iliaa Mon Oct 20 10:22:11 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard mail.c /php-src NEWS Log: MFH: Fixed bug #25923 (mail() modifies the to & subject arguments). Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.66.2.10 php-src/ext/standard/mail.c:1.66.2.11 --- php-src/ext/standard/mail.c:1.66.2.10 Mon Oct 13 00:15:25 2003 +++ php-src/ext/standard/mail.c Mon Oct 20 10:22:10 2003 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: mail.c,v 1.66.2.10 2003/10/13 04:15:25 iliaa Exp $ */ +/* $Id: mail.c,v 1.66.2.11 2003/10/20 14:22:10 iliaa Exp $ */ #include <stdlib.h> #include <ctype.h> @@ -86,6 +86,7 @@ char *subject=NULL, *extra_cmd=NULL; int to_len, message_len, headers_len; int subject_len, extra_cmd_len, i; + char *to_r, *subject_r; if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE."); @@ -103,45 +104,51 @@ } if (to_len > 0) { + to_r = estrndup(to, to_len); for (; to_len; to_len--) { - if (!isspace((unsigned char) to[to_len - 1])) { + if (!isspace((unsigned char) to_r[to_len - 1])) { break; } - to[to_len - 1] = '\0'; + to_r[to_len - 1] = '\0'; } - for (i = 0; to[i]; i++) { - if (iscntrl((unsigned char) to[i])) { + for (i = 0; to_r[i]; i++) { + if (iscntrl((unsigned char) to_r[i])) { /* According to RFC 822, section 3.1.1 long headers may be separated into * parts using CRLF followed at least one linear-white-space character ('\t' or ' '). * To prevent these separators from being replaced with a space, we use the * SKIP_LONG_HEADER_SEP to skip over them. */ - SKIP_LONG_HEADER_SEP(to, i); - to[i] = ' '; + SKIP_LONG_HEADER_SEP(to_r, i); + to_r[i] = ' '; } } + } else { + to_r = to; } if (subject_len > 0) { + subject_r = estrndup(subject, subject_len); for (; subject_len; subject_len--) { - if (!isspace((unsigned char) subject[subject_len - 1])) { + if (!isspace((unsigned char) subject_r[subject_len - 1])) { break; } - subject[subject_len - 1] = '\0'; + subject_r[subject_len - 1] = '\0'; } for(i = 0; subject[i]; i++) { - if (iscntrl((unsigned char) subject[i])) { - SKIP_LONG_HEADER_SEP(subject, i); - subject[i] = ' '; + if (iscntrl((unsigned char) subject_r[i])) { + SKIP_LONG_HEADER_SEP(subject_r, i); + subject_r[i] = ' '; } } + } else { + subject_r = subject; } if (extra_cmd) { extra_cmd = php_escape_shell_cmd(extra_cmd); } - if (php_mail(to, subject, message, headers, extra_cmd TSRMLS_CC)) { + if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) { RETVAL_TRUE; } else { RETVAL_FALSE; @@ -149,6 +156,12 @@ if (extra_cmd) { efree (extra_cmd); + } + if (to_len > 0) { + efree(to_r); + } + if (subject_len > 0) { + efree(subject_r); } } /* }}} */ Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.439 php-src/NEWS:1.1247.2.440 --- php-src/NEWS:1.1247.2.439 Sun Oct 19 21:59:47 2003 +++ php-src/NEWS Mon Oct 20 10:22:10 2003 @@ -5,6 +5,7 @@ on request shutdown). (Wez) - Fixed multibyte regex engine to properly handle ".*" pattern under POSIX compatible mode. (K.Kosako <kosako at sofnec.co.jp>, Moriyoshi) +- Fixed bug #25923 (mail() modifies the to & subject arguments). (Ilia) - Fixed bug #25895 (Incorrect detection of safe_mode limited ini options). (Ilia) - Fixed bug #25836 (last key of multi-dimensional array passed via GPC not
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php