On 13-Dec-06, at 5:12 PM, Stut wrote:
Ilia Alshanetsky wrote:
Is there any interest in adding support for logging of mail()
calls and/or adding options that allow identification of who sent
the e-mail.
I've wrote a quick patch that enables this functionality via two
ini settings controllable via php.ini or per-virtual host.
The first option, mail.add_x_header (boolean) allows you to enable
the addition of the X-PHP-Originating-Script header to each mail
sent by mail(), which will include the uid of the script and its
name. The combination of the two should be sufficient to identify
the user to whom the script belongs and via a simple find command
locate the actual script. This option is intended primarily for
instances where you have a bounced e-mail or a forwarded mail with
a spam complaint, allowing you to quickly identify the offender.
The second option, mail.log (takes a filename) allows you to
enable logging of every single mail() call, each log line will
include the fullpath of the file and the line where the mail() was
called from in addition to the "To" address and any headers (to
keep track of CC, BCC) that were part of the function call. To
ensure that each log line is 1 line long, \r and \n are replaced
with spaces.
The patch that makes this possible can be found here:
http://ilia.ws/uploads/patches/mail_log.txt.gz
Yes, yes, yes, a thousand times yes. I'm assuming the filename is
the full path and filename? Couldn't that be considered a security
risk?
Only in the log file, for the header only the filename is included,
so there is no security risk here.
IMHO it would be better to have an option that would provide the
domain name and the filename relative to the site root (if available).
Also, I'm assuming this is configurable via php_flag in an Apache
configuration file?
It can be controlled via httpd.conf but not via .htaccess.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
