Introduction

Last Updated: 15 Mar 2016 GMT +8.

This is a patch to add an informational header to messages sent from PHP via the mail() function. This can help to track which script on a server was used to send a message, and which client caused it to be sent.

The header added has the form:

X-PHP-Script: <servername><php-self> for <remote-addr>

For example:

X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1

If the connection appears to have come via a proxy cache (i.e. has an "X-Forwarded-For" header), is a list of addresses (the addresses in X-Forwarded-For, then the 'real' remote address).

Read more at Steve Bennett's patch as I created my patches according to his patch with a little tweak/modification since his patch only available for version 4.3.4 during the time I checked and also won't be working for mail function example 1 as listed at php manual. Steve Bennett's original patch can be found here.


Disclaimer

YOU ARE FREE TO USE THIS SCRIPT/PATCHES/GUIDE BUT I AM NOT RESPONSIBLE FOR ANY DAMAGE CAUSED! YOU HAVE BEEN WARNED!!!

Changes

  • 15 Mar 2016 GMT +8
  • Move zend_is_auto_global("_SERVER", sizeof("_SERVER") - 1 TSRMLS_CC); out of while loop and protect variable from changing by user. Many thanks to Alexey Koscheev from koscheev.ru.
  • The change is in version 5.3.x, 5.4.x, 5.5.x, 5.6.x and 7.0.x patches
  • 10 Mar 2016 GMT +8
  • Hint PHP that we are going to use $_SERVER in advance by calling zend_is_auto_global("_SERVER", sizeof("_SERVER") - 1 TSRMLS_CC); and this resolves issues when running PHP in CGI mode. Many thanks to Alexey Koscheev from koscheev.ru.
  • This fix are in version 5.4.x, 5.5.x, 5.6.x and 7.0.x patches
  • 22 Jun 2013 GMT +8
  • Updated to support version 5.5.x
  • 06 Mar 2012 GMT +8
  • Updated to support version 5.4.x
  • 11 Dec 2010 GMT +8
  • Updated to support version 5.2.15
  • Updated to support version 5.3.4
  • 08 Aug 2010 GMT +8
  • Updated to support version 5.2.14
  • Updated to support version 5.3.3
  • 20 Mar 2010 GMT +8
  • Updated to support version 5.2.13
  • Updated to support version 5.3.2
  • 18 Dec 2009 GMT +8
  • Updated to support version 5.2.12
  • 02 Dec 2009 GMT +8
  • Updated to support version 5.3.1
  • 30 Sep 2009 GMT +8
  • Updated to support version 5.2.11
  • 02 Jul 2009 GMT +8
  • Updated to support version 5.2.10
  • Updated to support version 5.3.0
  • 31 Mar 2009 GMT +8
  • Updated to support version 5.2.9
  • 09 Dec 2008 GMT +8
  • Updated to support version 5.2.8
  • 15 Sep 2008 GMT +8
  • Updated to support version 4.4.9
  • 09 May 2008 GMT +8
  • Updated to support version 5.2.6
  • 07 Jan 2008 GMT +8
  • Updated to support version 4.4.8
  • 11 Nov 2007 GMT +8
  • Updated to support version 5.2.5
  • 03 Sep 2007 GMT +8
  • Updated to support version 5.2.4
  • 04 Jun 2007 GMT +8
  • Updated to support version 5.2.3
  • 06 May 2007 GMT +8
  • Updated to support version 4.4.7 and 5.2.2
  • 04 Mar 2007 GMT +8
  • Updated to support version 4.4.6
  • 20 Feb 2007 GMT +8
  • Updated to support version 4.4.5 and 5.2.1
  • 12 Nov 2006 GMT +8
  • Updated to support version 5.2.0
  • Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string
  • 25 Aug 2006 GMT +8
  • Updated to support version 5.1.6
  • 23 Aug 2006 GMT +8
  • Updated to support version 4.4.4 and 5.1.5
  • 05 Aug 2006 GMT +8
  • Updated to support version 4.4.3
  • 16 Jan 2006 GMT +8
  • Updated to support version 4.4.2
  • 03 Nov 2005 GMT +8
  • Updated to support version 4.4.1
  • 11 Sep 2005 GMT +8
  • Updated to support version 5.0.5
  • 12 Jul 2005 GMT +8
  • Updated to support version 4.4.0
  • 02 Apr 2005 GMT +8
  • Updated to support version 5.0.4 and 4.3.11
  • 17 Dec 2004 GMT +8
  • Updated to support version 5.0.3 and 4.3.10
  • 26 Nov 2004 GMT +8
  • Updated to support version 5.0.2
  • 2 Oct 2004 GMT +8
  • Updated to support version 4.3.9
  • 17 Jul 2004 GMT +8
  • Updated to support version 4.3.8

Download Patches

  • 5.3.x md5sum 0b0f71600762d32a816b83df1a82c202
  • 5.4.x md5sum ca09ef83f6e28495a8c64b7aa44b28a7
  • 5.5.x md5sum 902d7838697f50eb6e9f7e37acf226d0
  • 5.6.x md5sum 941791abe1ad212876d4e2cee74a52db
  • 7.0.x md5sum 57d1dc18fef91ecbdd706e148c6baa04

Looking for old patches? → Please Help Yourself


How to Apply the Above Patch?

Example for php version 5.4.45:

cd /usr/local/src
wget http://us2.php.net/get/php-5.4.45.tar.bz2/from/this/mirror
wget http://choon.net/opensource/php/php-5.4.x-mail-header.patch
tar jxvfp php-5.4.45.tar.bz2
cd php-5.4.45
patch -p1 < ../php-5.4.x-mail-header.patch

  • Line 1: Change current working directory to /usr/local/src
  • Line 2: Download php version 5.4.45 source
  • Line 3: Download php mail header patch for version 5.4.45
  • Line 4: Unpack php version 5.4.45 source
  • Line 5: Change current working directory to the newly unpacked php source
  • Line 6: Apply php mail header patch

Configure and compile and install as usual which I am not going to cover here.


How to Test?

Download this example php script and rename it to ended as .php extension in your server then point your browser to it provided you have changed the variable $to in the example script to your valid email address:

Portal Log In/Sign In

Log In/Sign In to the Portal requires cookies and javascript.

×
×