Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch')
-rw-r--r--dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch133
1 files changed, 133 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch b/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch
new file mode 100644
index 0000000..93701e9
--- /dev/null
+++ b/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch
@@ -0,0 +1,133 @@
+--- ext/mbstring/mbstring.c 2005/02/21 15:15:08 1.214.2.4
++++ ext/mbstring/mbstring.c 2005/11/25 22:18:45 1.214.2.7
+@@ -17,7 +17,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: mbstring.c,v 1.214.2.4 2005/02/21 15:15:08 moriyoshi Exp $ */
++/* $Id: mbstring.c,v 1.214.2.7 2005/11/25 22:18:45 hirokawa Exp $ */
+
+ /*
+ * PHP 4 Multibyte String module "mbstring"
+@@ -2267,7 +2267,7 @@ PHP_FUNCTION(mb_list_encodings)
+ }
+ /* }}} */
+
+-/* {{{ proto string mb_encode_mimeheader(string str [, string charset [, string transfer-encoding [, string linefeed]]])
++/* {{{ proto string mb_encode_mimeheader(string str [, string charset [, string transfer-encoding [, string linefeed [, int indent]]]])
+ Converts the string to MIME "encoded-word" in the format of =?charset?(B|Q)?encoded_string?= */
+ PHP_FUNCTION(mb_encode_mimeheader)
+ {
+@@ -2279,12 +2279,13 @@ PHP_FUNCTION(mb_encode_mimeheader)
+ int trans_enc_name_len;
+ char *linefeed = "\r\n";
+ int linefeed_len;
++ int indent = 0;
+
+ mbfl_string_init(&string);
+ string.no_language = MBSTRG(current_language);
+ string.no_encoding = MBSTRG(current_internal_encoding);
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sss", (char **)&string.val, &string.len, &charset_name, &charset_name_len, &trans_enc_name, &trans_enc_name_len, &linefeed, &linefeed_len) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sssl", (char **)&string.val, &string.len, &charset_name, &charset_name_len, &trans_enc_name, &trans_enc_name_len, &linefeed, &linefeed_len, &indent) == FAILURE) {
+ return;
+ }
+
+@@ -2314,7 +2315,7 @@ PHP_FUNCTION(mb_encode_mimeheader)
+ }
+
+ mbfl_string_init(&result);
+- ret = mbfl_mime_header_encode(&string, &result, charset, transenc, linefeed, 0);
++ ret = mbfl_mime_header_encode(&string, &result, charset, transenc, linefeed, indent);
+ if (ret != NULL) {
+ RETVAL_STRINGL((char *)ret->val, ret->len, 0) /* the string is already strdup()'ed */
+ } else {
+@@ -2770,6 +2771,15 @@ PHP_FUNCTION(mb_decode_numericentity)
+ */
+ #if HAVE_SENDMAIL
+
++#define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos) \
++ if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
++ pos += 3; \
++ while (str[pos] == ' ' || str[pos] == '\t') { \
++ pos++; \
++ } \
++ continue; \
++ }
++
+ #define APPEND_ONE_CHAR(ch) do { \
+ if (token.a > 0) { \
+ smart_str_appendc(&token, ch); \
+@@ -2981,6 +2991,9 @@ PHP_FUNCTION(mb_send_mail)
+ int subject_len;
+ char *extra_cmd=NULL;
+ int extra_cmd_len;
++ int i;
++ char *to_r;
++ char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
+ struct {
+ int cnt_type:1;
+ int cnt_trans_enc:1;
+@@ -3086,7 +3099,30 @@ PHP_FUNCTION(mb_send_mail)
+ }
+
+ /* To: */
+- if (to == NULL || to_len <= 0) {
++ if (to != NULL) {
++ if (to_len > 0) {
++ to_r = estrndup(to, to_len);
++ for (; to_len; to_len--) {
++ if (!isspace((unsigned char) to_r[to_len - 1])) {
++ break;
++ }
++ to_r[to_len - 1] = '\0';
++ }
++ for (i = 0; to_r[i]; i++) {
++ if (iscntrl((unsigned char) to_r[i])) {
++ /* According to RFC 822, section 3.1.1 long headers may be separated into
++ * parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
++ * To prevent these separators from being replaced with a space, we use the
++ * SKIP_LONG_HEADER_SEP_MBSTRING to skip over them.
++ */
++ SKIP_LONG_HEADER_SEP_MBSTRING(to_r, i);
++ to_r[i] = ' ';
++ }
++ }
++ } else {
++ to_r = to;
++ }
++ } else {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing To: field");
+ err = 1;
+ }
+@@ -3182,12 +3218,20 @@ PHP_FUNCTION(mb_send_mail)
+ mbfl_memory_device_output('\0', &device);
+ headers = (char *)device.buffer;
+
+- if (!err && php_mail(to, subject, message, headers, extra_cmd TSRMLS_CC)) {
++ if (force_extra_parameters) {
++ extra_cmd = estrdup(force_extra_parameters);
++ } else if (extra_cmd) {
++ extra_cmd = php_escape_shell_cmd(extra_cmd);
++ }
++
++ if (!err && php_mail(to_r, subject, message, headers, extra_cmd TSRMLS_CC)) {
+ RETVAL_TRUE;
+ } else {
+ RETVAL_FALSE;
+ }
+-
++ if (to_r != to) {
++ efree(to_r);
++ }
+ if (subject_buf) {
+ efree((void *)subject_buf);
+ }
+@@ -3198,6 +3242,7 @@ PHP_FUNCTION(mb_send_mail)
+ zend_hash_destroy(&ht_headers);
+ }
+
++#undef SKIP_LONG_HEADER_SEP_MBSTRING
+ #undef APPEND_ONE_CHAR
+ #undef SEPARATE_SMART_STR
+ #undef PHP_MBSTR_MAIL_MIME_HEADER1