From: reveille187 at hotmail dot com
Operating system: win32 xp sp1
PHP version: 4.3.2
PHP Bug Type: *Mail Related
Bug description: Send mail from any address
Description:
------------
I'm not sure if anyone else noticed this... I run php 4.3.2 on my windows
xp pc with apache 1.3. I don't have a domain name, and while exploring
options on how to send mail from my pc, I found out you could send email
from any address to anyone else without knowing thier password. Eg/ I
could send hate mail from [EMAIL PROTECTED] where my real address is
[EMAIL PROTECTED]
Reproduce code:
---------------
<?php
ini_set("SMTP", "smtp.example.com");
ini_set("sendmail_from", "[EMAIL PROTECTED]");
mail("[EMAIL PROTECTED]", "Hate mail subject", "Body Text");
?>
Expected result:
----------------
An email in my inbox from you.
Actual result:
--------------
Same as above.
--
Edit bug report at http://bugs.php.net/?id=25683&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25683&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25683&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25683&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25683&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25683&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25683&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25683&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25683&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25683&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25683&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25683&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25683&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25683&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25683&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25683&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=25683&r=float
