Merge branch 'PHP-5.6' into PHP-7.0

NEWS

@@ -6,6 +6,9 @@ PHP                                                                        NEWS
   . Fixed bug #73181 (parse_str() without a second argument leads to crash).
     (Nikita)
 
+- Standard:
+  . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
+
 13 Oct 2016 PHP 7.0.12
 
 - Core:

ext/standard/exec.c

@@ -363,7 +363,7 @@ PHPAPI zend_string *php_escape_shell_cmd(char *str)
 	}
 	ZSTR_VAL(cmd)[y] = '\0';
 
-	if (y - 1 > cmd_max_len) {
+	if (y > cmd_max_len + 1) {
 		php_error_docref(NULL, E_ERROR, "Escaped command exceeds the allowed length of %d bytes", cmd_max_len);
 		zend_string_release(cmd);
 		return ZSTR_EMPTY_ALLOC();
@@ -450,7 +450,7 @@ PHPAPI zend_string *php_escape_shell_arg(char *str)
 #endif
 	ZSTR_VAL(cmd)[y] = '\0';
 
-	if (y - 1 > cmd_max_len) {
+	if (y > cmd_max_len + 1) {
 		php_error_docref(NULL, E_ERROR, "Escaped argument exceeds the allowed length of %d bytes", cmd_max_len);
 		zend_string_release(cmd);
 		return ZSTR_EMPTY_ALLOC();

ext/standard/tests/mail/bug73203.phpt

@@ -0,0 +1,24 @@
+--TEST--
+Bug #73203 (passing additional_parameters causes mail to fail)
+--DESCRIPTION--
+We're not really interested in testing mail() here, but it is currently the
+only function besides mb_send_mail() which allows to call php_escape_shell_cmd()
+with an empty string. Therefore we don't check the resulting email, but only
+verify that the call succeeds.
+--INI--
+sendmail_path=cat >/dev/null
+mail.add_x_header = Off
+--SKIPIF--
+<?php 
+if (substr(PHP_OS, 0, 3) === 'WIN') die('skip won\'t run on Windows');
+?>
+--FILE--
+<?php
+var_dump(
+    mail('test@example.com', 'subject', 'message', 'From: lala@example.com', '')
+);
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===