1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | http://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Author: Rasmus Lerdorf <rasmus@php.net> |
14 +----------------------------------------------------------------------+
15 */
16
17 #include <stdlib.h>
18 #include <ctype.h>
19 #include <stdio.h>
20 #include <time.h>
21 #include "php.h"
22 #include "ext/standard/info.h"
23 #include "ext/standard/php_string.h"
24 #include "ext/standard/basic_functions.h"
25 #include "ext/date/php_date.h"
26 #include "zend_smart_str.h"
27
28 #if HAVE_SYSEXITS_H
29 #include <sysexits.h>
30 #endif
31 #if HAVE_SYS_SYSEXITS_H
32 #include <sys/sysexits.h>
33 #endif
34
35 #if PHP_SIGCHILD
36 #include <signal.h>
37 #endif
38
39 #include "php_syslog.h"
40 #include "php_mail.h"
41 #include "php_ini.h"
42 #include "php_string.h"
43 #include "exec.h"
44
45 #ifdef PHP_WIN32
46 #include "win32/sendmail.h"
47 #endif
48
49 #define SKIP_LONG_HEADER_SEP(str, pos) \
50 if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
51 pos += 2; \
52 while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
53 pos++; \
54 } \
55 continue; \
56 } \
57
58 extern zend_long php_getuid(void);
59
php_mail_build_headers_check_field_value(zval * val)60 static zend_bool php_mail_build_headers_check_field_value(zval *val)
61 {
62 size_t len = 0;
63 zend_string *value = Z_STR_P(val);
64
65 /* https://tools.ietf.org/html/rfc2822#section-2.2.1 */
66 /* https://tools.ietf.org/html/rfc2822#section-2.2.3 */
67 while (len < value->len) {
68 if (*(value->val+len) == '\r') {
69 if (value->len - len >= 3
70 && *(value->val+len+1) == '\n'
71 && (*(value->val+len+2) == ' ' || *(value->val+len+2) == '\t')) {
72 len += 3;
73 continue;
74 }
75 return FAILURE;
76 }
77 if (*(value->val+len) == '\0') {
78 return FAILURE;
79 }
80 len++;
81 }
82 return SUCCESS;
83 }
84
85
php_mail_build_headers_check_field_name(zend_string * key)86 static zend_bool php_mail_build_headers_check_field_name(zend_string *key)
87 {
88 size_t len = 0;
89
90 /* https://tools.ietf.org/html/rfc2822#section-2.2 */
91 while (len < key->len) {
92 if (*(key->val+len) < 33 || *(key->val+len) > 126 || *(key->val+len) == ':') {
93 return FAILURE;
94 }
95 len++;
96 }
97 return SUCCESS;
98 }
99
100
101 static void php_mail_build_headers_elems(smart_str *s, zend_string *key, zval *val);
102
php_mail_build_headers_elem(smart_str * s,zend_string * key,zval * val)103 static void php_mail_build_headers_elem(smart_str *s, zend_string *key, zval *val)
104 {
105 switch(Z_TYPE_P(val)) {
106 case IS_STRING:
107 if (php_mail_build_headers_check_field_name(key) != SUCCESS) {
108 zend_value_error("Header name \"%s\" contains invalid characters", ZSTR_VAL(key));
109 return;
110 }
111 if (php_mail_build_headers_check_field_value(val) != SUCCESS) {
112 zend_value_error("Header \"%s\" has invalid format, or contains invalid characters", ZSTR_VAL(key));
113 return;
114 }
115 smart_str_append(s, key);
116 smart_str_appendl(s, ": ", 2);
117 smart_str_appends(s, Z_STRVAL_P(val));
118 smart_str_appendl(s, "\r\n", 2);
119 break;
120 case IS_ARRAY:
121 php_mail_build_headers_elems(s, key, val);
122 break;
123 default:
124 zend_type_error("Header \"%s\" must be of type array|string, %s given", ZSTR_VAL(key), zend_zval_type_name(val));
125 }
126 }
127
128
php_mail_build_headers_elems(smart_str * s,zend_string * key,zval * val)129 static void php_mail_build_headers_elems(smart_str *s, zend_string *key, zval *val)
130 {
131 zend_string *tmp_key;
132 zval *tmp_val;
133
134 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(val), tmp_key, tmp_val) {
135 if (tmp_key) {
136 zend_type_error("Header \"%s\" must only contain numeric keys, \"%s\" found", ZSTR_VAL(key), ZSTR_VAL(tmp_key));
137 break;
138 }
139 if (Z_TYPE_P(tmp_val) != IS_STRING) {
