On 13 Sep 2007, at 1:04 AM, David Coallier wrote:
On 9/12/07, Stanislav Malyshev <[EMAIL PROTECTED]> wrote:
Would anyone object to disallowing setting
mail.force_extra_parameters
from .htaccess? The problem is that mail.force_extra_parameters
can pass
arbitrary arguments to mail tool, and some mail tools (especially
one,
guess which ;) have a lot of parameters, that allow, in particular,
reading and writing arbitrary files - which may be a problem with
safe_mode (yes, I know, but we are still in 5.x) and open_basedir.
I understand that mail.force_extra_parameters was meant for sysadmins
anyway, so disallowing .htaccess to change it seems ok. Objections?
--
You definitely got a +1 from me for the exact same reasons, it's
for sysadmins and if you have that in your .htaccess I believe this is
a problem.
+1 One less thing for users to change.
Regards
--jm
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] http://www.zend.com/
(408)253-8829 MSN: [EMAIL PROTECTED]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
David Coallier,
Founder & Software Architect,
Agora Production (http://agoraproduction.com)
51.42.06.70.18
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
