xref: /PHP-5.6/ext/standard/mail.c (revision 49493a2d)
1 /*
2    +----------------------------------------------------------------------+
3    | PHP Version 5                                                        |
4    +----------------------------------------------------------------------+
5    | Copyright (c) 1997-2016 The PHP Group                                |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 3.01 of the PHP license,      |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.php.net/license/3_01.txt                                  |
11    | If you did not receive a copy of the PHP license and are unable to   |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@php.net so we can mail you a copy immediately.               |
14    +----------------------------------------------------------------------+
15    | Author: Rasmus Lerdorf <rasmus@php.net>                              |
16    +----------------------------------------------------------------------+
17  */
18 
19 /* $Id$ */
20 
21 #include <stdlib.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <time.h>
25 #include "php.h"
26 #include "ext/standard/info.h"
27 #include "ext/standard/php_string.h"
28 #include "ext/standard/basic_functions.h"
29 #include "ext/date/php_date.h"
30 
31 #if HAVE_SYSEXITS_H
32 #include <sysexits.h>
33 #endif
34 #if HAVE_SYS_SYSEXITS_H
35 #include <sys/sysexits.h>
36 #endif
37 
38 #if PHP_SIGCHILD
39 #if HAVE_SIGNAL_H
40 #include <signal.h>
41 #endif
42 #endif
43 
44 #include "php_syslog.h"
45 #include "php_mail.h"
46 #include "php_ini.h"
47 #include "php_string.h"
48 #include "exec.h"
49 
50 #ifdef PHP_WIN32
51 #include "win32/sendmail.h"
52 #endif
53 
54 #ifdef NETWARE
55 #define EX_OK           0       /* successful termination */
56 #define EX_TEMPFAIL     75      /* temp failure; user is invited to retry */
57 #endif
58 
59 #define SKIP_LONG_HEADER_SEP(str, pos)																	\
60 	if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) {	\
61 		pos += 2;																						\
62 		while (str[pos + 1] == ' ' || str[pos + 1] == '\t') {											\
63 			pos++;																						\
64 		}																								\
65 		continue;																						\
66 	}																									\
67 
68 #define MAIL_ASCIIZ_CHECK(str, len)				\
69 	p = str;									\
70 	e = p + len;								\
71 	while ((p = memchr(p, '\0', (e - p)))) {	\
72 		*p = ' ';								\
73 	}											\
74 
75 extern long php_getuid(TSRMLS_D);
76 
77 /* {{{ proto int ezmlm_hash(string addr)
78    Calculate EZMLM list hash value. */
PHP_FUNCTION(ezmlm_hash)79 PHP_FUNCTION(ezmlm_hash)
80 {
81 	char *str = NULL;
82 	unsigned int h = 5381;
83 	int j, str_len;
84 
85 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) {
86 		return;
87 	}
88 
89 	for (j = 0; j < str_len; j++) {
90 		h = (h + (h << 5)) ^ (unsigned long) (unsigned char) tolower(str[j]);
91 	}
92 
93 	h = (h % 53);
94 
95 	RETURN_LONG((int) h);
96 }
97 /* }}} */
98 
99 /* {{{ proto int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
100    Send an email message */
PHP_FUNCTION(mail)101 PHP_FUNCTION(mail)
102 {
103 	char *to=NULL, *message=NULL, *headers=NULL, *headers_trimmed=NULL;
104 	char *subject=NULL, *extra_cmd=NULL;
105 	int to_len, message_len, headers_len = 0;
106 	int subject_len, extra_cmd_len = 0, i;
107 	char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
108 	char *to_r, *subject_r;
109 	char *p, *e;
110 
111 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss",	&to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) {
112 		return;
113 	}
114 
115 	/* ASCIIZ check */
116 	MAIL_ASCIIZ_CHECK(to, to_len);
