|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-12-13 14:44 UTC] sniper@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Nov 04 13:00:02 2025 UTC |
Description: ------------ Function arguments are not checked for end of headers '\n\n'. When you add for ex. to unchecked 'headers' argument your own headers with '\n\n' and a body after the '\n\n', the rest of you original message will be after this hacked message. A huge count of spam is sent by this feature, because people can't write their srcipts safe at first, but these arguments should be checked for '\n\n' to not be hackable. Reproduce code: --------------- $email = "owner@domain.org\nSubject: Viagra\n\nBuy a viagra in our eshop - it's for free!!!\n.\n\n\n\n\n"; headers = "From: $email\nX-Mailer: PHP"; Mail("icebraker@icebraker.org", "subject of the message", "body of the message", $headers); Expected result: ---------------- 1) Everything after '\n\n' will be truncated and '\n\n' will be changed to '\n' to not corrupt the headers To: icebraker@icebraker.org Subject: subject of the message From: owner@domain.org Subject: Viagra body of the message 2)PHP can return an error message that there can't be a '\n\n' in aguments 'to'. Actual result: -------------- To: icebraker@icebraker.org Subject: subject of the message From: owner@domain.org Subject: Viagra Buy a viagra in our eshop - it's for free!!! . body of the message