php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17568 Fifth parameter doesn't work correct
Submitted: 2002-06-02 18:24 UTC Modified: 2002-08-26 19:32 UTC
From: ruudb at stress dot utwente dot nl Assigned:
Status: Closed Package: Mail related
PHP Version: 4.2.1 OS: Debian GNU/Linux 2.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ruudb at stress dot utwente dot nl
New email:
PHP Version: OS:

 

 [2002-06-02 18:24 UTC] ruudb at stress dot utwente dot nl
A small scripting part:

--=[ CUT ]=--
$params="-f".$userinfo[$i][sa_email]." -O deliverymode=q";
mail($to, $subject, $message, $header, $params);
--=[ CUT ]=--

This used to work in the PHP 4.0.6 version, but since 4.1.0 this results in sendmail errors:

Jun  2 23:49:38 iBBS-01 sendmail[2930]: XAA02930: to=removed.address@stress.utwente.nl -O deliverymode=q, delay=00:00:00, xdelay=00
:00:00, mailer=esmtp, relay=stress.utwente.nl.-o.deliverymode=q, stat=Host unknown (Name server: stress.utwente.nl.-o.delivery
mode=q: host not found)

I think the sequence in which paramters are offered to sendmail has changed from PHP 4.0.6 to PHP 4.1.0. The problem still persists in PHP 4.2.1.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-02 18:31 UTC] mfischer@php.net
The fifth one doesn't work because it contains a space. Only one parameter without space is allowed currently . . .
 [2002-06-02 18:36 UTC] ruudb at stress dot utwente dot nl
Thanks for your extremely fast answer. Anyway, it is a real problem in that case. From the sendmail docs:  "Note that there _must_ be a space between the letter 'O' and the name of the option."

Btw, the combination of these two options worked in the 4.0.5/4.0.6 version of PHP.
 [2002-06-02 18:38 UTC] mfischer@php.net
I don't like this behaviour either but there are some pretty security concerns here. Maybe this can be sorted out, but I can't tell you anything right now. Don't count on this being changed soon.
 [2002-06-02 18:40 UTC] derick@php.net
Not allowing a space is not totally true. The parameter is escaped accoding the rules of shell_escape (which add's ' around the script and escapes existing ''s).

Derick
 [2002-08-26 19:32 UTC] mfischer@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

Kudos to Derick, he fixed the issue.

Basically, if safe_mode is on, the fifth parameter is prohibited. If it's off, it now should work with spaces to (right Derick?), closing.
 [2002-12-11 17:12 UTC] kd6lvw at att dot net
If there can be only ONE optional 5th parameter, then the PHP documentation needs to reflect that.  I tried to do a
"-f$SENDER -pHTTP:$SERVER_NAME ..." (i.e. 2 or more parameters) and found that it was all passed as a single string (the entire string treated as the target of the "-f").  I am using PHP 4.2.3 and Sendmail 8.12.6 under Linux (kernel 2.4.20).

Please fix this by chopping this up into the appropriate argv/argc type array when exec'ing the mail program.  If necessary, redefine the 5th parameter as type=ARRAY.

I looked at the source code for the mail function and noted that before the exec call, the string passed is effectively SENDMAIL_PATH+" "+5th_PARAMETER (i.e. system() usable!), but apparently, it's not being parsed correctly after that in the exec routine.  This would be the fault of the popen() function or the php_escape_shell_arg() function that was recently added as a prior workaround.  I suspect the workaround, as the popen() function is a system library function that does do a system()-type call in a pipe.

If I comment out the php_escape_shell_arg() call in ext/standard/mail.c, then the multiple parameters work, except for any "to" addresses also passed in this parameter list for setting the envelope (regardless of being bracketed by "<>" or not).  I haven't tried this with an addslashes() call.  Therefore, I conclude that your php_escape_shell_arg() call may have fixed one problem but also introduced another.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 14:01:29 2024 UTC