CHOON.NET : Resources : Scripts & Patches : PHP Mail Header Patch

Providing reliable services since 2001

Custom Search

11 Mar 2010 02:36 am GMT +8

Home > Resources > Scripts & Patches > PHP Mail Header Patch

Introduction

This is a patch to add an informational header to messages sent from PHP via the mail() function. This can help to track which script on a server was used to send a message, and which client caused it to be sent.

The header added has the form:

X-PHP-Script: <servername><php-self> for <remote-addr>

For example:

X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1

If the connection appears to have come via a proxy cache (i.e. has an "X-Forwarded-For" header), is a list of addresses (the addresses in X-Forwarded-For, then the 'real' remote address).

Read more at Steve Bennett's patch as I created my patches according to his patch with a little tweak/modification since his patch only available for version 4.3.4 during the time I checked and also won't be working for mail function example 1 as listed at php manual. Steve Bennett's original patch can be found here.

If you have downloaded the old patch (before 12 Nov 2006), you are strongly adviced to re-download and patch your php using the new patch as it fixed one potential security risk.

Disclaimer

YOU ARE FREE TO USE THIS SCRIPT/PATCHES/GUIDE BUT I AM NOT RESPONSIBLE FOR ANY DAMAGE CAUSED! YOU HAVE BEEN WARNED!!!

Changes

18 Dec 2009 GMT +8: Updated to support version 5.2.12
02 Dec 2009 GMT +8: Updated to support version 5.3.1
30 Sep 2009 GMT +8: Updated to support version 5.2.11
02 Jul 2009 GMT +8: Updated to support version 5.2.10; Updated to support version 5.3.0
31 Mar 2009 GMT +8: Updated to support version 5.2.9
09 Dec 2008 GMT +8: Updated to support version 5.2.8
15 Sep 2008 GMT +8: Updated to support version 4.4.9
09 May 2008 GMT +8: Updated to support version 5.2.6
07 Jan 2008 GMT +8: Updated to support version 4.4.8
11 Nov 2007 GMT +8: Updated to support version 5.2.5
03 Sep 2007 GMT +8: Updated to support version 5.2.4
04 Jun 2007 GMT +8: Updated to support version 5.2.3
06 May 2007 GMT +8: Updated to support version 4.4.7 and 5.2.2
04 Mar 2007 GMT +8: Updated to support version 4.4.6
20 Feb 2007 GMT +8: Updated to support version 4.4.5 and 5.2.1
12 Nov 2006 GMT +8: Updated to support version 5.2.0; Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string
25 Aug 2006 GMT +8: Updated to support version 5.1.6
23 Aug 2006 GMT +8: Updated to support version 4.4.4 and 5.1.5
05 Aug 2006 GMT +8: Updated to support version 4.4.3
16 Jan 2006 GMT +8: Updated to support version 4.4.2
03 Nov 2005 GMT +8: Updated to support version 4.4.1
11 Sep 2005 GMT +8: Updated to support version 5.0.5
12 Jul 2005 GMT +8: Updated to support version 4.4.0
02 Apr 2005 GMT +8: Updated to support version 5.0.4 and 4.3.11
17 Dec 2004 GMT +8: Updated to support version 5.0.3 and 4.3.10
26 Nov 2004 GMT +8: Updated to support version 5.0.2
2 Oct 2004 GMT +8: Updated to support version 4.3.9
17 Jul 2004 GMT +8: Updated to support version 4.3.8

Patches

» 4.4.4
» 4.4.5
» 4.4.6
» 4.4.7
» 4.4.8
» 4.4.9
» 5.1.6
» 5.2.0
» 5.2.1
» 5.2.2
» 5.2.3
» 5.2.4
» 5.2.5
» 5.2.6
» 5.2.8
» 5.2.9
» 5.2.10
» 5.2.11
» 5.2.12
» 5.3.0
» 5.3.1

How to apply the above patch?

1. Download the php source then unpack the source:

2. Then download my patch according to your version.

3. Patch the source:

4. Configure and compile and install as usual which I am not going to cover here.

How to test?

Download this example and rename it as ended in .php on your server then point your browser to it provided you have changed the variable to your email address:

Example php test mail script

All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.