diff -Naur php-5.3.2.orig/ext/standard/mail.c php-5.3.2/ext/standard/mail.c --- php-5.3.2.orig/ext/standard/mail.c 2010-02-05 01:19:32.000000000 +0100 +++ php-5.3.2/ext/standard/mail.c 2010-06-04 03:30:51.000000000 +0200 @@ -61,6 +61,13 @@ } \ continue; \ } \ + else if (str[pos] == '\n' && (str[pos + 1] == ' ' || str[pos + 1] == '\t')) { \ + pos += 1; \ + while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \ + pos++; \ + } \ + continue; \ + } \ #define MAIL_ASCIIZ_CHECK(str, len) \ p = str; \ @@ -93,6 +100,46 @@ } /* }}} */ +static long +count_recipients(const char *str, int len, int skip_field) +{ + long recipients = 0; + int got_field, i; + + if (str == NULL || len <= 0) + return 0; + + got_field = skip_field; + for (i = 0; str[i]; i++) { + /* search for mime-fields + * either at beginning or after '\n' of the string + */ + if (!got_field && + (!strncasecmp(&str[i], "To: ", strlen("To: ")) || + !strncasecmp(&str[i], "Cc: ", strlen("Cc: ")) || + !strncasecmp(&str[i], "Bcc: ", strlen("Bcc: ")) + )) { + if (i == 0 || (i > 0 && str[i - 1] == '\n')) + got_field = 1; + } + + /* search for every '@', don't stop at long headers */ + if (got_field) { + if (str[i] == '@') + recipients++; + else if (str[i] == '\n') + if (i == len - 1 || (str[i + 1] != ' ' && str[i + 1] != '\t')) + got_field = 0; + } + + /* message body starts here */ + if (i > 0 && str[i - 1] == '\n' && str[i] == '\n') + break; + } + + return recipients; +} + /* {{{ proto int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]]) Send an email message */ PHP_FUNCTION(mail) @@ -104,6 +151,8 @@ char *force_extra_parameters = INI_STR("mail.force_extra_parameters"); char *to_r, *subject_r; char *p, *e; + long recipients = 0; + long max_recipients = INI_INT("sendmail_max_recipients"); if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE"); @@ -127,6 +176,16 @@ MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len); } + /* count recipients */ + if (max_recipients > 0) { + recipients += count_recipients(to, to_len, 1); + recipients += count_recipients(headers, headers_len, 0); + if (recipients > max_recipients) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Max recipients reached, mail not sent."); + RETURN_FALSE; + } + } + if (to_len > 0) { to_r = estrndup(to, to_len); for (; to_len; to_len--) { @@ -142,7 +201,10 @@ * To prevent these separators from being replaced with a space, we use the * SKIP_LONG_HEADER_SEP to skip over them. */ SKIP_LONG_HEADER_SEP(to_r, i); - to_r[i] = ' '; + //to_r[i] = ' '; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disallowed characters in mail parameters, mail not sent."); + efree(to_r); + RETURN_FALSE; } } } else { @@ -160,7 +222,10 @@ for (i = 0; subject_r[i]; i++) { if (iscntrl((unsigned char) subject_r[i])) { SKIP_LONG_HEADER_SEP(subject_r, i); - subject_r[i] = ' '; + //subject_r[i] = ' '; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disallowed characters in mail parameters, mail not sent."); + efree(subject_r); + RETURN_FALSE; } } } else { @@ -215,9 +280,22 @@ } \ return val; \ + zval **hgdata; + char *httphost = NULL; + if (mail_log || PG(mail_x_header)) { + zend_is_auto_global("_SERVER", sizeof("_SERVER") - 1 TSRMLS_CC); + if (PG(http_globals)[TRACK_VARS_SERVER] && + zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_HOST", + sizeof("HTTP_HOST"), (void **) &hgdata) == SUCCESS && + Z_TYPE_PP(hgdata) == IS_STRING && + Z_STRLEN_PP(hgdata) != 0) { + httphost = Z_STRVAL_PP(hgdata); + } + } + if (mail_log && *mail_log) { char *tmp; - int l = spprintf(&tmp, 0, "mail() on [%s:%d]: To: %s -- Headers: %s\n", zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), to, hdr ? hdr : ""); + int l = spprintf(&tmp, 0, "mail() on [%s:%d]: To: %s -- HTTP-Host: %s -- Headers: %s\n", zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), to, httphost ? httphost : "", hdr ? hdr : ""); php_stream *stream = php_stream_open_wrapper(mail_log, "a", IGNORE_URL_WIN | REPORT_ERRORS | STREAM_DISABLE_OPEN_BASEDIR, NULL); if (hdr) { /* find all \r\n instances and replace them with spaces, so a log line is always one line long */ @@ -238,14 +316,14 @@ char *f; size_t f_len; - php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC); + //php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC); if (headers != NULL) { - spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(), f, headers); + spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\nX-PHP-HTTP-Host: %s\n%s", php_getuid(), tmp, httphost ? httphost : "", headers); } else { - spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n", php_getuid(), f); + spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\nX-PHP-HTTP-Host: %s\n", php_getuid(), tmp, httphost ? httphost : ""); } - efree(f); + //efree(f); } if (!sendmail_path) { diff -Naur php-5.3.2.orig/main/main.c php-5.3.2/main/main.c --- php-5.3.2.orig/main/main.c 2010-02-04 10:21:02.000000000 +0100 +++ php-5.3.2/main/main.c 2010-06-04 03:30:32.000000000 +0200 @@ -513,6 +513,7 @@ PHP_INI_ENTRY("precision", "14", PHP_INI_ALL, OnSetPrecision) PHP_INI_ENTRY("sendmail_from", NULL, PHP_INI_ALL, NULL) PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("sendmail_max_recipients", "5", PHP_INI_ALL, NULL) PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra) PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)