> Add this line: extra_cmd=NULL; > in file ext/standard/mail.c, (line #152, juste before if (extra_cmd != > NULL) { ) : > and recompile php. You can also use extra_cmd = php_escape_shell_cmd(extra_cmd); to unescape all characters. In latest CVS you can see extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4])); But it is not a suffisant check because php_escape_shell_arg does not escape all charaters. See ext/standard/exec.c for php_escape_shell_* code.
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 09:31:30 PDT