Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:32307 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67640 invoked by uid 1010); 13 Sep 2007 09:59:07 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 67625 invoked from network); 13 Sep 2007 09:59:07 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Sep 2007 09:59:07 -0000 Authentication-Results: pb1.pair.com smtp.mail=jacques@siberia.co.za; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=jacques@siberia.co.za; sender-id=pass Received-SPF: pass (pb1.pair.com: domain siberia.co.za designates 72.21.46.202 as permitted sender) X-PHP-List-Original-Sender: jacques@siberia.co.za X-Host-Fingerprint: 72.21.46.202 prometheus.powertrip.co.za NetCache 5.3-5.5 Received: from [72.21.46.202] ([72.21.46.202:58421] helo=prometheus.powertrip.co.za) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 48/08-09686-7E909E64 for ; Thu, 13 Sep 2007 05:59:05 -0400 Received: from dsl-145-248-123.telkomadsl.co.za ([165.145.248.123] helo=[10.0.0.1]) by prometheus.powertrip.co.za with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.61 (FreeBSD)) (envelope-from ) id 1IVlTK-0001wo-54; Thu, 13 Sep 2007 11:59:00 +0200 In-Reply-To: References: <46E86C0A.5020402@zend.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: Cc: "Stanislav Malyshev" , "PHP Internals" Content-Transfer-Encoding: 7bit Date: Thu, 13 Sep 2007 11:58:12 +0200 To: David Coallier X-Mailer: Apple Mail (2.752.3) X-Scan-Signature: e545c91e2b70b2fdf36b8000c6b48c73 X-Authenticated-Sender: jacques@powertrip.co.za Subject: Re: [PHP-DEV] mail.force_extra_parameters From: jacques@siberia.co.za (Jacques Marneweck) On 13 Sep 2007, at 1:04 AM, David Coallier wrote: > On 9/12/07, Stanislav Malyshev wrote: >> Would anyone object to disallowing setting >> mail.force_extra_parameters >> from .htaccess? The problem is that mail.force_extra_parameters >> can pass >> arbitrary arguments to mail tool, and some mail tools (especially >> one, >> guess which ;) have a lot of parameters, that allow, in particular, >> reading and writing arbitrary files - which may be a problem with >> safe_mode (yes, I know, but we are still in 5.x) and open_basedir. >> I understand that mail.force_extra_parameters was meant for sysadmins >> anyway, so disallowing .htaccess to change it seems ok. Objections? >> -- > > You definitely got a +10000 from me for the exact same reasons, it's > for sysadmins and if you have that in your .htaccess I believe this is > a problem. > +1 One less thing for users to change. Regards --jm > >> Stanislav Malyshev, Zend Software Architect >> stas@zend.com http://www.zend.com/ >> (408)253-8829 MSN: stas@zend.com >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > > -- > David Coallier, > Founder & Software Architect, > Agora Production (http://agoraproduction.com) > 51.42.06.70.18 > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >