Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57532 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 72313 invoked from network); 27 Jan 2012 09:37:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jan 2012 09:37:59 -0000 Authentication-Results: pb1.pair.com smtp.mail=martin@divbyzero.net; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=martin@divbyzero.net; sender-id=unknown Received-SPF: error (pb1.pair.com: domain divbyzero.net from 87.230.111.147 cause and error) X-PHP-List-Original-Sender: martin@divbyzero.net X-Host-Fingerprint: 87.230.111.147 mx.bauer-kirch.de Linux 2.6 Received: from [87.230.111.147] ([87.230.111.147:47808] helo=mx.bauer-kirch.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3C/62-33641-570722F4 for ; Fri, 27 Jan 2012 04:37:58 -0500 Received: by mx.bauer-kirch.de with ESMTP id 1RqiFm-0004sA-Br; Fri, 27 Jan 2012 10:37:54 +0100 Message-ID: <4F227072.10004@divbyzero.net> Date: Fri, 27 Jan 2012 10:37:54 +0100 MIME-Version: 1.0 To: internals@lists.php.net Content-Type: multipart/mixed; boundary="------------060205000803040501000807" Subject: mail.add_x_header set to on in php.ini-production From: martin@divbyzero.net (Martin Jansen) --------------060205000803040501000807 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Is there any intention behind enabling the mail.add_x_header configuration directive in php.ini-production? http://lxr.php.net/opengrok/xref/PHP_TRUNK/php.ini-production#1018 This setting exposes (sort of) sensitive information about application deployments to third parties while IMO having no apparent advantage for production environments. The trivial patch to revert this behavior is attached in case you agree with me. - Martin --------------060205000803040501000807 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="php.ini-production.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="php.ini-production.patch" Index: php.ini-production =================================================================== --- php.ini-production (revision 322840) +++ php.ini-production (working copy) @@ -1016,7 +1016,7 @@ ;mail.force_extra_parameters = ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = On +mail.add_x_header = Off ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers. --------------060205000803040501000807--