Bugtraq mailing list archives
Re: php mail function bypass safe_mode restriction
From: Laurent Sintes <sintes () nfrance com>
Date: Wed, 18 Jul 2001 20:03:39 +0200
Add this line: extra_cmd=NULL;
in file ext/standard/mail.c, (line #152, juste before if (extra_cmd !=
NULL) { ) :
and recompile php.
You can also use extra_cmd = php_escape_shell_cmd(extra_cmd); to unescape all characters. In latest CVS you can see extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4])); But it is not a suffisant check because php_escape_shell_arg does not escape all charaters. See ext/standard/exec.c for php_escape_shell_* code.
Current thread:
- php mail function bypass safe_mode restriction Laurent Sintes (Jul 18)
- Re: php mail function bypass safe_mode restriction Salim Gasmi (Jul 18)
- Re: php mail function bypass safe_mode restriction Laurent Sintes (Jul 19)
- <Possible follow-ups>
- Re: php mail function bypass safe_mode restriction Laurent Sintes (Jul 19)
- Re: php mail function bypass safe_mode restriction Jon Ribbens (Jul 19)
- Re: php mail function bypass safe_mode restriction Stuart Moore (Jul 19)
- Re: php mail function bypass safe_mode restriction Salim Gasmi (Jul 18)