| Anonymous | Login | Signup for a new account | 2010-07-29 10:08 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0010350 | mantisbt | public | 2009-04-21 06:20 | 2009-04-25 11:50 | |||||||
| Reporter | phoque | ||||||||||
| Assigned To | grangeway | ||||||||||
| Priority | normal | Severity | trivial | Reproducibility | always | ||||||
| Status | feedback | Resolution | reopened | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 1.1.7 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0010350: escapeshellcmd breaks redirects on some servers | ||||||||||
| Description | On Servers with escapeshellcmd disabled due to security reasons its call in /core/email_api.php:771 displays a warning wich breaks header("Location: ..."); | ||||||||||
| Steps To Reproduce | 1.) Disable escapeshellcmd() in your PHP settings. 2.) Do anything that sends an email (change an assigned bug, reset a password). | ||||||||||
| Additional Information | Prefixing the call with an @ suppresses the warning and doesn't affect the sending process. | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files | |||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
 (0021627)grangeway (developer) 2009-04-22 15:12 |
/admin/check.php contains a check to inform users that sendmail is not a supported phpmailer method if escapechars is disabled. |
 (0021629)phoque (reporter) 2009-04-22 17:19 |
Sorry that I am simply reopening it again but I cant see that check anywhere and the redirects are broken none the less! |
|
(0021675) grangeway (developer) 2009-04-25 10:43 |
http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=1016312d826ed082f1810c7d258c8debbe8c2ba7 [^] - from back in december. I dont know if this was ported back to 1.1.7 or only exists in git. Either way, the implementation of the sendmail requires escapechars to be enabled in php - as it's a security risk otherwise. We've added a check to state that it's not a supported configuration without that functionality and you'd need to use one of the other phpmailer methods. e.g. SMTP. Paul |
|
(0021676) phoque (reporter) 2009-04-25 11:50 |
My installation is set to use mail(); - not sendmail. And in line 771 of email_api.php it says, regardless of your phpMailer_method settings: $mail->Sender = escapeshellcmd( config_get( 'return_path_email' ) ); |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-04-21 06:20 | phoque | New Issue | |
| 2009-04-22 15:12 | grangeway | Note Added: 0021627 | |
| 2009-04-22 15:12 | grangeway | Status | new => resolved |
| 2009-04-22 15:12 | grangeway | Resolution | open => no change required |
| 2009-04-22 15:12 | grangeway | Assigned To | => grangeway |
| 2009-04-22 17:19 | phoque | Note Added: 0021629 | |
| 2009-04-22 17:19 | phoque | Status | resolved => feedback |
| 2009-04-22 17:19 | phoque | Resolution | no change required => reopened |
| 2009-04-25 10:43 | grangeway | Note Added: 0021675 | |
| 2009-04-25 11:50 | phoque | Note Added: 0021676 | |
|
Issue History |
| MantisBT 1.2.2 git master-1.2.x[^]
Copyright © 2000 - 2010 MantisBT Group
Time: 0.2320 seconds. memory usage: 1,944 KB |
 |