iliaa Mon Oct 20 10:22:11 2003 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/standard mail.c
/php-src NEWS
Log:
MFH: Fixed bug #25923 (mail() modifies the to & subject arguments).
Index: php-src/ext/standard/mail.c
diff -u php-src/ext/standard/mail.c:1.66.2.10 php-src/ext/standard/mail.c:1.66.2.11
--- php-src/ext/standard/mail.c:1.66.2.10 Mon Oct 13 00:15:25 2003
+++ php-src/ext/standard/mail.c Mon Oct 20 10:22:10 2003
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mail.c,v 1.66.2.10 2003/10/13 04:15:25 iliaa Exp $ */
+/* $Id: mail.c,v 1.66.2.11 2003/10/20 14:22:10 iliaa Exp $ */
#include <stdlib.h>
#include <ctype.h>
@@ -86,6 +86,7 @@
char *subject=NULL, *extra_cmd=NULL;
int to_len, message_len, headers_len;
int subject_len, extra_cmd_len, i;
+ char *to_r, *subject_r;
if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in
effect. The fifth parameter is disabled in SAFE MODE.");
@@ -103,45 +104,51 @@
}
if (to_len > 0) {
+ to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
- if (!isspace((unsigned char) to[to_len - 1])) {
+ if (!isspace((unsigned char) to_r[to_len - 1])) {
break;
}
- to[to_len - 1] = '\0';
+ to_r[to_len - 1] = '\0';
}
- for (i = 0; to[i]; i++) {
- if (iscntrl((unsigned char) to[i])) {
+ for (i = 0; to_r[i]; i++) {
+ if (iscntrl((unsigned char) to_r[i])) {
/* According to RFC 822, section 3.1.1 long headers
may be separated into
* parts using CRLF followed at least one
linear-white-space character ('\t' or ' ').
* To prevent these separators from being replaced
with a space, we use the
* SKIP_LONG_HEADER_SEP to skip over them.
*/
- SKIP_LONG_HEADER_SEP(to, i);
- to[i] = ' ';
+ SKIP_LONG_HEADER_SEP(to_r, i);
+ to_r[i] = ' ';
}
}
+ } else {
+ to_r = to;
}
if (subject_len > 0) {
+ subject_r = estrndup(subject, subject_len);
for (; subject_len; subject_len--) {
- if (!isspace((unsigned char) subject[subject_len - 1])) {
+ if (!isspace((unsigned char) subject_r[subject_len - 1])) {
break;
}
- subject[subject_len - 1] = '\0';
+ subject_r[subject_len - 1] = '\0';
}
for(i = 0; subject[i]; i++) {
- if (iscntrl((unsigned char) subject[i])) {
- SKIP_LONG_HEADER_SEP(subject, i);
- subject[i] = ' ';
+ if (iscntrl((unsigned char) subject_r[i])) {
+ SKIP_LONG_HEADER_SEP(subject_r, i);
+ subject_r[i] = ' ';
}
}
+ } else {
+ subject_r = subject;
}
if (extra_cmd) {
extra_cmd = php_escape_shell_cmd(extra_cmd);
}
- if (php_mail(to, subject, message, headers, extra_cmd TSRMLS_CC)) {
+ if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) {
RETVAL_TRUE;
} else {
RETVAL_FALSE;
@@ -149,6 +156,12 @@
if (extra_cmd) {
efree (extra_cmd);
+ }
+ if (to_len > 0) {
+ efree(to_r);
+ }
+ if (subject_len > 0) {
+ efree(subject_r);
}
}
/* }}} */
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.439 php-src/NEWS:1.1247.2.440
--- php-src/NEWS:1.1247.2.439 Sun Oct 19 21:59:47 2003
+++ php-src/NEWS Mon Oct 20 10:22:10 2003
@@ -5,6 +5,7 @@
on request shutdown). (Wez)
- Fixed multibyte regex engine to properly handle ".*" pattern under
POSIX compatible mode. (K.Kosako <kosako at sofnec.co.jp>, Moriyoshi)
+- Fixed bug #25923 (mail() modifies the to & subject arguments). (Ilia)
- Fixed bug #25895 (Incorrect detection of safe_mode limited ini options).
(Ilia)
- Fixed bug #25836 (last key of multi-dimensional array passed via GPC not
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