117 	MAIL_ASCIIZ_CHECK(subject, subject_len);
118 	MAIL_ASCIIZ_CHECK(message, message_len);
119 	if (headers) {
120 		MAIL_ASCIIZ_CHECK(headers, headers_len);
121 		headers_trimmed = php_trim(headers, headers_len, NULL, 0, NULL, 2 TSRMLS_CC);
122 	}
123 	if (extra_cmd) {
124 		MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
125 	}
126 
127 	if (to_len > 0) {
128 		to_r = estrndup(to, to_len);
129 		for (; to_len; to_len--) {
130 			if (!isspace((unsigned char) to_r[to_len - 1])) {
131 				break;
132 			}
133 			to_r[to_len - 1] = '\0';
134 		}
135 		for (i = 0; to_r[i]; i++) {
136 			if (iscntrl((unsigned char) to_r[i])) {
137 				/* According to RFC 822, section 3.1.1 long headers may be separated into
138 				 * parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
139 				 * To prevent these separators from being replaced with a space, we use the
140 				 * SKIP_LONG_HEADER_SEP to skip over them. */
141 				SKIP_LONG_HEADER_SEP(to_r, i);
142 				to_r[i] = ' ';
143 			}
144 		}
145 	} else {
146 		to_r = to;
147 	}
148 
149 	if (subject_len > 0) {
150 		subject_r = estrndup(subject, subject_len);
151 		for (; subject_len; subject_len--) {
152 			if (!isspace((unsigned char) subject_r[subject_len - 1])) {
153 				break;
154 			}
155 			subject_r[subject_len - 1] = '\0';
156 		}
157 		for (i = 0; subject_r[i]; i++) {
158 			if (iscntrl((unsigned char) subject_r[i])) {
159 				SKIP_LONG_HEADER_SEP(subject_r, i);
160 				subject_r[i] = ' ';
161 			}
162 		}
163 	} else {
164 		subject_r = subject;
165 	}
166 
167 	if (force_extra_parameters) {
168 		extra_cmd = php_escape_shell_cmd(force_extra_parameters);
169 	} else if (extra_cmd) {
170 		extra_cmd = php_escape_shell_cmd(extra_cmd);
171 	}
172 
173 	if (php_mail(to_r, subject_r, message, headers_trimmed, extra_cmd TSRMLS_CC)) {
174 		RETVAL_TRUE;
175 	} else {
176 		RETVAL_FALSE;
177 	}
178 
179 	if (headers_trimmed) {
180 		efree(headers_trimmed);
181 	}
182 
183 	if (extra_cmd) {
184 		efree (extra_cmd);
185 	}
186 	if (to_r != to) {
187 		efree(to_r);
188 	}
189 	if (subject_r != subject) {
190 		efree(subject_r);
191 	}
192 }
193 /* }}} */
194 
195 
php_mail_log_crlf_to_spaces(char * message)196 void php_mail_log_crlf_to_spaces(char *message) {
197 	/* Find all instances of carriage returns or line feeds and
198 	 * replace them with spaces. Thus, a log line is always one line
199 	 * long
200 	 */
201 	char *p = message;
202 	while ((p = strpbrk(p, "\r\n"))) {
203 		*p = ' ';
204 	}
205 }
206 
php_mail_log_to_syslog(char * message)207 void php_mail_log_to_syslog(char *message) {
208 	/* Write 'message' to syslog. */
209 #ifdef HAVE_SYSLOG_H
210 	php_syslog(LOG_NOTICE, "%s", message);
211 #endif
212 }
213 
214 
php_mail_log_to_file(char * filename,char * message,size_t message_size TSRMLS_DC)215 void php_mail_log_to_file(char *filename, char *message, size_t message_size TSRMLS_DC) {
216 	/* Write 'message' to the given file. */
217 	uint flags = IGNORE_URL_WIN | REPORT_ERRORS | STREAM_DISABLE_OPEN_BASEDIR;
218 	php_stream *stream = php_stream_open_wrapper(filename, "a", flags, NULL);
219 	if (stream) {
220 		php_stream_write(stream, message, message_size);
221 		php_stream_close(stream);
222 	}
223 }
224 
225 
php_mail_detect_multiple_crlf(char * hdr)226 static int php_mail_detect_multiple_crlf(char *hdr) {
227 	/* This function detects multiple/malformed multiple newlines. */
228 
229 	if (!hdr || !strlen(hdr)) {
230 		return 0;
231 	}
232 
233 	/* Should not have any newlines at the beginning. */
234 	/* RFC 2822 2.2. Header Fields */
235 	if (*hdr < 33 || *hdr > 126 || *hdr == ':') {
