File 0003-Modify-standard-mail-extenstion-to-add-X-P... of Package scl-php73

Overview Repositories Revisions Requests Users Attributes Meta

File 0003-Modify-standard-mail-extenstion-to-add-X-PHP-Script-.patch of Package scl-php73

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Cory McIntire <cory@cpanel.net>
Date: Fri, 2 Mar 2018 11:06:08 -0600
Subject: [PATCH 03/14] Modify standard mail extenstion to add X-PHP-Script
 header

---
 ext/standard/mail.c | 50 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 1743e6d..8085caa 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -537,6 +537,52 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
 		MAIL_RET(0);
 	}
 
+	char *headers2 = NULL;
+	while(1) {
+		zend_string *server = zend_string_init("_SERVER", sizeof("_SERVER") - 1, 0);
+		zend_is_auto_global(server);
+
+		zval *remote_addr, *forwarded_for, *php_self, *server_name;
+
+		if (Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER]))
+			break;
+
+		if (!((remote_addr = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REMOTE_ADDR", sizeof("REMOTE_ADDR") - 1)) &&
+		    Z_TYPE_P(remote_addr) == IS_STRING))
+			break;
+
+		if (!((php_self = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "PHP_SELF", sizeof("PHP_SELF") - 1)) &&
+		    Z_TYPE_P(php_self) == IS_STRING))
+			break;
+
+		if (!((server_name = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "SERVER_NAME", sizeof("SERVER_NAME") - 1)) &&
+		    Z_TYPE_P(server_name) == IS_STRING))
+			break;
+
+		forwarded_for = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR") - 1);
+		if (forwarded_for && Z_TYPE_P(forwarded_for) != IS_STRING)
+			forwarded_for = NULL;
+
+		headers2 = emalloc(32 + Z_STRLEN_P(server_name) + Z_STRLEN_P(php_self)
+			+ (forwarded_for ? Z_STRLEN_P(forwarded_for) + 2 : 0)
+			+ Z_STRLEN_P(remote_addr));
+		strcpy(headers2, "X-PHP-Script: ");
+		strcat(headers2, Z_STRVAL_P(server_name));
+		if (strchr(Z_STRVAL_P(php_self), '\n') != NULL || strchr(Z_STRVAL_P(php_self), '\r') != NULL) {
+			php_error_docref(NULL, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_P(php_self));
+		}
+		else {
+			strcat(headers2, Z_STRVAL_P(php_self));
+		}
+		strcat(headers2, " for ");
+		if (forwarded_for) {
+			strcat(headers2, Z_STRVAL_P(forwarded_for));
+			strcat(headers2, ", ");
+		}
+		strcat(headers2, Z_STRVAL_P(remote_addr));
+		break;
+	}
+
 	if (!sendmail_path) {
 #ifdef PHP_WIN32
 		/* handle old style win smtp sending */
@@ -600,6 +646,10 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
 #endif
 		fprintf(sendmail, "To: %s\n", to);
 		fprintf(sendmail, "Subject: %s\n", subject);
+		if (headers2 != NULL) {
+			fprintf(sendmail, "%s\n", headers2);
+			efree(headers2);
+		}
 		if (hdr != NULL) {
 			fprintf(sendmail, "%s\n", hdr);
 		}

Places

File 0003-Modify-standard-mail-extenstion-to-add-X-PHP-Script-.patch of Package scl-php73

Places