From 34373c7144ba31f1ef5ddd3e47dfce4b585a899d Mon Sep 17 00:00:00 2001 From: Giam Teck Choon Date: Thu, 10 Mar 2016 05:41:18 +0800 Subject: [PATCH] PHP mail() header patch This is a patch to add an informational header to messages sent from PHP via the mail() function. This can help to track which script on a server was used to send a message, and which client caused it to be sent. The header added has the form: X-PHP-Script: for For example: X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1 If the connection appears to have come via a proxy cache (i.e. has an "X-Forwarded-For" header), is a list of addresses (the addresses in X-Forwarded-For, then the 'real' remote address). This patch is a modified version of Steve Bennett's patch which can be read at http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/ since his patch only available for version 4.3.4 during the time I checked and also won't be working for mail function example 1 as listed at http://www.php.net/manual/en/function.mail.php Special thanks to: (1) Steve Bennett for his patch (2) Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers (http://www.hardened-php.net/advisory_142006.139.html) (3) Alexey Koscheev from koscheev.ru regarding using zend_is_auto_global to properly access $_SERVER (24 Jan 2015) Reference: http://grokbase.com/t/php/php-internals/033hwqce0z/server-registration-issue Signed-off-by: Giam Teck Choon --- ext/standard/mail.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 75bd423..13d01e9 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -325,6 +325,45 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char MAIL_RET(0); } + char *headers2=NULL; + + while(1) { + zval **server, **remote_addr, **forwarded_for, **php_self, **server_name; + + if (!zend_is_auto_global("_SERVER", sizeof("_SERVER") - 1 TSRMLS_CC)) + break; + if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE) + break; + if (Z_TYPE_PP(server)!=IS_ARRAY) + break; + if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE) + break; + if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE) + forwarded_for=NULL; + if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE) + break; + if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE) + break; + headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self) + +(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0) + +Z_STRLEN_PP(remote_addr)); + strcpy(headers2, "X-PHP-Script: "); + strcat(headers2, Z_STRVAL_PP(server_name)); + if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self)); + } + else { + strcat(headers2, Z_STRVAL_PP(php_self)); + } + strcat(headers2, " for "); + if (forwarded_for) { + strcat(headers2, Z_STRVAL_PP(forwarded_for)); + strcat(headers2, ", "); + } + strcat(headers2, Z_STRVAL_PP(remote_addr)); + break; + } + if (!sendmail_path) { #if (defined PHP_WIN32 || defined NETWARE) /* handle old style win smtp sending */ @@ -388,6 +427,10 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char #endif fprintf(sendmail, "To: %s\n", to); fprintf(sendmail, "Subject: %s\n", subject); + if (headers2 != NULL) { + fprintf(sendmail, "%s\n", headers2); + efree(headers2); + } if (hdr != NULL) { fprintf(sendmail, "%s\n", hdr); } -- 1.8.3.1