Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
isv:cpanel:dev:EA4
scl-php73
0003-Modify-standard-mail-extenstion-to-add-X-P...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-Modify-standard-mail-extenstion-to-add-X-PHP-Script-.patch of Package scl-php73
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Cory McIntire <cory@cpanel.net> Date: Fri, 2 Mar 2018 11:06:08 -0600 Subject: [PATCH 03/14] Modify standard mail extenstion to add X-PHP-Script header --- ext/standard/mail.c | 50 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 1743e6d..8085caa 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -537,6 +537,52 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char MAIL_RET(0); } + char *headers2 = NULL; + while(1) { + zend_string *server = zend_string_init("_SERVER", sizeof("_SERVER") - 1, 0); + zend_is_auto_global(server); + + zval *remote_addr, *forwarded_for, *php_self, *server_name; + + if (Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER])) + break; + + if (!((remote_addr = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REMOTE_ADDR", sizeof("REMOTE_ADDR") - 1)) && + Z_TYPE_P(remote_addr) == IS_STRING)) + break; + + if (!((php_self = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "PHP_SELF", sizeof("PHP_SELF") - 1)) && + Z_TYPE_P(php_self) == IS_STRING)) + break; + + if (!((server_name = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "SERVER_NAME", sizeof("SERVER_NAME") - 1)) && + Z_TYPE_P(server_name) == IS_STRING)) + break; + + forwarded_for = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR") - 1); + if (forwarded_for && Z_TYPE_P(forwarded_for) != IS_STRING) + forwarded_for = NULL; + + headers2 = emalloc(32 + Z_STRLEN_P(server_name) + Z_STRLEN_P(php_self) + + (forwarded_for ? Z_STRLEN_P(forwarded_for) + 2 : 0) + + Z_STRLEN_P(remote_addr)); + strcpy(headers2, "X-PHP-Script: "); + strcat(headers2, Z_STRVAL_P(server_name)); + if (strchr(Z_STRVAL_P(php_self), '\n') != NULL || strchr(Z_STRVAL_P(php_self), '\r') != NULL) { + php_error_docref(NULL, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_P(php_self)); + } + else { + strcat(headers2, Z_STRVAL_P(php_self)); + } + strcat(headers2, " for "); + if (forwarded_for) { + strcat(headers2, Z_STRVAL_P(forwarded_for)); + strcat(headers2, ", "); + } + strcat(headers2, Z_STRVAL_P(remote_addr)); + break; + } + if (!sendmail_path) { #ifdef PHP_WIN32 /* handle old style win smtp sending */ @@ -600,6 +646,10 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char #endif fprintf(sendmail, "To: %s\n", to); fprintf(sendmail, "Subject: %s\n", subject); + if (headers2 != NULL) { + fprintf(sendmail, "%s\n", headers2); + efree(headers2); + } if (hdr != NULL) { fprintf(sendmail, "%s\n", hdr); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor