SOURCES: php-mail.patch - allow single newline only at the end of ...

arekm arekm at pld-linux.org
Fri Dec 1 11:49:55 CET 2006 

Author: arekm                        Date: Fri Dec  1 10:49:55 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- allow single newline only at the end of to/subject but never in middle

---- Files affected:
SOURCES:
   php-mail.patch (1.14 -> 1.15) 

---- Diffs:

================================================================
Index: SOURCES/php-mail.patch
diff -u SOURCES/php-mail.patch:1.14 SOURCES/php-mail.patch:1.15
--- SOURCES/php-mail.patch:1.14	Mon Jun 19 12:01:12 2006
+++ SOURCES/php-mail.patch	Fri Dec  1 11:49:50 2006
@@ -1,5 +1,6 @@
---- php-4.3.0/ext/standard/mail.c	Thu Jan  2 12:37:54 2003
-+++ php-5.1.4-mail/ext/standard/mail.c	2006-06-07 17:48:45.197705968 +0300
+diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c
+--- php-5.2.0.org/ext/standard/mail.c	2006-01-01 13:50:15.000000000 +0100
++++ php-5.2.0/ext/standard/mail.c	2006-12-01 12:46:40.000000000 +0100
 @@ -21,6 +21,8 @@
  #include <stdlib.h>
  #include <ctype.h>
@@ -19,17 +20,19 @@
  #if HAVE_SENDMAIL
  #ifdef PHP_WIN32
  #include "win32/sendmail.h"
-@@ -104,6 +109,25 @@
+@@ -104,6 +109,27 @@
  		return;
  	}
  
 +    /* check for spam attempts with buggy webforms */
-+    if (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL) {
++	if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') || (to_len && to[to_len-1] != '\n')))
++			|| (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') || (to_len && to[to_len-1] != '\r')))) {
 +        zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
 +        RETURN_FALSE;
 +    }
 +
-+    if (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL) {
++    if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') || (subject_len && subject[subject_len-1] != '\n')))
++			|| (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') || (subject_len && subject[subject_len-1] != '\r')))) {
 +        zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
 +        RETURN_FALSE;
 +    }
@@ -45,13 +48,13 @@
  	if (to_len > 0) {
  		to_r = estrndup(to, to_len);
  		for (; to_len; to_len--) {
-@@ -196,8 +220,42 @@
+@@ -228,8 +254,42 @@
  			return 0;
  		}
  #endif
 -		fprintf(sendmail, "To: %s\n", to);
 -		fprintf(sendmail, "Subject: %s\n", subject);
-+		TSRMLS_FETCH();
++		{TSRMLS_FETCH();}
 +		
 +		if ((to != NULL) && (strlen(to)!=0)) { 
 +			fprintf(sendmail, "To: %s\n", to);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/php-mail.patch?r1=1.14&r2=1.15&f=u

More information about the pld-cvs-commit mailing list