Annotation of embedaddon/php/ext/standard/mail.c, revision 1.1.1.4.2.1
1.1 misho 1: /*
2: +----------------------------------------------------------------------+
3: | PHP Version 5 |
4: +----------------------------------------------------------------------+
1.1.1.3 misho 5: | Copyright (c) 1997-2013 The PHP Group |
1.1 misho 6: +----------------------------------------------------------------------+
7: | This source file is subject to version 3.01 of the PHP license, |
8: | that is bundled with this package in the file LICENSE, and is |
9: | available through the world-wide-web at the following url: |
10: | http://www.php.net/license/3_01.txt |
11: | If you did not receive a copy of the PHP license and are unable to |
12: | obtain it through the world-wide-web, please send a note to |
13: | license@php.net so we can mail you a copy immediately. |
14: +----------------------------------------------------------------------+
15: | Author: Rasmus Lerdorf <rasmus@php.net> |
16: +----------------------------------------------------------------------+
17: */
18:
1.1.1.4.2.1! misho 19: /* $Id: mail.c,v 1.1.1.4 2013/10/14 08:02:34 misho Exp $ */
1.1 misho 20:
21: #include <stdlib.h>
22: #include <ctype.h>
23: #include <stdio.h>
24: #include "php.h"
25: #include "ext/standard/info.h"
26: #include "ext/standard/php_string.h"
27: #include "ext/standard/basic_functions.h"
28:
29: #if HAVE_SYSEXITS_H
30: #include <sysexits.h>
31: #endif
32: #if HAVE_SYS_SYSEXITS_H
33: #include <sys/sysexits.h>
34: #endif
35:
36: #if PHP_SIGCHILD
37: #if HAVE_SIGNAL_H
38: #include <signal.h>
39: #endif
40: #endif
41:
1.1.1.3 misho 42: #include "php_syslog.h"
1.1 misho 43: #include "php_mail.h"
44: #include "php_ini.h"
45: #include "php_string.h"
46: #include "exec.h"
47:
48: #ifdef PHP_WIN32
49: #include "win32/sendmail.h"
50: #endif
51:
52: #ifdef NETWARE
53: #define EX_OK 0 /* successful termination */
54: #define EX_TEMPFAIL 75 /* temp failure; user is invited to retry */
55: #endif
56:
57: #define SKIP_LONG_HEADER_SEP(str, pos) \
58: if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
59: pos += 2; \
60: while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
61: pos++; \
62: } \
63: continue; \
64: } \
65:
66: #define MAIL_ASCIIZ_CHECK(str, len) \
67: p = str; \
68: e = p + len; \
69: while ((p = memchr(p, '\0', (e - p)))) { \
70: *p = ' '; \
71: } \
72:
1.1.1.2 misho 73: extern long php_getuid(TSRMLS_D);
1.1 misho 74:
75: /* {{{ proto int ezmlm_hash(string addr)
76: Calculate EZMLM list hash value. */
77: PHP_FUNCTION(ezmlm_hash)
78: {
79: char *str = NULL;
80: unsigned int h = 5381;
81: int j, str_len;
82:
83: if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) {
84: return;
85: }
86:
87: for (j = 0; j < str_len; j++) {
88: h = (h + (h << 5)) ^ (unsigned long) (unsigned char) tolower(str[j]);
89: }
90:
91: h = (h % 53);
92:
93: RETURN_LONG((int) h);
94: }
95: /* }}} */
96:
97: /* {{{ proto int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
98: Send an email message */
99: PHP_FUNCTION(mail)
100: {
101: char *to=NULL, *message=NULL, *headers=NULL, *headers_trimmed=NULL;
102: char *subject=NULL, *extra_cmd=NULL;
103: int to_len, message_len, headers_len = 0;
104: int subject_len, extra_cmd_len = 0, i;
105: char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
106: char *to_r, *subject_r;
107: char *p, *e;
108:
1.1.1.2 misho 109: if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) {
1.1 misho 110: return;
111: }
112:
113: /* ASCIIZ check */
114: MAIL_ASCIIZ_CHECK(to, to_len);
115: MAIL_ASCIIZ_CHECK(subject, subject_len);
116: MAIL_ASCIIZ_CHECK(message, message_len);
117: if (headers) {
