diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2016-09-30 11:40:10 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2016-09-30 11:40:55 +0200 |
| commit | dd937129113fb0cc435c579e8308218d119d9726 (patch) | |
| tree | 41e3512ea3432ff75f450c7be97263e97f24d07b | |
| parent | e60620b97418041c56a94f4f1eb20355b91999c5 (diff) | |
| parent | e72165bb86aec6fc51dcb4d8d715e18be912ab67 (diff) | |
| download | php-git-dd937129113fb0cc435c579e8308218d119d9726.tar.gz | |
Merge branch 'PHP-5.6' into PHP-7.0
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/standard/exec.c | 4 | ||||
| -rw-r--r-- | ext/standard/tests/mail/bug73203.phpt | 24 |
3 files changed, 29 insertions, 2 deletions
@@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #73181 (parse_str() without a second argument leads to crash). (Nikita) +- Standard: + . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb) + 13 Oct 2016 PHP 7.0.12 - Core: diff --git a/ext/standard/exec.c b/ext/standard/exec.c index a73d0b4e6e..7bd3ef9f7f 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -363,7 +363,7 @@ PHPAPI zend_string *php_escape_shell_cmd(char *str) } ZSTR_VAL(cmd)[y] = '\0'; - if (y - 1 > cmd_max_len) { + if (y > cmd_max_len + 1) { php_error_docref(NULL, E_ERROR, "Escaped command exceeds the allowed length of %d bytes", cmd_max_len); zend_string_release(cmd); return ZSTR_EMPTY_ALLOC(); @@ -450,7 +450,7 @@ PHPAPI zend_string *php_escape_shell_arg(char *str) #endif ZSTR_VAL(cmd)[y] = '\0'; - if (y - 1 > cmd_max_len) { + if (y > cmd_max_len + 1) { php_error_docref(NULL, E_ERROR, "Escaped argument exceeds the allowed length of %d bytes", cmd_max_len); zend_string_release(cmd); return ZSTR_EMPTY_ALLOC(); diff --git a/ext/standard/tests/mail/bug73203.phpt b/ext/standard/tests/mail/bug73203.phpt new file mode 100644 index 0000000000..6b3bf6618c --- /dev/null +++ b/ext/standard/tests/mail/bug73203.phpt @@ -0,0 +1,24 @@ +--TEST--
+Bug #73203 (passing additional_parameters causes mail to fail)
+--DESCRIPTION--
+We're not really interested in testing mail() here, but it is currently the
+only function besides mb_send_mail() which allows to call php_escape_shell_cmd()
+with an empty string. Therefore we don't check the resulting email, but only
+verify that the call succeeds.
+--INI--
+sendmail_path=cat >/dev/null
+mail.add_x_header = Off
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) === 'WIN') die('skip won\'t run on Windows');
+?>
+--FILE--
+<?php
+var_dump(
+ mail('test@example.com', 'subject', 'message', 'From: lala@example.com', '')
+);
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===
|