PHP :: Request #21931 :: Mail() fifth parameter

Request #21931	Mail() fifth parameter
Submitted:	2003-01-29 03:10 UTC	Modified:	2003-02-26 14:10 UTC
From:	php dot net at spamfilter dot friendlydude dot com	Assigned:
Status:	Closed	Package:	Feature/Change Request
PHP Version:	4.3.0	OS:	Linux 2.4.19
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-01-29 03:10 UTC] php dot net at spamfilter dot friendlydude dot com

The fifth parameter of the mail() function is disabled in safe_mode, but the changelog says the security issue is already fixed:

Changed mail() to use escape_shell_cmd() to allow multiple extra parameters to the invocation of the mailer as used in the fifth parameter. (Derick)

Can it be enabled in the next version of php?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-29 13:40 UTC] magnus@php.net

This is a feature/change request.

[2003-02-26 14:10 UTC] derick@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

It is NOT enabled now in safe mode, but atleast you can force it with the ini setting "mail_force_extra_parameters", see also:
http://news.php.net/article.php?group=php.cvs&article=19210

Derick

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Sep 18 21:01:26 2024 UTC