118: MAIL_ASCIIZ_CHECK(headers, headers_len);
119: headers_trimmed = php_trim(headers, headers_len, NULL, 0, NULL, 2 TSRMLS_CC);
120: }
121: if (extra_cmd) {
122: MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
123: }
124:
125: if (to_len > 0) {
126: to_r = estrndup(to, to_len);
127: for (; to_len; to_len--) {
128: if (!isspace((unsigned char) to_r[to_len - 1])) {
129: break;
130: }
131: to_r[to_len - 1] = '\0';
132: }
133: for (i = 0; to_r[i]; i++) {
134: if (iscntrl((unsigned char) to_r[i])) {
135: /* According to RFC 822, section 3.1.1 long headers may be separated into
136: * parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
137: * To prevent these separators from being replaced with a space, we use the
138: * SKIP_LONG_HEADER_SEP to skip over them. */
139: SKIP_LONG_HEADER_SEP(to_r, i);
140: to_r[i] = ' ';
141: }
142: }
143: } else {
144: to_r = to;
145: }
146:
147: if (subject_len > 0) {
148: subject_r = estrndup(subject, subject_len);
149: for (; subject_len; subject_len--) {
150: if (!isspace((unsigned char) subject_r[subject_len - 1])) {
151: break;
152: }
153: subject_r[subject_len - 1] = '\0';
154: }
155: for (i = 0; subject_r[i]; i++) {
156: if (iscntrl((unsigned char) subject_r[i])) {
157: SKIP_LONG_HEADER_SEP(subject_r, i);
158: subject_r[i] = ' ';
159: }
160: }
161: } else {
162: subject_r = subject;
163: }
164:
165: if (force_extra_parameters) {
166: extra_cmd = php_escape_shell_cmd(force_extra_parameters);
167: } else if (extra_cmd) {
168: extra_cmd = php_escape_shell_cmd(extra_cmd);
169: }
170:
171: if (php_mail(to_r, subject_r, message, headers_trimmed, extra_cmd TSRMLS_CC)) {
172: RETVAL_TRUE;
173: } else {
174: RETVAL_FALSE;
175: }
176:
177: if (headers_trimmed) {
178: efree(headers_trimmed);
179: }
180:
181: if (extra_cmd) {
182: efree (extra_cmd);
183: }
184: if (to_r != to) {
185: efree(to_r);
186: }
187: if (subject_r != subject) {
188: efree(subject_r);
189: }
190: }
191: /* }}} */
192:
1.1.1.3 misho 193:
194: void php_mail_log_crlf_to_spaces(char *message) {
195: /* Find all instances of carriage returns or line feeds and
196: * replace them with spaces. Thus, a log line is always one line
197: * long
198: */
199: char *p = message;
200: while ((p = strpbrk(p, "\r\n"))) {
201: *p = ' ';
202: }
203: }
204:
205: void php_mail_log_to_syslog(char *message) {
206: /* Write 'message' to syslog. */
207: #ifdef HAVE_SYSLOG_H
208: php_syslog(LOG_NOTICE, "%s", message);
209: #endif
210: }
211:
212:
213: void php_mail_log_to_file(char *filename, char *message, size_t message_size TSRMLS_DC) {
214: /* Write 'message' to the given file. */
215: uint flags = IGNORE_URL_WIN | REPORT_ERRORS | STREAM_DISABLE_OPEN_BASEDIR;
216: php_stream *stream = php_stream_open_wrapper(filename, "a", flags, NULL);
217: if (stream) {
218: php_stream_write(stream, message, message_size);
219: php_stream_close(stream);
220: }
221: }
222:
223:
1.1 misho 224: /* {{{ php_mail
225: */
226: PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char *extra_cmd TSRMLS_DC)
227: {
228: #if (defined PHP_WIN32 || defined NETWARE)
229: int tsm_err;
230: char *tsm_errmsg = NULL;
231: #endif
232: FILE *sendmail;
233: int ret;
234: char *sendmail_path = INI_STR("sendmail_path");
235: char *sendmail_cmd = NULL;
236: char *mail_log = INI_STR("mail.log");
237: char *hdr = headers;
238: #if PHP_SIGCHILD
239: void (*sig_handler)() = NULL;
240: #endif
241:
242: #define MAIL_RET(val) \
243: if (hdr != headers) { \
244: efree(hdr); \
245: } \
246: return val; \
247:
248: if (mail_log && *mail_log) {
249: char *tmp;
250: int l = spprintf(&tmp, 0, "mail() on [%s:%d]: To: %s -- Headers: %s\n", zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), to, hdr ? hdr : "");
