> Add this line: extra_cmd=NULL;
> in file ext/standard/mail.c, (line #152, juste before if (extra_cmd !=
> NULL) { ) :
> and recompile php.
You can also use extra_cmd = php_escape_shell_cmd(extra_cmd);
to unescape all characters.
In latest CVS you can see
extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4]));
But it is not a suffisant check because php_escape_shell_arg
does not escape all charaters.
See ext/standard/exec.c for php_escape_shell_* code.
- php mail function bypass safe_mode restriction Laurent Sintes
- Re: php mail function bypass safe_mode restriction Salim Gasmi
- Re: php mail function bypass safe_mode restriction Laurent Sintes
- Re: php mail function bypass safe_mode restriction Laurent Sintes
- Re: php mail function bypass safe_mode restriction Stuart Moore
