From: [EMAIL PROTECTED] Operating system: LInux Red Hat PHP version: 4.1.2 PHP Bug Type: Mail related Bug description: Additional MTA argument shell ESCAPING IS USELESS
Dear PHP People! ext/standard/mail.c(124): extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4])); I find shell escaping of the 5th argument of mail() useless, because IT PREVENTS ME FROM GIVING MORE THAN ONE OPTION TO MY MTA ! Sendmail `[EMAIL PROTECTED]' is DEFINETELY NOT the only one use of the 5th argument! Consider `long' sendmail options: -O DeliveryMode=q -O ErrorMode=q This became /usr/sbin/sendmail -i -t '-O DeliveryMode=q -O ErrorMode=q' ... and completely disabled my script functionality ! If I need shell escaping, I can do it myself! Ask Yourself: why should PHP care about some (brain-damaged) coders who passess arbitrary strings to popen() without escaping? -- Edit bug report at http://bugs.php.net/?id=16488&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=16488&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=16488&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=16488&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=16488&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=16488&r=support Expected behavior: http://bugs.php.net/fix.php?id=16488&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=16488&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=16488&r=submittedtwice
