1--TEST-- 2GH-13415 (Added validation of line breaks \n in $additional_headers of mail()) 3--INI-- 4sendmail_path={MAIL:gh13415.out} 5--FILE-- 6<?php 7echo "LF only:\n"; 8try { 9 mail('to@example.com', 'Test Subject', 'A Message', ['Reply-To' => "foo@example.com \nCc: hacker@example.com"]); 10} catch (Throwable $e) { 11 echo $e->getMessage()."\n\n"; 12} 13 14echo "CR only:\n"; 15try { 16 mail('to@example.com', 'Test Subject', 'A Message', ['Reply-To' => "foo@example.com \rCc: hacker@example.com"]); 17} catch (Throwable $e) { 18 echo $e->getMessage()."\n\n"; 19} 20 21echo "CRLF:\n"; 22try { 23 mail('to@example.com', 'Test Subject', 'A Message', ['Reply-To' => "foo@example.com \r\nCc: hacker@example.com"]); 24} catch (Throwable $e) { 25 echo $e->getMessage()."\n\n"; 26} 27 28echo "NULL:\n"; 29try { 30 mail('to@example.com', 'Test Subject', 'A Message', ['Reply-To' => "foo@example.com \0Cc: hacker@example.com"]); 31} catch (Throwable $e) { 32 echo $e->getMessage()."\n\n"; 33} 34?> 35--CLEAN-- 36<?php 37if (file_exists('gh13415.out')) { 38 unlink('gh13415.out'); 39} 40?> 41--EXPECTF-- 42LF only: 43Header "Reply-To" contains LF character that is not allowed in the header 44 45CR only: 46Header "Reply-To" contains CR character that is not allowed in the header 47 48CRLF: 49Header "Reply-To" contains CRLF characters that are used as a line separator and are not allowed in the header 50 51NULL: 52Header "Reply-To" contains NULL character that is not allowed in the header 53