PHP mail() 错误:在 additional_header 中发现多个或格式错误的换行符 [英] Error with PHP mail(): Multiple or malformed newlines found in additional_header

问题描述

突然开始收到上述错误，而没有对脚本进行任何更改.

Host 是 1and1(我知道...)

该脚本在不同的服务器上仍然可以正常工作，所以我怀疑一定有一些服务器配置更改导致了这种情况，尽管主机辩称无知.

我在 Google 中根本找不到有关上述错误的任何信息 - 有人有任何想法吗?如果有帮助，服务器正在运行 Apache.

解决方案

刚遇到类似问题.
它突然出现.没有更改 PHP 代码.

更改内容:PHP 从 5.5.25-1 升级到 5.5.26.

PHP mail() 函数中的安全风险已得到修复，additional_headers 中不再允许额外的换行符.因为额外的换行符意味着:现在开始电子邮件消息(我们当然不希望有人通过标题注入一些换行符，然后是恶意消息).

以前运行良好的方法，例如只是在标题后有额外的换行符，甚至将整个消息传递给 additional_headers，都将不再起作用.

解决方案:

• 清理您的标题.additional_headers 参数中没有多个换行符.这些算作多个或格式错误的换行符":\r\r、\r\0、\r\n\r\n、\n\n、\n\0.
• 仅将 additional_headers 用于标题.电子邮件消息(多部分与否，带有 ir 不带附件等)属于 message 参数，而不是标题.

PHP 安全漏洞报告:https://bugs.php.net/bug.php?id=68776
C 代码差异如何修复: http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/standard/mail.c;h=448013a472a3466245e64b1cb37a9d1b0f7c007e;hp=1ebc8fecb7ef4c266a341cdc701f0686d6482242;hb=9d168b863e007c4e15ebe4d2eecabdf8b0582e30;hpb=eee8b6c33fc968ef8f8c9Suddenly have started receiving the above error without any changes having been made to the script.

Host is 1and1 (I know...)

The script still works fine on a different server, and so my suspicion is that there must have been some server config change that has lead to this, although the hosts plead ignorance.

There's no information on the above error at all in Google that I can find - does anybody have any ideas? Server is running Apache if that helps.

解决方案

Had just the similar problem.
It came out of the blue. No PHP Code was changed.

What was changed: PHP was upgraded 5.5.25-1 to 5.5.26.

A security risk in PHP mail() function has been fixed and extra newlines in additional_headers are allowed no more. Because extra newlines mean: now starts the email message (and we surely don't want somebody to inject some newlines through headers followed by an evil message).

What previously have worked fine, e.g. just having extra newlines after headers or even passing the whole message to additional_headers, will function no more.

Solution:

• Sanitize your headers. No multiple newlines in additional_headers argument. These count as "multiple or malformed newlines": \r\r, \r\0, \r\n\r\n, \n\n, \n\0.
• Use additional_headers for headers only. Email message (multipart or not, with ir without attachments, etc) belongs in message argument, not in headers.

PHP Security Bug report: https://bugs.php.net/bug.php?id=68776
C Code diff how its fixed: http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/standard/mail.c;h=448013a472a3466245e64b1cb37a9d1b0f7c007e;hp=1ebc8fecb7ef4c266a341cdc701f0686d6482242;hb=9d168b863e007c4e15ebe4d2eecabdf8b0582e30;hpb=eee8b6c33fc968ef8c496db8fb54e8c9d9d5a8f9

这篇关于PHP mail() 错误:在 additional_header 中发现多个或格式错误的换行符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！