236 		return 1;
237 	}
238 
239 	while(*hdr) {
240 		if (*hdr == '\r') {
241 			if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) {
242 				/* Malformed or multiple newlines. */
243 				return 1;
244 			} else {
245 				hdr += 2;
246 			}
247 		} else if (*hdr == '\n') {
248 			if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') {
249 				/* Malformed or multiple newlines. */
250 				return 1;
251 			} else {
252 				hdr += 2;
253 			}
254 		} else {
255 			hdr++;
256 		}
257 	}
258 
259 	return 0;
260 }
261 
262 
263 /* {{{ php_mail
264  */
php_mail(char * to,char * subject,char * message,char * headers,char * extra_cmd TSRMLS_DC)265 PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char *extra_cmd TSRMLS_DC)
266 {
267 #if (defined PHP_WIN32 || defined NETWARE)
268 	int tsm_err;
269 	char *tsm_errmsg = NULL;
270 #endif
271 	FILE *sendmail;
272 	int ret;
273 	char *sendmail_path = INI_STR("sendmail_path");
274 	char *sendmail_cmd = NULL;
275 	char *mail_log = INI_STR("mail.log");
276 	char *hdr = headers;
277 #if PHP_SIGCHILD
278 	void (*sig_handler)() = NULL;
279 #endif
280 
281 #define MAIL_RET(val) \
282 	if (hdr != headers) {	\
283 		efree(hdr);	\
284 	}	\
285 	return val;	\
286 
287 	if (mail_log && *mail_log) {
288 		char *tmp, *date_str;
289 		time_t curtime;
290 		int l;
291 
292 		time(&curtime);
293 		date_str = php_format_date("d-M-Y H:i:s e", 13, curtime, 1 TSRMLS_CC);
294 
295 		l = spprintf(&tmp, 0, "[%s] mail() on [%s:%d]: To: %s -- Headers: %s\n", date_str, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), to, hdr ? hdr : "");
296 
297 		efree(date_str);
298 
299 		if (hdr) {
300 			php_mail_log_crlf_to_spaces(tmp);
301 		}
302 
303 		if (!strcmp(mail_log, "syslog")) {
304 			/* Drop the final space when logging to syslog. */
305 			tmp[l - 1] = 0;
306 			php_mail_log_to_syslog(tmp);
307 		}
308 		else {
309 			/* Convert the final space to a newline when logging to file. */
310 			tmp[l - 1] = '\n';
311 			php_mail_log_to_file(mail_log, tmp, l TSRMLS_CC);
312 		}
313 
314 		efree(tmp);
315 	}
316 
317 	if (PG(mail_x_header)) {
318 		const char *tmp = zend_get_executed_filename(TSRMLS_C);
319 		char *f;
320 		size_t f_len;
321 
322 		php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC);
323 
324 		if (headers != NULL && *headers) {
325 			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers);
326 		} else {
327 			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s", php_getuid(TSRMLS_C), f);
328 		}
329 		efree(f);
330 	}
331 
332 	if (hdr && php_mail_detect_multiple_crlf(hdr)) {
333 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Multiple or malformed newlines found in additional_header");
334 		MAIL_RET(0);
335 	}
336 
337 	if (!sendmail_path) {
338 #if (defined PHP_WIN32 || defined NETWARE)
339 		/* handle old style win smtp sending */
340 		if (TSendMail(INI_STR("SMTP"), &tsm_err, &tsm_errmsg, hdr, subject, to, message, NULL, NULL, NULL TSRMLS_CC) == FAILURE) {
341 			if (tsm_errmsg) {
342 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", tsm_errmsg);
343 				efree(tsm_errmsg);
344 			} else {
345 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", GetSMErrorText(tsm_err));
346 			}
347 			MAIL_RET(0);
348 		}
349 		MAIL_RET(1);
350 #else
351 		MAIL_RET(0);
352 #endif
353 	}
354 	if (extra_cmd != NULL) {
355 		spprintf(&sendmail_cmd, 0, "%s %s", sendmail_path, extra_cmd);
356 	} else {
357 		sendmail_cmd = sendmail_path;
358 	}
359 
360 #if PHP_SIGCHILD
361 	/* Set signal handler of SIGCHLD to default to prevent other signal handlers
362 	 * from being called and reaping the return code when our child exits.
