I run a PHP script that sends mails. In header there is an information about script's path. Is there a way to hide it? Is there a way to hide or change the name of a domain from that I send a mail?
0
Add a comment
|
4 Answers
Try overwriting it to null by adding it as a header:
$headers = 'X-PHP-Script: ';
mail($to, $subject, $message, $headers);
Alternative, you could edit the contents of the header as explained by this tutorial.
Please contact your hoster about the options you have here. It's a security related setting and it's not always intended that you can disable/change it.
3 Comments
Delicja
Unfortunately thy told me that they don't have influence on this situation and I should change something in my script.
hakre
@Delicja: And what did they told you to change in your script?
Delicja
They are responsible for maintenance of servers so I'm not supposed them to tell me what I should change in my scripts. On the other hand I don't agree with them. You have right. I check in PHP options and they can change/disable this path in server configuration.
Try this - it work
// prevent user/script details being exposed in X-PHP-Script header
$oldphpself = $_SERVER['PHP_SELF'];
$oldremoteaddr = $_SERVER['REMOTE_ADDR'];
$_SERVER['PHP_SELF'] = "/";
$_SERVER['REMOTE_ADDR'] = $_SERVER['SERVER_ADDR'];
// send the email
mail($to, $subject, $message[, $additional_headers[, $additional_parameters]])
// restore obfuscated server variables
$_SERVER['PHP_SELF'] = $oldphpself;
$_SERVER['REMOTE_ADDR'] = $oldremoteaddr;
Comments
The hosting company knows why they want these headers - to spare themselves from spammers. They usually do not want allow you to change it.
