Author: arekm Date: Fri Dec 1 10:49:55 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - allow single newline only at the end of to/subject but never in middle
---- Files affected: SOURCES: php-mail.patch (1.14 -> 1.15) ---- Diffs: ================================================================ Index: SOURCES/php-mail.patch diff -u SOURCES/php-mail.patch:1.14 SOURCES/php-mail.patch:1.15 --- SOURCES/php-mail.patch:1.14 Mon Jun 19 12:01:12 2006 +++ SOURCES/php-mail.patch Fri Dec 1 11:49:50 2006 @@ -1,5 +1,6 @@ ---- php-4.3.0/ext/standard/mail.c Thu Jan 2 12:37:54 2003 -+++ php-5.1.4-mail/ext/standard/mail.c 2006-06-07 17:48:45.197705968 +0300 +diff -urN php-5.2.0.org/ext/standard/mail.c php-5.2.0/ext/standard/mail.c +--- php-5.2.0.org/ext/standard/mail.c 2006-01-01 13:50:15.000000000 +0100 ++++ php-5.2.0/ext/standard/mail.c 2006-12-01 12:46:40.000000000 +0100 @@ -21,6 +21,8 @@ #include <stdlib.h> #include <ctype.h> @@ -19,17 +20,19 @@ #if HAVE_SENDMAIL #ifdef PHP_WIN32 #include "win32/sendmail.h" -@@ -104,6 +109,25 @@ +@@ -104,6 +109,27 @@ return; } + /* check for spam attempts with buggy webforms */ -+ if (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL) { ++ if ((strchr(to, '\n') != NULL && (strchr(to, '\n') != strrchr(to, '\n') || (to_len && to[to_len-1] != '\n'))) ++ || (strchr(to, '\r') != NULL && (strchr(to, '\r') != strrchr(to, '\r') || (to_len && to[to_len-1] != '\r')))) { + zend_error(E_WARNING, "Newlines aren't allowed in the To header. Mail not sent."); + RETURN_FALSE; + } + -+ if (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL) { ++ if ((strchr(subject, '\n') != NULL && (strchr(subject, '\n') != strrchr(subject, '\n') || (subject_len && subject[subject_len-1] != '\n'))) ++ || (strchr(subject, '\r') != NULL && (strchr(subject, '\r') != strrchr(subject, '\r') || (subject_len && subject[subject_len-1] != '\r')))) { + zend_error(E_WARNING, "Newlines aren't allowed in the Subject header. Mail not sent."); + RETURN_FALSE; + } @@ -45,13 +48,13 @@ if (to_len > 0) { to_r = estrndup(to, to_len); for (; to_len; to_len--) { -@@ -196,8 +220,42 @@ +@@ -228,8 +254,42 @@ return 0; } #endif - fprintf(sendmail, "To: %s\n", to); - fprintf(sendmail, "Subject: %s\n", subject); -+ TSRMLS_FETCH(); ++ {TSRMLS_FETCH();} + + if ((to != NULL) && (strlen(to)!=0)) { + fprintf(sendmail, "To: %s\n", to); ================================================================ ---- CVS-web: http://cvs.pld-linux.org/SOURCES/php-mail.patch?r1=1.14&r2=1.15&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit