#15509 [Com]: fifth argument in mail only supports one parameter and no spaces

Fri, 01 Nov 2002 04:32:27 -0800 

 ID:               15509
 Comment by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Closed
 Bug Type:         Mail related
 Operating System: Linux RedHat 7.1
 PHP Version:      4.1.1
 New Comment:

I think the security issue of the fifth parameter is a
red herring, as the parameter will rarely ("never") contain
anything not explicitly written by the programmer.  That
is, it will "never" contain arbitrary web page input.

I need to do "-odd [EMAIL PROTECTED]", which, with the
current restriction, means that I have to write my own
mail() function, which shouldn't really be necessary for
something like this ("odd" sets deferred delivery, dumping
mail in the queue for the daemon to pick up later).

I have in fact made a (very clean) patch against PHP-4.2.3
ext/mail.c to allow multiple params, I'll be happy to pass
it on.

  -- Per


Previous Comments:
------------------------------------------------------------------------

[2002-08-17 20:17:13] [EMAIL PROTECTED]

mail ('foo','bar','[EMAIL PROTECTED]','',';killall -9 httpd');

(of course this will only kill httpd's running as the httpd user)

Derick

------------------------------------------------------------------------

[2002-08-17 17:08:57] [EMAIL PROTECTED]

what are the security issues involved in passing multiple parameters.

------------------------------------------------------------------------

[2002-06-10 11:25:06] [EMAIL PROTECTED]

The behaviour was changed for security reason, only one parameter can
be passed, even when spaces are in the parameter.

------------------------------------------------------------------------

[2002-06-10 10:30:34] [EMAIL PROTECTED]

I don't have safe-mode enabled - in php.ini

;
; Safe Mode
;
safe_mode = Off

Thanks!

Andreia

------------------------------------------------------------------------

[2002-06-02 18:26:17] [EMAIL PROTECTED]

Do you have safe_mode enabled?

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/15509

-- 
Edit this bug report at http://bugs.php.net/?id=15509&edit=1

Reply via email to