ID: 20371
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Bogus
Bug Type: Documentation problem
Operating System: FreeBSD
PHP Version: 4.2.3
New Comment:
It's right there in the NEWS file:
- Disabled the fifth parameter in mail() when safe-mode is turned on.
(Derick)
And for that matter, it is also in the ChangeLog:
2002-07-02 Derick Rethans <[EMAIL PROTECTED]>
* ext/standard/mail.c:
- Be nice to users and allow them to check if the mail was send
* ext/standard/mail.c: - Disable 5th parameter to mail in safemode
- Disabled the fifth parameter to the mail function in safemode.
And yes, we will continue to fix security problems in minor releases.
This was a nasty security hole and needed to be fixed.
Previous Comments:
------------------------------------------------------------------------
[2002-11-11 16:51:24] [EMAIL PROTECTED]
The PHP Changelog for 4.2.3 does not mention the inclusion of a new
directive in Safe Mode to restrict the 5th parameter in the mail()
function.
Quoting somewhere:
"This fifth parameter was added in PHP 4.0.5. Since PHP 4.2.3 this
parameter is disabled in safe_mode and the mail() function will expose
a warning message and return FALSE if you're trying to use it."
There is no mention of this in the Change Log. For PHP, a very widly
used piece of software, i find it totally insane that such a major
change has been implemented in a minor release update. And not only
that, for it to not even be mentioned on the change log!!
It would seem that the Change log is not a valid source of information
- since it cannot even be trusted to include major changes. I would
reccomend slapping whoever comitted this change.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20371&edit=1
--
PHP Documentation Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
