version 1.1.1.5, 2014/06/15 20:03:57
|
|
Line 2
|
Line 2
|
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | PHP Version 5 | |
| PHP Version 5 | |
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | Copyright (c) 1997-2013 The PHP Group | | | Copyright (c) 1997-2014 The PHP Group | |
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | This source file is subject to version 3.01 of the PHP license, | |
| This source file is subject to version 3.01 of the PHP license, | |
| | that is bundled with this package in the file LICENSE, and is | |
| that is bundled with this package in the file LICENSE, and is | |
|
Line 276 PHPAPI int php_mail(char *to, char *subject, char *mes
|
Line 276 PHPAPI int php_mail(char *to, char *subject, char *mes
|
| if (headers != NULL) { |
if (headers != NULL) { |
| spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers); |
spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers); |
| } else { |
} else { |
| spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n", php_getuid(TSRMLS_C), f); | spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s", php_getuid(TSRMLS_C), f); |
| } |
} |
| efree(f); |
efree(f); |
| } |
} |
| |
|
| /* Patched by Giam Teck Choon */ |
|
| /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
| /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */ |
|
| char *headers2=NULL; |
|
| |
|
| // add a header in the form |
|
| // X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr> |
|
| while(1) { |
|
| zval **server, **remote_addr, **forwarded_for, **php_self, **server_name; |
|
| |
|
| if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE) |
|
| break; |
|
| if (Z_TYPE_PP(server)!=IS_ARRAY) |
|
| break; |
|
| if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE) |
|
| break; |
|
| if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE) |
|
| forwarded_for=NULL; |
|
| if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE) |
|
| break; |
|
| if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE) |
|
| break; |
|
| headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self) |
|
| +(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0) |
|
| +Z_STRLEN_PP(remote_addr)); |
|
| strcpy(headers2, "X-PHP-Script: "); |
|
| strcat(headers2, Z_STRVAL_PP(server_name)); |
|
| if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) { |
|
| php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self)); |
|
| } |
|
| else { |
|
| strcat(headers2, Z_STRVAL_PP(php_self)); |
|
| } |
|
| strcat(headers2, " for "); |
|
| if (forwarded_for) { |
|
| strcat(headers2, Z_STRVAL_PP(forwarded_for)); |
|
| strcat(headers2, ", "); |
|
| } |
|
| strcat(headers2, Z_STRVAL_PP(remote_addr)); |
|
| break; |
|
| } |
|
| /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
| |
|
| if (!sendmail_path) { |
if (!sendmail_path) { |
| #if (defined PHP_WIN32 || defined NETWARE) |
#if (defined PHP_WIN32 || defined NETWARE) |
| /* handle old style win smtp sending */ |
/* handle old style win smtp sending */ |
|
Line 387 PHPAPI int php_mail(char *to, char *subject, char *mes
|
Line 344 PHPAPI int php_mail(char *to, char *subject, char *mes
|
| #endif |
#endif |
| fprintf(sendmail, "To: %s\n", to); |
fprintf(sendmail, "To: %s\n", to); |
| fprintf(sendmail, "Subject: %s\n", subject); |
fprintf(sendmail, "Subject: %s\n", subject); |
| /* Patched by Giam Teck Choon */ |
|
| /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
| /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */ |
|
| if (headers2 != NULL) { |
|
| fprintf(sendmail, "%s\n", headers2); |
|
| efree(headers2); |
|
| } |
|
| /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */ |
|
| if (hdr != NULL) { |
if (hdr != NULL) { |
| fprintf(sendmail, "%s\n", hdr); |
fprintf(sendmail, "%s\n", hdr); |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mail.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / standard