140 zend_type_error("Header \"%s\" must only contain values of type string, %s found", ZSTR_VAL(key), zend_zval_type_name(tmp_val));
141 break;
142 }
143 php_mail_build_headers_elem(s, key, tmp_val);
144 } ZEND_HASH_FOREACH_END();
145 }
146
147
php_mail_build_headers(HashTable * headers)148 PHPAPI zend_string *php_mail_build_headers(HashTable *headers)
149 {
150 zend_ulong idx;
151 zend_string *key;
152 zval *val;
153 smart_str s = {0};
154
155 ZEND_HASH_FOREACH_KEY_VAL(headers, idx, key, val) {
156 if (!key) {
157 zend_type_error("Header name cannot be numeric, " ZEND_LONG_FMT " given", idx);
158 break;
159 }
160 /* https://tools.ietf.org/html/rfc2822#section-3.6 */
161 switch(ZSTR_LEN(key)) {
162 case sizeof("orig-date")-1:
163 if (!strncasecmp("orig-date", ZSTR_VAL(key), ZSTR_LEN(key))) {
164 PHP_MAIL_BUILD_HEADER_CHECK("orig-date", s, key, val);
165 } else {
166 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
167 }
168 break;
169 case sizeof("from")-1:
170 if (!strncasecmp("from", ZSTR_VAL(key), ZSTR_LEN(key))) {
171 PHP_MAIL_BUILD_HEADER_CHECK("from", s, key, val);
172 } else {
173 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
174 }
175 break;
176 case sizeof("sender")-1:
177 if (!strncasecmp("sender", ZSTR_VAL(key), ZSTR_LEN(key))) {
178 PHP_MAIL_BUILD_HEADER_CHECK("sender", s, key, val);
179 } else {
180 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
181 }
182 break;
183 case sizeof("reply-to")-1:
184 if (!strncasecmp("reply-to", ZSTR_VAL(key), ZSTR_LEN(key))) {
185 PHP_MAIL_BUILD_HEADER_CHECK("reply-to", s, key, val);
186 } else {
187 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
188 }
189 break;
190 case sizeof("to")-1: /* "to", "cc" */
191 if (!strncasecmp("to", ZSTR_VAL(key), ZSTR_LEN(key))) {
192 zend_value_error("The additional headers cannot contain the \"To\" header");
193 break;
194 }
195 if (!strncasecmp("cc", ZSTR_VAL(key), ZSTR_LEN(key))) {
196 PHP_MAIL_BUILD_HEADER_CHECK("cc", s, key, val);
197 } else {
198 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
199 }
200 break;
201 case sizeof("bcc")-1:
202 if (!strncasecmp("bcc", ZSTR_VAL(key), ZSTR_LEN(key))) {
203 PHP_MAIL_BUILD_HEADER_CHECK("bcc", s, key, val);
204 } else {
205 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
206 }
207 break;
208 case sizeof("message-id")-1: /* "references" */
209 if (!strncasecmp("message-id", ZSTR_VAL(key), ZSTR_LEN(key))) {
210 PHP_MAIL_BUILD_HEADER_CHECK("message-id", s, key, val);
211 } else if (!strncasecmp("references", ZSTR_VAL(key), ZSTR_LEN(key))) {
212 PHP_MAIL_BUILD_HEADER_CHECK("references", s, key, val);
213 } else {
214 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
215 }
216 break;
217 case sizeof("in-reply-to")-1:
218 if (!strncasecmp("in-reply-to", ZSTR_VAL(key), ZSTR_LEN(key))) {
219 PHP_MAIL_BUILD_HEADER_CHECK("in-reply-to", s, key, val);
220 } else {
221 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
222 }
223 break;
224 case sizeof("subject")-1:
225 if (!strncasecmp("subject", ZSTR_VAL(key), ZSTR_LEN(key))) {
226 zend_value_error("The additional headers cannot contain the \"Subject\" header");
227 break;
228 }
229 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
230 break;
231 default:
232 PHP_MAIL_BUILD_HEADER_DEFAULT(s, key, val);
233 }
234
235 if (EG(exception)) {
236 smart_str_free(&s);
237 return NULL;
238 }
239 } ZEND_HASH_FOREACH_END();
240
241 /* Remove the last \r\n */
242 if (s.s) s.s->len -= 2;
243 smart_str_0(&s);
244
245 return s.s;
246 }
247
248
249 /* {{{ Send an email message */
PHP_FUNCTION(mail)250 PHP_FUNCTION(mail)
251 {
252 char *to=NULL, *message=NULL;
253 char *subject=NULL;
254 zend_string *extra_cmd=NULL;
255 zend_string *headers_str = NULL;
256 HashTable *headers_ht = NULL;