363 	 * The original handler needs to be restored after pclose() */
364 	sig_handler = (void *)signal(SIGCHLD, SIG_DFL);
365 	if (sig_handler == SIG_ERR) {
366 		sig_handler = NULL;
367 	}
368 #endif
369 
370 #ifdef PHP_WIN32
371 	sendmail = popen_ex(sendmail_cmd, "wb", NULL, NULL TSRMLS_CC);
372 #else
373 	/* Since popen() doesn't indicate if the internal fork() doesn't work
374 	 * (e.g. the shell can't be executed) we explicitly set it to 0 to be
375 	 * sure we don't catch any older errno value. */
376 	errno = 0;
377 	sendmail = popen(sendmail_cmd, "w");
378 #endif
379 	if (extra_cmd != NULL) {
380 		efree (sendmail_cmd);
381 	}
382 
383 	if (sendmail) {
384 #ifndef PHP_WIN32
385 		if (EACCES == errno) {
386 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Permission denied: unable to execute shell to run mail delivery binary '%s'", sendmail_path);
387 			pclose(sendmail);
388 #if PHP_SIGCHILD
389 			/* Restore handler in case of error on Windows
390 			   Not sure if this applicable on Win but just in case. */
391 			if (sig_handler) {
392 				signal(SIGCHLD, sig_handler);
393 			}
394 #endif
395 			MAIL_RET(0);
396 		}
397 #endif
398 		fprintf(sendmail, "To: %s\n", to);
399 		fprintf(sendmail, "Subject: %s\n", subject);
400 		if (hdr != NULL) {
401 			fprintf(sendmail, "%s\n", hdr);
402 		}
403 		fprintf(sendmail, "\n%s\n", message);
404 		ret = pclose(sendmail);
405 
406 #if PHP_SIGCHILD
407 		if (sig_handler) {
408 			signal(SIGCHLD, sig_handler);
409 		}
410 #endif
411 
412 #ifdef PHP_WIN32
413 		if (ret == -1)
414 #else
415 #if defined(EX_TEMPFAIL)
416 		if ((ret != EX_OK)&&(ret != EX_TEMPFAIL))
417 #elif defined(EX_OK)
418 		if (ret != EX_OK)
419 #else
420 		if (ret != 0)
421 #endif
422 #endif
423 		{
424 			MAIL_RET(0);
425 		} else {
426 			MAIL_RET(1);
427 		}
428 	} else {
429 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not execute mail delivery program '%s'", sendmail_path);
430 #if PHP_SIGCHILD
431 		if (sig_handler) {
432 			signal(SIGCHLD, sig_handler);
433 		}
434 #endif
435 		MAIL_RET(0);
436 	}
437 
438 	MAIL_RET(1); /* never reached */
439 }
440 /* }}} */
441 
442 /* {{{ PHP_MINFO_FUNCTION
443  */
PHP_MINFO_FUNCTION(mail)444 PHP_MINFO_FUNCTION(mail)
445 {
446 	char *sendmail_path = INI_STR("sendmail_path");
447 
448 #ifdef PHP_WIN32
449 	if (!sendmail_path) {
450 		php_info_print_table_row(2, "Internal Sendmail Support for Windows", "enabled");
451 	} else {
452 		php_info_print_table_row(2, "Path to sendmail", sendmail_path);
453 	}
454 #else
455 	php_info_print_table_row(2, "Path to sendmail", sendmail_path);
456 #endif
457 }
458 /* }}} */
459 
460 /*
461  * Local variables:
462  * tab-width: 4
463  * c-basic-offset: 4
464  * End:
465  * vim600: sw=4 ts=4 fdm=marker
466  * vim<600: sw=4 ts=4
467  */
468