We pass an empty value to mail() and we use headers to set the "To" field. This is wrong.
-- Andrea
From 707448a0cfa265c3908f62d34cfc4b2860652802 Mon Sep 17 00:00:00 2001 From: Andrea Scarpino <[email protected]> Date: Wed, 10 Mar 2010 18:03:51 +0100 Subject: [PATCH] remove empty To field (FS#17584) --- web/lib/pkgfuncs.inc | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index a4a2dfc..74d418f 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -623,8 +623,8 @@ function pkg_flag ($atype, $ids, $action = True) { # construct email $body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . ". You may view your package at:\nhttp://aur.archlinux.org/packages.php?ID="; . $row['ID']; $body = wordwrap($body, 70); - $headers = "To: ".$row['Email']."\nReply-to: [email protected]\nfrom:[email protected]\nx-mailer: PHP\nX-MimeOLE: Produced By AUR\n"; - @mail(' ', "AUR Out-of-date Notification for ".$row['Name'], $body, $headers); + $headers = "Reply-to: [email protected]\nfrom:[email protected]\nx-mailer: PHP\nX-MimeOLE: Produced By AUR\n"; + @mail($row['Email'], "AUR Out-of-date Notification for ".$row['Name'], $body, $headers); } } } -- 1.7.0.2