257 size_t to_len, message_len;
258 size_t subject_len, i;
259 char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
260 char *to_r, *subject_r;
261
262 ZEND_PARSE_PARAMETERS_START(3, 5)
263 Z_PARAM_PATH(to, to_len)
264 Z_PARAM_PATH(subject, subject_len)
265 Z_PARAM_PATH(message, message_len)
266 Z_PARAM_OPTIONAL
267 Z_PARAM_ARRAY_HT_OR_STR(headers_ht, headers_str)
268 Z_PARAM_PATH_STR(extra_cmd)
269 ZEND_PARSE_PARAMETERS_END();
270
271 if (headers_str) {
272 if (strlen(ZSTR_VAL(headers_str)) != ZSTR_LEN(headers_str)) {
273 zend_argument_value_error(4, "must not contain any null bytes");
274 RETURN_THROWS();
275 }
276 headers_str = php_trim(headers_str, NULL, 0, 2);
277 } else if (headers_ht) {
278 headers_str = php_mail_build_headers(headers_ht);
279 if (EG(exception)) {
280 RETURN_THROWS();
281 }
282 }
283
284 if (to_len > 0) {
285 to_r = estrndup(to, to_len);
286 for (; to_len; to_len--) {
287 if (!isspace((unsigned char) to_r[to_len - 1])) {
288 break;
289 }
290 to_r[to_len - 1] = '\0';
291 }
292 for (i = 0; to_r[i]; i++) {
293 if (iscntrl((unsigned char) to_r[i])) {
294 /* According to RFC 822, section 3.1.1 long headers may be separated into
295 * parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
296 * To prevent these separators from being replaced with a space, we use the
297 * SKIP_LONG_HEADER_SEP to skip over them. */
298 SKIP_LONG_HEADER_SEP(to_r, i);
299 to_r[i] = ' ';
300 }
301 }
302 } else {
303 to_r = to;
304 }
305
306 if (subject_len > 0) {
307 subject_r = estrndup(subject, subject_len);
308 for (; subject_len; subject_len--) {
309 if (!isspace((unsigned char) subject_r[subject_len - 1])) {
310 break;
311 }
312 subject_r[subject_len - 1] = '\0';
313 }
314 for (i = 0; subject_r[i]; i++) {
315 if (iscntrl((unsigned char) subject_r[i])) {
316 SKIP_LONG_HEADER_SEP(subject_r, i);
317 subject_r[i] = ' ';
318 }
319 }
320 } else {
321 subject_r = subject;
322 }
323
324 if (force_extra_parameters) {
325 extra_cmd = php_escape_shell_cmd(force_extra_parameters);
326 } else if (extra_cmd) {
327 extra_cmd = php_escape_shell_cmd(ZSTR_VAL(extra_cmd));
328 }
329
330 if (php_mail(to_r, subject_r, message, headers_str && ZSTR_LEN(headers_str) ? ZSTR_VAL(headers_str) : NULL, extra_cmd ? ZSTR_VAL(extra_cmd) : NULL)) {
331 RETVAL_TRUE;
332 } else {
333 RETVAL_FALSE;
334 }
335
336 if (headers_str) {
337 zend_string_release_ex(headers_str, 0);
338 }
339
340 if (extra_cmd) {
341 zend_string_release_ex(extra_cmd, 0);
342 }
343 if (to_r != to) {
344 efree(to_r);
345 }
346 if (subject_r != subject) {
347 efree(subject_r);
348 }
349 }
350 /* }}} */
351
352
php_mail_log_crlf_to_spaces(char * message)353 void php_mail_log_crlf_to_spaces(char *message) {
354 /* Find all instances of carriage returns or line feeds and
355 * replace them with spaces. Thus, a log line is always one line
356 * long
357 */
358 char *p = message;
359 while ((p = strpbrk(p, "\r\n"))) {
360 *p = ' ';
361 }
362 }
363
php_mail_log_to_syslog(char * message)364 void php_mail_log_to_syslog(char *message) {
365 /* Write 'message' to syslog. */
366 #ifdef HAVE_SYSLOG_H
367 php_syslog(LOG_NOTICE, "%s", message);
368 #endif
369 }
370
371
php_mail_log_to_file(char * filename,char * message,size_t message_size)372 void php_mail_log_to_file(char *filename, char *message, size_t message_size) {
373 /* Write 'message' to the given file. */
374 uint32_t flags = IGNORE_URL_WIN | REPORT_ERRORS | STREAM_DISABLE_OPEN_BASEDIR;
375 php_stream *stream = php_stream_open_wrapper(filename, "a", flags, NULL);
376 if (stream) {
377 php_stream_write(stream, message, message_size);
378 php_stream_close(stream);
379 }
380 }
381
382
php_mail_detect_multiple_crlf(const char * hdr)383 static int php_mail_detect_multiple_crlf(const char *hdr) {
