mirror of
https://github.com/php/php-src.git
synced 2024-09-30 22:36:12 +00:00
commit
c095af584c
@ -223,6 +223,44 @@ void php_mail_log_to_file(char *filename, char *message, size_t message_size TSR
|
||||
}
|
||||
|
||||
|
||||
static int php_mail_detect_multiple_crlf(char *hdr) {
|
||||
/* This function detects multiple/malformed multiple newlines. */
|
||||
size_t len;
|
||||
|
||||
if (!hdr) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Should not have any newlines at the beginning. */
|
||||
/* RFC 2822 2.2. Header Fields */
|
||||
if (*hdr < 33 || *hdr > 126 || *hdr == ':') {
|
||||
return 1;
|
||||
}
|
||||
|
||||
while(*hdr) {
|
||||
if (*hdr == '\r') {
|
||||
if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) {
|
||||
/* Malformed or multiple newlines. */
|
||||
return 1;
|
||||
} else {
|
||||
hdr += 2;
|
||||
}
|
||||
} else if (*hdr == '\n') {
|
||||
if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') {
|
||||
/* Malformed or multiple newlines. */
|
||||
return 1;
|
||||
} else {
|
||||
hdr += 2;
|
||||
}
|
||||
} else {
|
||||
hdr++;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* {{{ php_mail
|
||||
*/
|
||||
PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char *extra_cmd TSRMLS_DC)
|
||||
@ -276,6 +314,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
|
||||
|
||||
efree(tmp);
|
||||
}
|
||||
|
||||
if (PG(mail_x_header)) {
|
||||
const char *tmp = zend_get_executed_filename(TSRMLS_C);
|
||||
char *f;
|
||||
@ -291,6 +330,11 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
|
||||
efree(f);
|
||||
}
|
||||
|
||||
if (hdr && php_mail_detect_multiple_crlf(hdr)) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Multiple or malformed newlines found in additional_header");
|
||||
MAIL_RET(0);
|
||||
}
|
||||
|
||||
if (!sendmail_path) {
|
||||
#if (defined PHP_WIN32 || defined NETWARE)
|
||||
/* handle old style win smtp sending */
|
||||
|
329
ext/standard/tests/mail/mail_basic6.phpt
Normal file
329
ext/standard/tests/mail/mail_basic6.phpt
Normal file
@ -0,0 +1,329 @@
|
||||
--TEST--
|
||||
Test mail() function : basic functionality
|
||||
--INI--
|
||||
sendmail_path=tee mailBasic.out >/dev/null
|
||||
mail.add_x_header = Off
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if(substr(PHP_OS, 0, 3) == "WIN")
|
||||
die("skip Won't run on Windows");
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
/* Prototype : int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
|
||||
* Description: Send an email message with invalid addtional_headers
|
||||
* Source code: ext/standard/mail.c
|
||||
* Alias to functions:
|
||||
*/
|
||||
|
||||
echo "*** Testing mail() : basic functionality ***\n";
|
||||
|
||||
|
||||
// Valid header
|
||||
$to = 'user@example.com';
|
||||
$subject = 'Test Subject';
|
||||
$message = 'A Message';
|
||||
$additional_headers = "HEAD1: a\r\nHEAD2: b\r\n";
|
||||
$outFile = "mailBasic.out";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Valid Header --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo file_get_contents($outFile);
|
||||
unlink($outFile);
|
||||
|
||||
// Valid header
|
||||
$additional_headers = "HEAD1: a\nHEAD2: b\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Valid Header --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Valid header
|
||||
// \r is accepted as valid. This may be changed to invalid.
|
||||
$additional_headers = "HEAD1: a\rHEAD2: b\r";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Valid Header --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
//===============================================================================
|
||||
// Invalid header
|
||||
$additional_headers = "\nHEAD1: a\nHEAD2: b\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - preceeding newline--\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "\rHEAD1: a\nHEAD2: b\r";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - preceeding newline--\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "\r\nHEAD1: a\r\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - preceeding newline--\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "\r\n\r\nHEAD1: a\r\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - preceeding newline--\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "\n\nHEAD1: a\r\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - preceeding newline--\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "\r\rHEAD1: a\r\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - preceeding newline--\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "HEAD1: a\r\n\r\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - multiple newlines in the middle --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "HEAD1: a\r\n\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - multiple newlines in the middle --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "HEAD1: a\n\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - multiple newlines in the middle --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "HEAD1: a\r\rHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - multiple newlines in the middle --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "HEAD1: a\n\rHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - multiple newlines in the middle --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
$additional_headers = "HEAD1: a\n\r\nHEAD2: b\r\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - multiple newlines in the middle --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
// Invalid, but PHP_FUNCTION(mail) trims newlines
|
||||
$additional_headers = "HEAD1: a\r\nHEAD2: b\r\n\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - trailing newlines --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
// Invalid, but PHP_FUNCTION(mail) trims newlines
|
||||
$additional_headers = "HEAD1: a\r\nHEAD2: b\n\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - trailing newlines --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
// Invalid, but PHP_FUNCTION(mail) trims newlines
|
||||
$additional_headers = "HEAD1: a\r\nHEAD2: b\n";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - trailing newlines --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
// Invalid header
|
||||
// Invalid, but PHP_FUNCTION(mail) trims newlines
|
||||
$additional_headers = "HEAD1: a\r\nHEAD2: b\r";
|
||||
@unlink($outFile);
|
||||
|
||||
echo "-- Invalid Header - trailing newlines --\n";
|
||||
// Calling mail() with all additional headers
|
||||
var_dump( mail($to, $subject, $message, $additional_headers) );
|
||||
echo @file_get_contents($outFile);
|
||||
@unlink($outFile);
|
||||
|
||||
?>
|
||||
===DONE===
|
||||
--EXPECTF--
|
||||
*** Testing mail() : basic functionality ***
|
||||
-- Valid Header --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
|
||||
HEAD2: b
|
||||
|
||||
A Message
|
||||
-- Valid Header --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
|
||||
HEAD2: b
|
||||
|
||||
A Message
|
||||
-- Valid Header --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
HEAD2: b
|
||||
|
||||
A Message
|
||||
-- Invalid Header - preceeding newline--
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - preceeding newline--
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - preceeding newline--
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - preceeding newline--
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - preceeding newline--
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - preceeding newline--
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - multiple newlines in the middle --
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - multiple newlines in the middle --
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - multiple newlines in the middle --
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - multiple newlines in the middle --
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - multiple newlines in the middle --
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - multiple newlines in the middle --
|
||||
|
||||
Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d
|
||||
bool(false)
|
||||
-- Invalid Header - trailing newlines --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
|
||||
HEAD2: b
|
||||
|
||||
A Message
|
||||
-- Invalid Header - trailing newlines --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
|
||||
HEAD2: b
|
||||
|
||||
A Message
|
||||
-- Invalid Header - trailing newlines --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
|
||||
HEAD2: b
|
||||
|
||||
A Message
|
||||
-- Invalid Header - trailing newlines --
|
||||
bool(true)
|
||||
To: user@example.com
|
||||
Subject: Test Subject
|
||||
HEAD1: a
|
||||
HEAD2: b
|
||||
|
||||
A Message
|
||||
===DONE===
|
Loading…
Reference in New Issue
Block a user