Download | Plain Text | Line Numbers
diff -Naur php-5.6.30.orig/ext/standard/mail.c php-5.6.30/ext/standard/mail.c
--- php-5.6.30.orig/ext/standard/mail.c 2017-01-19 01:17:47.000000000 +0100
+++ php-5.6.30/ext/standard/mail.c 2017-04-11 00:07:12.975016023 +0200
@@ -64,6 +64,13 @@
} \
continue; \
} \
+ else if (str[pos] == '\n' && (str[pos + 1] == ' ' || str[pos + 1] == '\t')) { \
+ pos += 1; \
+ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
+ pos++; \
+ } \
+ continue; \
+ } \
#define MAIL_ASCIIZ_CHECK(str, len) \
p = str; \
@@ -96,6 +103,46 @@
}
/* }}} */
+static long
+count_recipients(const char *str, int len, int skip_field)
+{
+ long recipients = 0;
+ int got_field, i;
+
+ if (str == NULL || len <= 0)
+ return 0;
+
+ got_field = skip_field;
+ for (i = 0; str[i]; i++) {
+ /* search for mime-fields
+ * either at beginning or after '\n' of the string
+ */
+ if (!got_field &&
+ (!strncasecmp(&str[i], "To: ", strlen("To: ")) ||
+ !strncasecmp(&str[i], "Cc: ", strlen("Cc: ")) ||
+ !strncasecmp(&str[i], "Bcc: ", strlen("Bcc: "))
+ )) {
+ if (i == 0 || (i > 0 && str[i - 1] == '\n'))
+ got_field = 1;
+ }
+
+ /* search for every '@', don't stop at long headers */
+ if (got_field) {
+ if (str[i] == '@')
+ recipients++;
+ else if (str[i] == '\n')
+ if (i == len - 1 || (str[i + 1] != ' ' && str[i + 1] != '\t'))
+ got_field = 0;
+ }
+
+ /* message body starts here */
+ if (i > 0 && str[i - 1] == '\n' && str[i] == '\n')
+ break;
+ }
+
+ return recipients;
+}
+
/* {{{ proto int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
Send an email message */
PHP_FUNCTION(mail)
@@ -107,6 +154,8 @@
char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
char *to_r, *subject_r;
char *p, *e;
+ long recipients = 0;
+ long max_recipients = INI_INT("sendmail_max_recipients");
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) {
return;
@@ -124,6 +173,16 @@
MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
}
+ /* count recipients */
+ if (max_recipients > 0) {
+ recipients += count_recipients(to, to_len, 1);
+ recipients += count_recipients(headers, headers_len, 0);
+ if (recipients > max_recipients) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Max recipients reached, mail not sent.");
+ RETURN_FALSE;
+ }
+ }
+
if (to_len > 0) {
to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
@@ -139,7 +198,10 @@
* To prevent these separators from being replaced with a space, we use the
* SKIP_LONG_HEADER_SEP to skip over them. */
SKIP_LONG_HEADER_SEP(to_r, i);
- to_r[i] = ' ';
+ //to_r[i] = ' ';
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disallowed characters in mail parameters, mail not sent.");
+ efree(to_r);
+ RETURN_FALSE;
}
}
} else {
@@ -157,7 +219,10 @@
for (i = 0; subject_r[i]; i++) {
if (iscntrl((unsigned char) subject_r[i])) {
SKIP_LONG_HEADER_SEP(subject_r, i);
- subject_r[i] = ' ';
+ //subject_r[i] = ' ';
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disallowed characters in mail parameters, mail not sent.");
+ efree(subject_r);
+ RETURN_FALSE;
}
}
} else {
@@ -284,6 +349,19 @@
} \
return val; \
+ zval **hgdata;
+ char *httphost = NULL;
+ if (mail_log || PG(mail_x_header)) {
+ zend_is_auto_global("_SERVER", sizeof("_SERVER") - 1 TSRMLS_CC);
+ if (PG(http_globals)[TRACK_VARS_SERVER] &&
+ zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_HOST",
+ sizeof("HTTP_HOST"), (void **) &hgdata) == SUCCESS &&
+ Z_TYPE_PP(hgdata) == IS_STRING &&
+ Z_STRLEN_PP(hgdata) != 0) {
+ httphost = Z_STRVAL_PP(hgdata);
+ }
+ }
+
if (mail_log && *mail_log) {
char *tmp, *date_str;
time_t curtime;
@@ -292,7 +370,7 @@
time(&curtime);
date_str = php_format_date("d-M-Y H:i:s e", 13, curtime, 1 TSRMLS_CC);
- l = spprintf(&tmp, 0, "[%s] mail() on [%s:%d]: To: %s -- Headers: %s\n", date_str, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), to, hdr ? hdr : "");
+ l = spprintf(&tmp, 0, "[%s] mail() on [%s:%d]: To: %s -- HTTP-Host: %s -- Headers: %s\n", date_str, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), to, httphost ? httphost : "", hdr ? hdr : "");
efree(date_str);
@@ -316,17 +394,12 @@
if (PG(mail_x_header)) {
const char *tmp = zend_get_executed_filename(TSRMLS_C);
- char *f;
- size_t f_len;
-
- php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC);
if (headers != NULL && *headers) {
- spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers);
+ spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\nX-PHP-HTTP-Host: %s\n%s", php_getuid(TSRMLS_C), tmp, httphost ? httphost : "", headers);
} else {
- spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s", php_getuid(TSRMLS_C), f);
+ spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\nX-PHP-HTTP-Host: %s", php_getuid(TSRMLS_C), tmp, httphost ? httphost : "");
}
- efree(f);
}
if (hdr && php_mail_detect_multiple_crlf(hdr)) {
diff -Naur php-5.6.30.orig/main/main.c php-5.6.30/main/main.c
--- php-5.6.30.orig/main/main.c 2017-01-19 01:17:47.000000000 +0100
+++ php-5.6.30/main/main.c 2017-04-11 00:07:12.976016012 +0200
@@ -624,6 +624,7 @@
PHP_INI_ENTRY("precision", "14", PHP_INI_ALL, OnSetPrecision)
PHP_INI_ENTRY("sendmail_from", NULL, PHP_INI_ALL, NULL)
PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL)
+ PHP_INI_ENTRY("sendmail_max_recipients", "5", PHP_INI_ALL, NULL)
PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra)
PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)