384 /* This function detects multiple/malformed multiple newlines. */
385
386 if (!hdr || !strlen(hdr)) {
387 return 0;
388 }
389
390 /* Should not have any newlines at the beginning. */
391 /* RFC 2822 2.2. Header Fields */
392 if (*hdr < 33 || *hdr > 126 || *hdr == ':') {
393 return 1;
394 }
395
396 while(*hdr) {
397 if (*hdr == '\r') {
398 if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) {
399 /* Malformed or multiple newlines. */
400 return 1;
401 } else {
402 hdr += 2;
403 }
404 } else if (*hdr == '\n') {
405 if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') {
406 /* Malformed or multiple newlines. */
407 return 1;
408 } else {
409 hdr += 2;
410 }
411 } else {
412 hdr++;
413 }
414 }
415
416 return 0;
417 }
418
419
420 /* {{{ php_mail */
php_mail(const char * to,const char * subject,const char * message,const char * headers,const char * extra_cmd)421 PHPAPI int php_mail(const char *to, const char *subject, const char *message, const char *headers, const char *extra_cmd)
422 {
423 #ifdef PHP_WIN32
424 int tsm_err;
425 char *tsm_errmsg = NULL;
426 #endif
427 FILE *sendmail;
428 int ret;
429 char *sendmail_path = INI_STR("sendmail_path");
430 char *sendmail_cmd = NULL;
431 char *mail_log = INI_STR("mail.log");
432 const char *hdr = headers;
433 char *ahdr = NULL;
434 #if PHP_SIGCHILD
435 void (*sig_handler)() = NULL;
436 #endif
437
438 #define MAIL_RET(val) \
439 if (ahdr != NULL) { \
440 efree(ahdr); \
441 } \
442 return val; \
443
444 if (mail_log && *mail_log) {
445 char *logline;
446
447 spprintf(&logline, 0, "mail() on [%s:%d]: To: %s -- Headers: %s -- Subject: %s", zend_get_executed_filename(), zend_get_executed_lineno(), to, hdr ? hdr : "", subject);
448
449 if (hdr) {
450 php_mail_log_crlf_to_spaces(logline);
451 }
452
453 if (!strcmp(mail_log, "syslog")) {
454 php_mail_log_to_syslog(logline);
455 } else {
456 /* Add date when logging to file */
457 char *tmp;
458 time_t curtime;
459 zend_string *date_str;
460 size_t len;
461
462
463 time(&curtime);
464 date_str = php_format_date("d-M-Y H:i:s e", 13, curtime, 1);
465 len = spprintf(&tmp, 0, "[%s] %s%s", date_str->val, logline, PHP_EOL);
466
467 php_mail_log_to_file(mail_log, tmp, len);
468
469 zend_string_free(date_str);
470 efree(tmp);
471 }
472
473 efree(logline);
474 }
475
476 if (EG(exception)) {
477 MAIL_RET(0);
478 }
479
480 if (PG(mail_x_header)) {
481 const char *tmp = zend_get_executed_filename();
482 zend_string *f;
483
484 f = php_basename(tmp, strlen(tmp), NULL, 0);
485
486 if (headers != NULL && *headers) {
487 spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\r\n%s", php_getuid(), ZSTR_VAL(f), headers);
488 } else {
489 spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s", php_getuid(), ZSTR_VAL(f));
490 }
491 hdr = ahdr;
492 zend_string_release_ex(f, 0);
493 }
494
495 if (hdr && php_mail_detect_multiple_crlf(hdr)) {
496 php_error_docref(NULL, E_WARNING, "Multiple or malformed newlines found in additional_header");
497 MAIL_RET(0);
498 }
499
500 if (!sendmail_path) {
501 #ifdef PHP_WIN32
502 /* handle old style win smtp sending */
503 if (TSendMail(INI_STR("SMTP"), &tsm_err, &tsm_errmsg, hdr, subject, to, message, NULL, NULL, NULL) == FAILURE) {
504 if (tsm_errmsg) {
505 php_error_docref(NULL, E_WARNING, "%s", tsm_errmsg);
506 efree(tsm_errmsg);
507 } else {
508 php_error_docref(NULL, E_WARNING, "%s", GetSMErrorText(tsm_err));
509 }
510 MAIL_RET(0);
511 }
512 MAIL_RET(1);
513 #else
514 MAIL_RET(0);
515 #endif
516 }
517 if (extra_cmd != NULL) {
518 spprintf(&sendmail_cmd, 0, "%s %s", sendmail_path, extra_cmd);
519 } else {
520 sendmail_cmd = sendmail_path;
521 }
522
523 #if PHP_SIGCHILD
524 /* Set signal handler of SIGCHLD to default to prevent other signal handlers
525 * from being called and reaping the return code when our child exits.
