ID: 20371
Updated by: [EMAIL PROTECTED]
-Summary: 4.2.3 Change Log/NEWS file missing mail() 5th Param
Value
Reported By: [EMAIL PROTECTED]
Status: Open
-Bug Type: Documentation problem
+Bug Type: Unknown/Other Function
Operating System: FreeBSD
PHP Version: 4.2.3
New Comment:
Okay, someone put this in the wrong NEWS.
http://www.php.net/php4news
This is not a doc problem, reclassified so this will make it to php-dev
not phpdoc. Someone needs to edit NEWS.
Previous Comments:
------------------------------------------------------------------------
[2002-11-12 22:16:56] [EMAIL PROTECTED]
Updated Summary to make it more relevant.
------------------------------------------------------------------------
[2002-11-12 22:03:49] [EMAIL PROTECTED]
In the source of 4.2.3 that I downloaded, the code has been changed to
include this check in safe mode.
It is not in the 4.2.3 NEWS file in the source I downloaded, or on the
4.2.3 Change Log: http://www.php.net/ChangeLog-4.php
As I say, it has been comitted to the 4.2.3 source as far as I can see,
the code is right here in mail.c:
if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
php_error(E_WARNING, "%s(): SAFE MODE Restriction in effect. The
fifth parameter is disabled in SAFE MODE.",
get_active_function_name(TSRMLS_C));
RETURN_FALSE;
}
Am I to understand this has been documented as a 4.3.0 change?
------------------------------------------------------------------------
[2002-11-12 19:18:34] [EMAIL PROTECTED]
It's not listed in that changelog because that changelog updates
depending on current stable PHP version. It does not show 4.3.0
entries as the current stable version is 4.2.3
The question is when did this _really_ get committed? It's in the
4.3.0 NEWS yet is currently documented as a 4.2.3 change. I am
assuming this is a documentation bug for now.
------------------------------------------------------------------------
[2002-11-11 17:06:35] [EMAIL PROTECTED]
It is however not mentioned on:
http://www.php.net/ChangeLog-4.php
It is not mentioned on this change log that it is
summarised/incomplete. While it may be mentioned elsewhere, this is
more a complaint about the front page change log than anything else.
------------------------------------------------------------------------
[2002-11-11 17:01:49] [EMAIL PROTECTED]
It's right there in the NEWS file:
- Disabled the fifth parameter in mail() when safe-mode is turned on.
(Derick)
And for that matter, it is also in the ChangeLog:
2002-07-02 Derick Rethans <[EMAIL PROTECTED]>
* ext/standard/mail.c:
- Be nice to users and allow them to check if the mail was send
* ext/standard/mail.c: - Disable 5th parameter to mail in safemode
- Disabled the fifth parameter to the mail function in safemode.
And yes, we will continue to fix security problems in minor releases.
This was a nasty security hole and needed to be fixed.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/20371
--
Edit this bug report at http://bugs.php.net/?id=20371&edit=1
