-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED]
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Would anyone object to disallowing setting mail.force_extra_parameters
from .htaccess? The problem is that mail.force_extra_parameters can pass
arbitrary arguments to mail tool, and some mail tools (especially one,
guess which ;) have a lot of parameters, that allow, in particular,
reading and writing arbitrary files - which may be a problem with
safe_mode (yes, I know, but we are still in 5.x) and open_basedir.
I understand that mail.force_extra_parameters was meant for sysadmins
anyway, so disallowing .htaccess to change it seems ok. Objections?
- [PHP-DEV] mail.force_extra_parameters Stanislav Malyshev
- Re: [PHP-DEV] mail.force_extra_parameters David Coallier
- Re: [PHP-DEV] mail.force_extra_parameters Jacques Marneweck