526 * The original handler needs to be restored after pclose() */
527 sig_handler = (void *)signal(SIGCHLD, SIG_DFL);
528 if (sig_handler == SIG_ERR) {
529 sig_handler = NULL;
530 }
531 #endif
532
533 #ifdef PHP_WIN32
534 sendmail = popen_ex(sendmail_cmd, "wb", NULL, NULL);
535 #else
536 /* Since popen() doesn't indicate if the internal fork() doesn't work
537 * (e.g. the shell can't be executed) we explicitly set it to 0 to be
538 * sure we don't catch any older errno value. */
539 errno = 0;
540 sendmail = popen(sendmail_cmd, "w");
541 #endif
542 if (extra_cmd != NULL) {
543 efree (sendmail_cmd);
544 }
545
546 if (sendmail) {
547 #ifndef PHP_WIN32
548 if (EACCES == errno) {
549 php_error_docref(NULL, E_WARNING, "Permission denied: unable to execute shell to run mail delivery binary '%s'", sendmail_path);
550 pclose(sendmail);
551 #if PHP_SIGCHILD
552 /* Restore handler in case of error on Windows
553 Not sure if this applicable on Win but just in case. */
554 if (sig_handler) {
555 signal(SIGCHLD, sig_handler);
556 }
557 #endif
558 MAIL_RET(0);
559 }
560 #endif
561 fprintf(sendmail, "To: %s\r\n", to);
562 fprintf(sendmail, "Subject: %s\r\n", subject);
563 if (hdr != NULL) {
564 fprintf(sendmail, "%s\r\n", hdr);
565 }
566 fprintf(sendmail, "\r\n%s\r\n", message);
567 ret = pclose(sendmail);
568
569 #if PHP_SIGCHILD
570 if (sig_handler) {
571 signal(SIGCHLD, sig_handler);
572 }
573 #endif
574
575 #ifdef PHP_WIN32
576 if (ret == -1)
577 #else
578 #if defined(EX_TEMPFAIL)
579 if ((ret != EX_OK)&&(ret != EX_TEMPFAIL))
580 #elif defined(EX_OK)
581 if (ret != EX_OK)
582 #else
583 if (ret != 0)
584 #endif
585 #endif
586 {
587 MAIL_RET(0);
588 } else {
589 MAIL_RET(1);
590 }
591 } else {
592 php_error_docref(NULL, E_WARNING, "Could not execute mail delivery program '%s'", sendmail_path);
593 #if PHP_SIGCHILD
594 if (sig_handler) {
595 signal(SIGCHLD, sig_handler);
596 }
597 #endif
598 MAIL_RET(0);
599 }
600
601 MAIL_RET(1); /* never reached */
602 }
603 /* }}} */
604
605 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(mail)606 PHP_MINFO_FUNCTION(mail)
607 {
608 char *sendmail_path = INI_STR("sendmail_path");
609
610 #ifdef PHP_WIN32
611 if (!sendmail_path) {
612 php_info_print_table_row(2, "Internal Sendmail Support for Windows", "enabled");
613 } else {
614 php_info_print_table_row(2, "Path to sendmail", sendmail_path);
615 }
616 #else
617 php_info_print_table_row(2, "Path to sendmail", sendmail_path);
618 #endif
619 }
620 /* }}} */
621