Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97631 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81797 invoked from network); 9 Jan 2017 16:23:25 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Jan 2017 16:23:25 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.174 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 209.85.161.174 mail-yw0-f174.google.com Received: from [209.85.161.174] ([209.85.161.174:33182] helo=mail-yw0-f174.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 82/2C-31343-CF8B3785 for ; Mon, 09 Jan 2017 11:23:25 -0500 Received: by mail-yw0-f174.google.com with SMTP id l75so11885507ywb.0 for ; Mon, 09 Jan 2017 08:23:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+uiHBjNVrzPvLJ296j83LIpMJH37wGSXy2TR+cw+C6M=; b=GMN4Sn0cF6TSdgI4GKktscHCEjcj4ZEfuKDyA9HNlQDdv3/UOHel4hotZcrpl+mfEm AmGeJJAgsoFjwKRL8aL0v17p4iFgAJT0sZdqxaVV1QHcWkAT0V2j9QarNwDfPKGBZrIY 1ZmzNNF7FIGa2NB/fz/l+xb0BLUZS3oY68kgN89b5fLpfHxzaxxl4R3ZKQox6Q4WhP6Y rdDMN0+NG1cJ6/vpfE5feQXzEiyZzJpwCYB6hzWvaEwb29MHKSGPVWPODC8p2f5dFVpP pjnNgXEg7l4/06RK+My14t4XDP+IN3zk52hS9ETDHL/VerxyX/yjxIfH5H8Ulpo95Apz 2DHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+uiHBjNVrzPvLJ296j83LIpMJH37wGSXy2TR+cw+C6M=; b=gL1M1N4nA8tixX2puOLGP/OqgFNjZIUKJEPIhfj+StPnS9LJu39ZmOGuN5J+SYEvc5 iZ3rgMH+6RdJR2mqOopA1yIoJemJwz8JEKogCILlBMMWeDH1Su39JKrTkJr/PlRyOdUt YR3rE+E2G2U+lZGQBa6pBGavFrCay0AUtvO+Kd4BIULeVPIFJiWR4RUnDlFqRIbLrogQ IjSLUun3fvdxqNjRuViP4ebDySv5qq2DdiyxCKYMd8QMjbDclhtlg43J4ytlndB1MJcc nj9m+HQ+2/nQY44g9F5qnZPB7IuWPPcvKx4hTC9j7YGNV3U5fpedXc3AZj6GQD3n0SsS C12g== X-Gm-Message-State: AIkVDXKXJrsaeCV4w28eLiRtG1VvYP101kw3YBjYXllslTMWHQYfxhHVZAGkH9gH+f85i3xAxzzmzn0ovc1y5w== X-Received: by 10.129.65.5 with SMTP id o5mr86841675ywa.324.1483979002095; Mon, 09 Jan 2017 08:23:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.80.215 with HTTP; Mon, 9 Jan 2017 08:23:21 -0800 (PST) In-Reply-To: References: Date: Mon, 9 Jan 2017 17:23:21 +0100 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=f403045e6a86462cda0545abc981 Subject: Re: [PHP-DEV] Re: Improving mail() 5th parameter handling From: nikita.ppv@gmail.com (Nikita Popov) --f403045e6a86462cda0545abc981 Content-Type: text/plain; charset=UTF-8 On Sun, Jan 8, 2017 at 11:56 PM, Yasuo Ohgaki wrote: > Hi Nikita and all, > > On Mon, Jan 9, 2017 at 7:31 AM, Nikita Popov wrote: > >> Without this option, how do you specify the envelope sender? That seems >> to be the primary use-case. > > > Indeed, it seems it is. > It could be set by mail.force_extra_parameters. I agree this isn't a great > way to do, but the obstacle may help users to notice risks. > > Parameters must be validated still, but it will help in most cases and I > don't mind writing patch for arrayed 'addtional_parameter'. In this case, > I'll just fix this as normal bug fix and post proposed patch before commit. > Any comments on this? > Allowing an array for additional_parameter sounds reasonable. Before committing a patch, please lets make sure that people from phpmailer and other people familiar with the recent exploits verify it. Nikita --f403045e6a86462cda0545abc981--