SOURCES: php-mail.patch - only block mail if to/subject was specif...

arekm arekm at pld-linux.org
Fri Dec 1 13:29:29 CET 2006 

Author: arekm                        Date: Fri Dec  1 12:29:29 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- only block mail if to/subject was specified in additional headers which is forbidden

---- Files affected:
SOURCES:
   php-mail.patch (1.16 -> 1.17) 

---- Diffs:

================================================================
Index: SOURCES/php-mail.patch
diff -u SOURCES/php-mail.patch:1.16 SOURCES/php-mail.patch:1.17
--- SOURCES/php-mail.patch:1.16	Fri Dec  1 11:54:45 2006
+++ SOURCES/php-mail.patch	Fri Dec  1 13:29:23 2006
@@ -1,6 +1,6 @@
-diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c
+diff -ur php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c
 --- php-5.2.0.org/ext/standard/mail.c	2006-01-01 13:50:15.000000000 +0100
-+++ php-5.2.0/ext/standard/mail.c	2006-12-01 12:46:40.000000000 +0100
++++ php-5.2.0/ext/standard/mail.c	2006-12-01 14:20:27.881416250 +0100
 @@ -21,6 +21,8 @@
  #include <stdlib.h>
  #include <ctype.h>
@@ -20,27 +20,18 @@
  #if HAVE_SENDMAIL
  #ifdef PHP_WIN32
  #include "win32/sendmail.h"
-@@ -104,6 +109,27 @@
+@@ -104,6 +109,18 @@
  		return;
  	}
  
-+    /* check for spam attempts with buggy webforms */
-+	if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') || (to_len && to[to_len-1] != '\n')))
-+			|| (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') || (to_len && to[to_len-1] != '\r')))) {
-+        zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent.");
-+        RETURN_FALSE;
-+    }
-+
-+    if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') || (subject_len && subject[subject_len-1] != '\n')))
-+			|| (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') || (subject_len && subject[subject_len-1] != '\r')))) {
-+        zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent.");
-+        RETURN_FALSE;
-+    }
-+
-+    /* search for to, cc or bcc headers */
++    /* search for To: and Subject: headers which should be specified in proper mail() parameters, not in additional headers */
 +    if (headers != NULL) {
 +        if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || strcasestr(headers, "\nto:")) {
-+            zend_error(E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
++            php_error_docref(NULL TSRMLS_CC, E_WARNING, "To: headers aren't allowed in the additional_headers parameter. Use $to parameter for that. Mail not sent.");
++            RETURN_FALSE;
++        }
++        if (strncasecmp(headers, "subject:", sizeof("subject:") - 1) == 0 || strcasestr(headers, "\nsubject:")) {
++            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject: headers aren't allowed in the additional_headers parameter. Use $subject parameter for that. Mail not sent.");
 +            RETURN_FALSE;
 +        }
 +    }
@@ -48,7 +39,7 @@
  	if (to_len > 0) {
  		to_r = estrndup(to, to_len);
  		for (; to_len; to_len--) {
-@@ -228,8 +254,42 @@
+@@ -228,8 +245,42 @@
  			return 0;
  		}
  #endif
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/php-mail.patch?r1=1.16&r2=1.17&f=u

More information about the pld-cvs-commit mailing list