On Thu, December 14, 2006 11:29 am, Rick Widmer wrote: >> Cracking point. Putting the domain in a header would make this far >> more >> useful, and I don't think that's too much info to include in a >> header. >> Ideally it would be the full URL, and I have to say that I don't >> think >> that's too much information for a mail header, and it's exactly what >> would be needed. > > I agree. The most useful information you can possibly put in the > header > is the full URL of the script that sent the message.
So if it's a cronjob in a shell script, what do you get?... The full path to the script? Just askin', not trying to score points or anything. I suspect ISPs would LOVE to have this. I know my ISP had to write a perl script to search all his clients' source for calls to mail() and then patched their PHP scripts for them to shut down the huge surge of header-injections awhile back. He emailed us all and told us what he did, and I daresay most of his clients had no idea what he was talking about, but were happy to let him fix their scripts to help fight spam. If it defaults to "off" and the host turns it "on" and that opens up the security hole of exposing the inner workings of a site... This does need some consideration, I think, but I suspect 99.9% of installations would love this feature, and it wouldn't expose anything at all that isn't already exposed -- And most of the remaining 0.1% would be run by people who have half a clue and understand the implications of turning it on in the first place. Or are y'all thinking default it to "on" in future releases? -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
