> > -----Original Message-----
> > From: Michael Geier, CDM Systems Admin [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 19, 2001 9:39 AM
> > To: PHP Mailing List
> > Subject: [PHP] PHP mail() security hole on 4.0.5+
> >
> >
> > http://www.net-security.org/text/bugs/995534103,28541,.shtml
>
> Anyone have suggestions on a quick fix for this? Is there some sort of
> validation on the user input that should be done?
Note that it is only a problem on shared servers where safe-mode is turned
on. For those servers a really quick-fix is to disable the mail function
in your php.ini file.
A better fix is to apply this patch:
http://cvs.php.net/viewcvs.cgi/php4/ext/standard/mail.c.diff?r1=text&tr1=1.33&r2=text&tr2=1.38&diff_format=u
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
