Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:32305 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 44925 invoked by uid 1010); 12 Sep 2007 23:04:57 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 44910 invoked from network); 12 Sep 2007 23:04:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Sep 2007 23:04:57 -0000 Authentication-Results: pb1.pair.com smtp.mail=david.coallier@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=david.coallier@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 64.233.162.228 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: david.coallier@gmail.com X-Host-Fingerprint: 64.233.162.228 nz-out-0506.google.com Received: from [64.233.162.228] ([64.233.162.228:22171] helo=nz-out-0506.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 05/BC-11738-89078E64 for ; Wed, 12 Sep 2007 19:04:57 -0400 Received: by nz-out-0506.google.com with SMTP id x7so238144nzc for ; Wed, 12 Sep 2007 16:04:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=Vj7fwd1qoRpkdgNdMxUfuMWbxmxNoqKHy8NRAeup/qM=; b=dNVx/BNr1ec6uGov3H3mf3vi1kgwGf7NWhP1xcI6etKnpJl/u91+2UJ22FpxBiUTmes9zCzHRFjYZ9+O4bFSqKpSP6Z8ac+TiiT6pFZzN4V8udGP1P/FIHWbEbpO7O6KgNiuuQTlqK4iUWzdNDit50wTM6dVbBpGGyQn4LWfj3M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=K7ICkJbCY4NgVPc27m/n2UEnFB93vlf3XY+MbysX4k7GmmMa/axxpjl2y3BfgLrYBE7GoaxDUsxfFIneSjx9BwUDeN3V2JUaTsmKO+ORZmFKTLk4GJWpFovUBYQpIl8i4eDT9feF1JNzuCiBrcdrW28ybwPOK8Awgs88gkc5K5U= Received: by 10.142.231.7 with SMTP id d7mr25451wfh.1189638293478; Wed, 12 Sep 2007 16:04:53 -0700 (PDT) Received: by 10.140.127.15 with HTTP; Wed, 12 Sep 2007 16:04:53 -0700 (PDT) Message-ID: Date: Wed, 12 Sep 2007 19:04:53 -0400 Sender: david.coallier@gmail.com To: "Stanislav Malyshev" Cc: "PHP Internals" In-Reply-To: <46E86C0A.5020402@zend.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46E86C0A.5020402@zend.com> X-Google-Sender-Auth: 64716f70ce8610b3 Subject: Re: [PHP-DEV] mail.force_extra_parameters From: davidc@php.net ("David Coallier") On 9/12/07, Stanislav Malyshev wrote: > Would anyone object to disallowing setting mail.force_extra_parameters > from .htaccess? The problem is that mail.force_extra_parameters can pass > arbitrary arguments to mail tool, and some mail tools (especially one, > guess which ;) have a lot of parameters, that allow, in particular, > reading and writing arbitrary files - which may be a problem with > safe_mode (yes, I know, but we are still in 5.x) and open_basedir. > I understand that mail.force_extra_parameters was meant for sysadmins > anyway, so disallowing .htaccess to change it seems ok. Objections? > -- You definitely got a +10000 from me for the exact same reasons, it's for sysadmins and if you have that in your .htaccess I believe this is a problem. > Stanislav Malyshev, Zend Software Architect > stas@zend.com http://www.zend.com/ > (408)253-8829 MSN: stas@zend.com > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- David Coallier, Founder & Software Architect, Agora Production (http://agoraproduction.com) 51.42.06.70.18