|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35659 Insecure arguments 'to', 'subject' and 'headers' - ISP problem related
Submitted: 2005-12-13 13:42 UTC Modified: 2005-12-13 15:43 UTC
Avg. Score:4.6 ± 0.8
Reproduced:14 of 14 (100.0%)
Same Version:5 (35.7%)
Same OS:7 (50.0%)
From: icebraker at icebraker dot org Assigned:
Status: Wont fix Package: Mail related
PHP Version: 4.4.1 OS: Irrelevant
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: icebraker at icebraker dot org
New email:
PHP Version: OS:


 [2005-12-13 13:42 UTC] icebraker at icebraker dot org
Function arguments are not checked for end of headers '\n\n'.
When you add for ex. to unchecked 'headers' argument your own headers with '\n\n' and a body after the '\n\n', the rest of you original message will be after this hacked message.

A huge count of spam is sent by this feature, because people can't write their srcipts safe at first, but these arguments should be checked for '\n\n' to not be hackable.

Reproduce code:
$email = "\nSubject: Viagra\n\nBuy a viagra in our eshop - it's for free!!!\n.\n\n\n\n\n";

headers = "From: $email\nX-Mailer: PHP";

Mail("", "subject of the message", "body of the message", $headers);

Expected result:
1) Everything after '\n\n' will be truncated and '\n\n' will be changed to '\n' to not corrupt the headers

Subject: subject of the message
Subject: Viagra

body of the message

2)PHP can return an error message that there can't be a '\n\n' in aguments 'to'.

Actual result:
Subject: subject of the message
Subject: Viagra

Buy a viagra in our eshop - it's for free!!!

body of the message


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-13 14:44 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Nov 26 16:05:52 2022 UTC