Author: d-killer
Description:
+++ UserMailer.php~ 2004-10-08 00:42:46.000000000 +0200
@@ -52,7 +52,7 @@
$wgErrorString = ""; set_error_handler( "mailErrorHandler" );
Version: unspecified
Severity: normal
OS: Linux
Platform: PC
Brion: this is already fixed together with my Enotif patch since several weeks.
For Enotif see http://bugzilla.wikipedia.org/show_bug.cgi?id=454 . For those
being interested why the optional fifth parameter is necessary: read PHP manual
mail() function.
Tom
-f sets the envelope sender in the SMTP headers, not the From: address in the e-mail.
Using the from address for this would usually be incorrect and would result in many mails
being dropped as spam (eg by SPF checking). It could also result in bounce messages being
sent to the From: address, which could violate out privacy policy. Using the server admin
contact address from LocalSettings.php would likely very often be incorrect and result in
mails being dropped as spam (eg by SPF checking).
Use of the additional parameters field is also disabled in safe mode, and would break all e-
mail sending.
At worst, dropping the address into the command-line parameter could be a security
vulnerability if not escaped properly.
If the envelope sender needs to be set differently, the web server's php.ini should ensure
that this is set correctly.
(In reply to comment #2)
-f sets the envelope sender in the SMTP headers, not the From: address in the
e-mail.
Using the from address for this would usually be incorrect and would result in
many mails
being dropped as spam (eg by SPF checking). It could also result in bounce
messages being
sent to the From: address, which could violate out privacy policy. Using the
server admin
contact address from LocalSettings.php would likely very often be incorrect
and result in
mails being dropped as spam (eg by SPF checking).
Use of the additional parameters field is also disabled in safe mode, and
would break all e-
mail sending.
At worst, dropping the address into the command-line parameter could be a
security
vulnerability if not escaped properly.
If the envelope sender needs to be set differently, the web server's php.ini
should ensure
that this is set correctly.
(copying all for completeness)
Brion,
someone has contacted me, who runs a wiki hosted on an external server, and PHP
SAFE MODE is enabled there.
The wiki mail functions do not work which is due to this -f envelope parameter
and safe mode enabled (which he perhaps cannot disable).
What will be the best suggestion and solution for these cases ?
What should the user change within the UserMailer() mail function or somewhere
else ?
Remark for all:
this php mail() problem is not restricted to the enotif functions; it is vital
for _all_ wiki mail functions such as "Mail me a new password" or "EmailUser"
which all go via UserMailer:UserMailer() .
Thanks in advance for assistance
Tom