SOURCES: php4-mail.patch - update from php-mail.patch

glen glen at pld-linux.org
Mon Jul 17 13:53:31 CEST 2006 

Author: glen                         Date: Mon Jul 17 11:53:31 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- update from php-mail.patch

---- Files affected:
SOURCES:
   php4-mail.patch (1.12 -> 1.13) 

---- Diffs:

================================================================
Index: SOURCES/php4-mail.patch
diff -u SOURCES/php4-mail.patch:1.12 SOURCES/php4-mail.patch:1.13
--- SOURCES/php4-mail.patch:1.12	Mon Jul 17 13:52:04 2006
+++ SOURCES/php4-mail.patch	Mon Jul 17 13:53:25 2006
@@ -1,5 +1,5 @@
---- php-4.3.0/ext/standard/mail.c.orig	Fri Nov 29 12:15:43 2002
-+++ php-4.3.0/ext/standard/mail.c	Thu Jan  2 12:37:54 2003
+--- php-4.3.0/ext/standard/mail.c	Thu Jan  2 12:37:54 2003
++++ php-5.1.4-mail/ext/standard/mail.c	2006-06-07 17:48:45.197705968 +0300
 @@ -21,6 +21,8 @@
  #include <stdlib.h>
  #include <ctype.h>
@@ -19,7 +19,33 @@
  #if HAVE_SENDMAIL
  #ifdef PHP_WIN32
  #include "win32/sendmail.h"
-@@ -196,8 +201,42 @@
+@@ -104,6 +109,25 @@
+ 		return;
+ 	}
+ 
++    /* check for spam attempts with buggy webforms */
++    if (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL) {
++        zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
++        RETURN_FALSE;
++    }
++
++    if (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL) {
++        zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
++        RETURN_FALSE;
++    }
++
++    /* search for to, cc or bcc headers */
++    if (headers != NULL) {
++        if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
++            zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
++            RETURN_FALSE;
++        }
++    }
++
+ 	if (to_len > 0) {
+ 		to_r = estrndup(to, to_len);
+ 		for (; to_len; to_len--) {
+@@ -196,8 +220,42 @@
  			return 0;
  		}
  #endif
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/php4-mail.patch?r1=1.12&r2=1.13&f=u

More information about the pld-cvs-commit mailing list