251:
1.1.1.3 misho 252: if (hdr) {
253: php_mail_log_crlf_to_spaces(tmp);
1.1 misho 254: }
1.1.1.3 misho 255:
256: if (!strcmp(mail_log, "syslog")) {
257: /* Drop the final space when logging to syslog. */
258: tmp[l - 1] = 0;
259: php_mail_log_to_syslog(tmp);
1.1 misho 260: }
1.1.1.3 misho 261: else {
262: /* Convert the final space to a newline when logging to file. */
263: tmp[l - 1] = '\n';
264: php_mail_log_to_file(mail_log, tmp, l TSRMLS_CC);
265: }
266:
1.1 misho 267: efree(tmp);
268: }
269: if (PG(mail_x_header)) {
1.1.1.2 misho 270: const char *tmp = zend_get_executed_filename(TSRMLS_C);
1.1 misho 271: char *f;
272: size_t f_len;
273:
274: php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC);
275:
276: if (headers != NULL) {
1.1.1.2 misho 277: spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers);
1.1 misho 278: } else {
1.1.1.2 misho 279: spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n", php_getuid(TSRMLS_C), f);
1.1 misho 280: }
281: efree(f);
282: }
283:
1.1.1.4.2.1! misho 284: /* Patched by Giam Teck Choon */
! 285: /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
! 286: /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
! 287: char *headers2=NULL;
! 288:
! 289: // add a header in the form
! 290: // X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr>
! 291: while(1) {
! 292: zval **server, **remote_addr, **forwarded_for, **php_self, **server_name;
! 293:
! 294: if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE)
! 295: break;
! 296: if (Z_TYPE_PP(server)!=IS_ARRAY)
! 297: break;
! 298: if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE)
! 299: break;
! 300: if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE)
! 301: forwarded_for=NULL;
! 302: if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE)
! 303: break;
! 304: if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE)
! 305: break;
! 306: headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self)
! 307: +(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0)
! 308: +Z_STRLEN_PP(remote_addr));
! 309: strcpy(headers2, "X-PHP-Script: ");
! 310: strcat(headers2, Z_STRVAL_PP(server_name));
! 311: if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) {
! 312: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self));
! 313: }
! 314: else {
! 315: strcat(headers2, Z_STRVAL_PP(php_self));
! 316: }
! 317: strcat(headers2, " for ");
! 318: if (forwarded_for) {
! 319: strcat(headers2, Z_STRVAL_PP(forwarded_for));
! 320: strcat(headers2, ", ");
! 321: }
! 322: strcat(headers2, Z_STRVAL_PP(remote_addr));
! 323: break;
! 324: }
! 325: /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
! 326:
1.1 misho 327: if (!sendmail_path) {
328: #if (defined PHP_WIN32 || defined NETWARE)
329: /* handle old style win smtp sending */
330: if (TSendMail(INI_STR("SMTP"), &tsm_err, &tsm_errmsg, hdr, subject, to, message, NULL, NULL, NULL TSRMLS_CC) == FAILURE) {
331: if (tsm_errmsg) {
332: php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", tsm_errmsg);
333: efree(tsm_errmsg);
334: } else {
335: php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", GetSMErrorText(tsm_err));
336: }
337: MAIL_RET(0);
338: }
339: MAIL_RET(1);
340: #else
341: MAIL_RET(0);
342: #endif
343: }
344: if (extra_cmd != NULL) {
345: spprintf(&sendmail_cmd, 0, "%s %s", sendmail_path, extra_cmd);
346: } else {
347: sendmail_cmd = sendmail_path;
348: }
349:
350: #if PHP_SIGCHILD
351: /* Set signal handler of SIGCHLD to default to prevent other signal handlers
352: * from being called and reaping the return code when our child exits.
