masugata Wed Apr 4 15:28:18 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/mbstring mbstring.c
Log:
Sync with mail function in mb_send_mail function(problem MOPB-33-2007:PHP and
MOPB-34-2007:PHP).
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.142.2.47.2.20&r2=1.142.2.47.2.21&diff_format=u
Index: php-src/ext/mbstring/mbstring.c
diff -u php-src/ext/mbstring/mbstring.c:1.142.2.47.2.20
php-src/ext/mbstring/mbstring.c:1.142.2.47.2.21
--- php-src/ext/mbstring/mbstring.c:1.142.2.47.2.20 Sun Mar 18 17:19:30 2007
+++ php-src/ext/mbstring/mbstring.c Wed Apr 4 15:28:18 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mbstring.c,v 1.142.2.47.2.20 2007/03/18 17:19:30 iliaa Exp $ */
+/* $Id: mbstring.c,v 1.142.2.47.2.21 2007/04/04 15:28:18 masugata Exp $ */
/*
* PHP4 Multibyte String module "mbstring"
@@ -3506,20 +3506,20 @@
#if HAVE_SENDMAIL
#define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos)
\
if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' ||
str[pos + 2] == '\t')) { \
- pos += 3;
\
- while (str[pos] == ' ' || str[pos] == '\t') { \
- pos++;
\
- } \
- continue;
\
- }
\
- else if (str[pos] == '\n' && (str[pos + 1] == ' ' || str[pos + 1] ==
'\t')) { \
pos += 2;
\
- while (str[pos] == ' ' || str[pos] == '\t') { \
+ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') {
\
pos++;
\
- }
\
+ } \
continue;
\
}
\
+#define MAIL_ASCIIZ_CHECK_MBSTRING(str, len) \
+ pp = str; \
+ ee = pp + len; \
+ while ((pp = memchr(pp, '\0', (ee - pp)))) { \
+ *pp = ' '; \
+ } \
+
PHP_FUNCTION(mb_send_mail)
{
int argc, n;
@@ -3536,7 +3536,8 @@
const mbfl_language *lang;
int err = 0;
char *to_r = NULL;
- int to_len, i;
+ int to_len, extra_cmd_len, i;
+ char *pp, *ee;
if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE
Restriction in effect. The fifth parameter is disabled in SAFE MODE.");
@@ -3569,6 +3570,8 @@
if (Z_STRVAL_PP(argv[0])) {
to = Z_STRVAL_PP(argv[0]);
to_len = Z_STRLEN_PP(argv[0]);
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK_MBSTRING(to, to_len);
if (to_len > 0) {
to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
@@ -3605,6 +3608,8 @@
orig_str.no_language = MBSTRG(current_language);
orig_str.val = (unsigned char *)Z_STRVAL_PP(argv[1]);
orig_str.len = Z_STRLEN_PP(argv[1]);
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK_MBSTRING(orig_str.val, orig_str.len);
orig_str.no_encoding = MBSTRG(current_internal_encoding);
if (orig_str.no_encoding == mbfl_no_encoding_invalid
|| orig_str.no_encoding == mbfl_no_encoding_pass) {
@@ -3627,6 +3632,8 @@
orig_str.no_language = MBSTRG(current_language);
orig_str.val = Z_STRVAL_PP(argv[2]);
orig_str.len = Z_STRLEN_PP(argv[2]);
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK_MBSTRING(orig_str.val, orig_str.len);
orig_str.no_encoding = MBSTRG(current_internal_encoding);
if (orig_str.no_encoding == mbfl_no_encoding_invalid
@@ -3663,6 +3670,8 @@
convert_to_string_ex(argv[3]);
p = Z_STRVAL_PP(argv[3]);
n = Z_STRLEN_PP(argv[3]);
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK_MBSTRING(p, n);
mbfl_memory_device_strncat(&device, p, n);
if (p[n - 1] != '\n') {
mbfl_memory_device_strncat(&device, "\n", 1);
@@ -3686,6 +3695,9 @@
if (argc == 5) { /* extra options that get passed to the mailer
*/
convert_to_string_ex(argv[4]);
extra_cmd = Z_STRVAL_PP(argv[4]);
+ extra_cmd_len = Z_STRLEN_PP(argv[4]);
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK_MBSTRING(extra_cmd, extra_cmd_len);
}
if (extra_cmd) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
