> > -----Original Message-----
> > From: Michael Geier, CDM Systems Admin [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 19, 2001 9:39 AM
> > To: PHP Mailing List
> > Subject: [PHP] PHP mail() security hole on 4.0.5+
> >
> >
> > http://www.net-security.org/text/bugs/995534103,28541,.shtml
> Anyone have suggestions on a quick fix for this? Is there some sort of
> validation on the user input that should be done?

Note that it is only a problem on shared servers where safe-mode is turned
on.  For those servers a really quick-fix is to disable the mail function
in your php.ini file.

A better fix is to apply this patch:



PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to