353: * The original handler needs to be restored after pclose() */
354: sig_handler = (void *)signal(SIGCHLD, SIG_DFL);
355: if (sig_handler == SIG_ERR) {
356: sig_handler = NULL;
357: }
358: #endif
359:
360: #ifdef PHP_WIN32
1.1.1.2 misho 361: sendmail = popen_ex(sendmail_cmd, "wb", NULL, NULL TSRMLS_CC);
1.1 misho 362: #else
363: /* Since popen() doesn't indicate if the internal fork() doesn't work
1.1.1.4 misho 364: * (e.g. the shell can't be executed) we explicitly set it to 0 to be
1.1 misho 365: * sure we don't catch any older errno value. */
366: errno = 0;
367: sendmail = popen(sendmail_cmd, "w");
368: #endif
369: if (extra_cmd != NULL) {
370: efree (sendmail_cmd);
371: }
372:
373: if (sendmail) {
374: #ifndef PHP_WIN32
375: if (EACCES == errno) {
376: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Permission denied: unable to execute shell to run mail delivery binary '%s'", sendmail_path);
377: pclose(sendmail);
378: #if PHP_SIGCHILD
379: /* Restore handler in case of error on Windows
380: Not sure if this applicable on Win but just in case. */
381: if (sig_handler) {
382: signal(SIGCHLD, sig_handler);
383: }
384: #endif
385: MAIL_RET(0);
386: }
387: #endif
388: fprintf(sendmail, "To: %s\n", to);
389: fprintf(sendmail, "Subject: %s\n", subject);
1.1.1.4.2.1! misho 390: /* Patched by Giam Teck Choon */
! 391: /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
! 392: /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
! 393: if (headers2 != NULL) {
! 394: fprintf(sendmail, "%s\n", headers2);
! 395: efree(headers2);
! 396: }
! 397: /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
1.1 misho 398: if (hdr != NULL) {
399: fprintf(sendmail, "%s\n", hdr);
400: }
401: fprintf(sendmail, "\n%s\n", message);
402: ret = pclose(sendmail);
403:
404: #if PHP_SIGCHILD
405: if (sig_handler) {
406: signal(SIGCHLD, sig_handler);
407: }
408: #endif
409:
410: #ifdef PHP_WIN32
411: if (ret == -1)
412: #else
413: #if defined(EX_TEMPFAIL)
414: if ((ret != EX_OK)&&(ret != EX_TEMPFAIL))
415: #elif defined(EX_OK)
416: if (ret != EX_OK)
417: #else
418: if (ret != 0)
419: #endif
420: #endif
421: {
422: MAIL_RET(0);
423: } else {
424: MAIL_RET(1);
425: }
426: } else {
427: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not execute mail delivery program '%s'", sendmail_path);
428: #if PHP_SIGCHILD
429: if (sig_handler) {
430: signal(SIGCHLD, sig_handler);
431: }
432: #endif
433: MAIL_RET(0);
434: }
435:
436: MAIL_RET(1); /* never reached */
437: }
438: /* }}} */
439:
440: /* {{{ PHP_MINFO_FUNCTION
441: */
442: PHP_MINFO_FUNCTION(mail)
443: {
444: char *sendmail_path = INI_STR("sendmail_path");
445:
446: #ifdef PHP_WIN32
447: if (!sendmail_path) {
448: php_info_print_table_row(2, "Internal Sendmail Support for Windows", "enabled");
449: } else {
450: php_info_print_table_row(2, "Path to sendmail", sendmail_path);
451: }
452: #else
453: php_info_print_table_row(2, "Path to sendmail", sendmail_path);
454: #endif
455: }
456: /* }}} */
457:
458: /*
459: * Local variables:
460: * tab-width: 4
461: * c-basic-offset: 4
462: * End:
463: * vim600: sw=4 ts=4 fdm=marker
464: * vim<600: sw=4 ts=4
465: */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mail.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / standard