Is there any intention behind enabling the mail.add_x_header configuration directive in php.ini-production?
http://lxr.php.net/opengrok/xref/PHP_TRUNK/php.ini-production#1018 This setting exposes (sort of) sensitive information about application deployments to third parties while IMO having no apparent advantage for production environments. The trivial patch to revert this behavior is attached in case you agree with me. - Martin
Index: php.ini-production =================================================================== --- php.ini-production (revision 322840) +++ php.ini-production (working copy) @@ -1016,7 +1016,7 @@ ;mail.force_extra_parameters = ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = On +mail.add_x_header = Off ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
