Download | Plain Text | No Line Numbers


  1. diff -Naur php-7.1.3.orig/ext/standard/mail.c php-7.1.3/ext/standard/mail.c
  2. --- php-7.1.3.orig/ext/standard/mail.c 2017-04-11 00:00:05.445903197 +0200
  3. +++ php-7.1.3/ext/standard/mail.c 2017-04-11 00:01:44.716769558 +0200
  4. @@ -64,6 +64,13 @@
  5. } \
  6. continue; \
  7. } \
  8. + else if (str[pos] == '\n' && (str[pos + 1] == ' ' || str[pos + 1] == '\t')) { \
  9. + pos += 1; \
  10. + while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
  11. + pos++; \
  12. + } \
  13. + continue; \
  14. + } \
  15.  
  16. #define MAIL_ASCIIZ_CHECK(str, len) \
  17. p = str; \
  18. @@ -96,6 +103,46 @@
  19. }
  20. /* }}} */
  21.  
  22. +static long
  23. +count_recipients(const char *str, int len, int skip_field)
  24. +{
  25. + long recipients = 0;
  26. + int got_field, i;
  27. +
  28. + if (str == NULL || len <= 0)
  29. + return 0;
  30. +
  31. + got_field = skip_field;
  32. + for (i = 0; str[i]; i++) {
  33. + /* search for mime-fields
  34. + * either at beginning or after '\n' of the string
  35. + */
  36. + if (!got_field &&
  37. + (!strncasecmp(&str[i], "To: ", strlen("To: ")) ||
  38. + !strncasecmp(&str[i], "Cc: ", strlen("Cc: ")) ||
  39. + !strncasecmp(&str[i], "Bcc: ", strlen("Bcc: "))
  40. + )) {
  41. + if (i == 0 || (i > 0 && str[i - 1] == '\n'))
  42. + got_field = 1;
  43. + }
  44. +
  45. + /* search for every '@', don't stop at long headers */
  46. + if (got_field) {
  47. + if (str[i] == '@')
  48. + recipients++;
  49. + else if (str[i] == '\n')
  50. + if (i == len - 1 || (str[i + 1] != ' ' && str[i + 1] != '\t'))
  51. + got_field = 0;
  52. + }
  53. +
  54. + /* message body starts here */
  55. + if (i > 0 && str[i - 1] == '\n' && str[i] == '\n')
  56. + break;
  57. + }
  58. +
  59. + return recipients;
  60. +}
  61. +
  62. /* {{{ proto int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
  63. Send an email message */
  64. PHP_FUNCTION(mail)
  65. @@ -106,8 +153,10 @@
  66. size_t to_len, message_len;
  67. size_t subject_len, i;
  68. char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
  69. - char *to_r, *subject_r;
  70. + char *to_r=NULL, *subject_r=NULL;
  71. char *p, *e;
  72. + long recipients = 0;
  73. + long max_recipients = INI_INT("sendmail_max_recipients");
  74.  
  75. if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|SS", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &extra_cmd) == FAILURE) {
  76. return;
  77. @@ -125,6 +174,19 @@
  78. MAIL_ASCIIZ_CHECK(ZSTR_VAL(extra_cmd), ZSTR_LEN(extra_cmd));
  79. }
  80.  
  81. + /* count recipients */
  82. + if (max_recipients > 0) {
  83. + recipients += count_recipients(to, to_len, 1);
  84. + if (headers) {
  85. + recipients += count_recipients(ZSTR_VAL(headers), ZSTR_LEN(headers), 0);
  86. + }
  87. + if (recipients > max_recipients) {
  88. + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Max recipients reached, mail not sent.");
  89. + RETVAL_FALSE;
  90. + goto end;
  91. + }
  92. + }
  93. +
  94. if (to_len > 0) {
  95. to_r = estrndup(to, to_len);
  96. for (; to_len; to_len--) {
  97. @@ -140,7 +202,9 @@
  98. * To prevent these separators from being replaced with a space, we use the
  99. * SKIP_LONG_HEADER_SEP to skip over them. */
  100. SKIP_LONG_HEADER_SEP(to_r, i);
  101. - to_r[i] = ' ';
  102. + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disallowed characters in mail parameters, mail not sent.");
  103. + RETVAL_FALSE;
  104. + goto end;
  105. }
  106. }
  107. } else {
  108. @@ -158,7 +222,9 @@
  109. for (i = 0; subject_r[i]; i++) {
  110. if (iscntrl((unsigned char) subject_r[i])) {
  111. SKIP_LONG_HEADER_SEP(subject_r, i);
  112. - subject_r[i] = ' ';
  113. + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disallowed characters in mail parameters, mail not sent.");
  114. + RETVAL_FALSE;
  115. + goto end;
  116. }
  117. }
  118. } else {
  119. @@ -177,6 +243,7 @@
  120. RETVAL_FALSE;
  121. }
  122.  
