--- embedaddon/php/ext/standard/mail.c	2013/10/14 08:17:38	1.1.1.4.2.1
+++ embedaddon/php/ext/standard/mail.c	2014/06/15 20:03:57	1.1.1.5
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2013 The PHP Group                                |
+   | Copyright (c) 1997-2014 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: mail.c,v 1.1.1.4.2.1 2013/10/14 08:17:38 misho Exp $ */
+/* $Id: mail.c,v 1.1.1.5 2014/06/15 20:03:57 misho Exp $ */
 
 #include <stdlib.h>
 #include <ctype.h>
@@ -276,54 +276,11 @@ PHPAPI int php_mail(char *to, char *subject, char *mes
 		if (headers != NULL) {
 			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers);
 		} else {
-			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n", php_getuid(TSRMLS_C), f);
+			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s", php_getuid(TSRMLS_C), f);
 		}
 		efree(f);
 	}
 
-	/* Patched by Giam Teck Choon */
-	/* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
-	/* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
-	char *headers2=NULL;
-
-	// add a header in the form
-	//	X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr>
-	while(1) {
-		zval **server, **remote_addr, **forwarded_for, **php_self, **server_name;
-
-		if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE)
-			break;
-		if (Z_TYPE_PP(server)!=IS_ARRAY)
-			break;
-		if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE)
-			break;
-		if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE)
-			forwarded_for=NULL;
-		if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE)
-			break;
-		if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE)
-			break;
-		headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self)
-			+(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0)
-			+Z_STRLEN_PP(remote_addr));
-		strcpy(headers2, "X-PHP-Script: ");
-		strcat(headers2, Z_STRVAL_PP(server_name));
-		if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self));
-		}
-		else {
-			strcat(headers2, Z_STRVAL_PP(php_self));
-		}
-		strcat(headers2, " for ");
-		if (forwarded_for) {
-			strcat(headers2, Z_STRVAL_PP(forwarded_for));
-			strcat(headers2, ", ");
-		}
-		strcat(headers2, Z_STRVAL_PP(remote_addr));
-		break;
-	}
-	/* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
-
 	if (!sendmail_path) {
 #if (defined PHP_WIN32 || defined NETWARE)
 		/* handle old style win smtp sending */
@@ -387,14 +344,6 @@ PHPAPI int php_mail(char *to, char *subject, char *mes
 #endif
 		fprintf(sendmail, "To: %s\n", to);
 		fprintf(sendmail, "Subject: %s\n", subject);
-		/* Patched by Giam Teck Choon */
-		/* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
-		/* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
-		if (headers2 != NULL) {
-			fprintf(sendmail, "%s\n", headers2);
-			efree(headers2);
-		}
-		/* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
 		if (hdr != NULL) {
 			fprintf(sendmail, "%s\n", hdr);
 		}