RE: [PHP] PHP mail() security hole on 4.0.5+
-Original Message- From: Michael Geier, CDM Systems Admin [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 9:39 AM To: PHP Mailing List Subject: [PHP] PHP mail() security hole on 4.0.5+ http://www.net-security.org/text/bugs/995534103,28541,.shtml Anyone have suggestions on a quick fix for this? Is there some sort of validation on the user input that should be done? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP mail() security hole on 4.0.5+
-Original Message- From: Michael Geier, CDM Systems Admin [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 9:39 AM To: PHP Mailing List Subject: [PHP] PHP mail() security hole on 4.0.5+ http://www.net-security.org/text/bugs/995534103,28541,.shtml Anyone have suggestions on a quick fix for this? Is there some sort of validation on the user input that should be done? Note that it is only a problem on shared servers where safe-mode is turned on. For those servers a really quick-fix is to disable the mail function in your php.ini file. A better fix is to apply this patch: http://cvs.php.net/viewcvs.cgi/php4/ext/standard/mail.c.diff?r1=texttr1=1.33r2=texttr2=1.38diff_format=u -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]