  123. +end:
  124. if (headers_trimmed) {
  125. zend_string_release(headers_trimmed);
  126. }
  127. @@ -285,10 +352,23 @@
  128. } \
  129. return val; \
  130.  
  131. + zval *zhttphost;
  132. + char *httphost = NULL;
  133. + if ((mail_log && *mail_log) || PG(mail_x_header)) {
  134. + if ((Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY || zend_is_auto_global_str(ZEND_STRL("_SERVER"))) &&
  135. + (zhttphost = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZEND_STRL("HTTP_HOST"))) != NULL &&
  136. + Z_TYPE_P(zhttphost) == IS_STRING &&
  137. + Z_STRLEN_P(zhttphost) > 0) {
  138. + httphost = Z_STRVAL_P(zhttphost);
  139. + } else {
  140. + httphost = "";
  141. + }
  142. + }
  143. +
  144. if (mail_log && *mail_log) {
  145. char *logline;
  146.  
  147. - spprintf(&logline, 0, "mail() on [%s:%d]: To: %s -- Headers: %s -- Subject: %s", zend_get_executed_filename(), zend_get_executed_lineno(), to, hdr ? hdr : "", subject);
  148. + spprintf(&logline, 0, "mail() on [%s:%d]: To: %s -- HTTP-Host: %s -- Headers: %s -- Subject: %s", zend_get_executed_filename(), zend_get_executed_lineno(), to, httphost, hdr ? hdr : "", subject);
  149.  
  150. if (hdr) {
  151. php_mail_log_crlf_to_spaces(logline);
  152. @@ -319,16 +399,12 @@
  153.  
  154. if (PG(mail_x_header)) {
  155. const char *tmp = zend_get_executed_filename();
  156. - zend_string *f;
  157. -
  158. - f = php_basename(tmp, strlen(tmp), NULL, 0);
  159.  
  160. if (headers != NULL && *headers) {
  161. - spprintf(&hdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\n%s", php_getuid(), ZSTR_VAL(f), headers);
  162. + spprintf(&hdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\nX-PHP-HTTP-Host: %s\n%s", php_getuid(), tmp, httphost, headers);
  163. } else {
  164. - spprintf(&hdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s", php_getuid(), ZSTR_VAL(f));
  165. + spprintf(&hdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\nX-PHP-HTTP-Host: %s", php_getuid(), tmp, httphost);
  166. }
  167. - zend_string_release(f);
  168. }
  169.  
  170. if (hdr && php_mail_detect_multiple_crlf(hdr)) {
  171. diff -Naur php-7.1.3.orig/main/main.c php-7.1.3/main/main.c
  172. --- php-7.1.3.orig/main/main.c 2017-04-11 00:00:05.793899229 +0200
  173. +++ php-7.1.3/main/main.c 2017-04-11 00:00:42.135484781 +0200
  174. @@ -598,6 +598,7 @@
  175. PHP_INI_ENTRY("precision", "14", PHP_INI_ALL, OnSetPrecision)
  176. PHP_INI_ENTRY("sendmail_from", NULL, PHP_INI_ALL, NULL)
  177. PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL)
  178. + PHP_INI_ENTRY("sendmail_max_recipients", "5", PHP_INI_ALL, NULL)
  179. PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra)
  180. PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
  181. PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
  182.