nzizo Posted September 28, 2008 Share Posted September 28, 2008 hello, I have build newsletter, everything work just fine.. BUT when using the "view source" of mail client I can see the url of script file.. X-PHP-Script: www.domain.com/admin/send_letters.php for 44.76.38.112 there is no way to hide this url? for security reason. thank you Quote Link to comment Share on other sites More sharing options...
nzizo Posted September 28, 2008 Author Share Posted September 28, 2008 Please I need to know how can I change the value of this header. Someone else on other forum said to me this maybe a server setting and there is nothing I can do about it... I contact with my hosting provider (hostgator) and they said this is not a server setting but PHP... #$%$#@% :-\ nobody ever have the same problem? even for security reason.. thanks Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 28, 2008 Share Posted September 28, 2008 The header placed into the email was probably put there by your newsletter script. You would need to find where in that script the information is being set and change what is being put into the header. Quote Link to comment Share on other sites More sharing options...
nzizo Posted September 29, 2008 Author Share Posted September 29, 2008 Thanks for replying I create this script myself and I never use "X-PHP-Script:" header in my scripts, these are the only headers in the script. ... $headers = "From: domain.com <newsletter@domain.com>" . "\r\n"; $headers .= "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html; charset=utf-8" . "\r\n"; $headers .= "x-mailer: php/" . phpversion() . "\r\n"; ... where to edit the "X-PHP-Script:" header? I think this header placed into the mail automatic by php.. Thank you Quote Link to comment Share on other sites More sharing options...
CroNiX Posted September 29, 2008 Share Posted September 29, 2008 maybe add your own 'X-PHP-Script' header and try to override it. I googled X-PHP-Script and its actually built into php5, before that you had to patch php to get it. I think it is for security so you can easily find scripts that are sending mail out (like spam) to help identify the culprit. If your script is written securely, why does it matter if your users know the location? They couldn't do anything with it... Quote Link to comment Share on other sites More sharing options...
nzizo Posted September 29, 2008 Author Share Posted September 29, 2008 Like that? ... $headers = "From: domain.com <newsletter@domain.com>" . "\r\n"; $headers .= "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html; charset=utf-8" . "\r\n"; $headers .= "x-mailer: php/" . phpversion() . "\r\n"; $headers .= "X-PHP-Script: new path\r\n"; ... Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 29, 2008 Share Posted September 29, 2008 You would need to try it and see. In searching for information on this, it appears that the header is due to a patch that some individual created and it might not be an official part of the php source. I also saw that PHP_SELF was used to get the script's name which allowed spam emails to be sent by including content on the end of the URL that is then placed directly into the header field. If you cannot solve this (and given the security hole that may or may not have been fixed in your php installation), you can get around using the php mail() function by using a script like phpmailer and configure it to directly use an SMTP server or configure it to directly use sendmail. Quote Link to comment Share on other sites More sharing options...
nzizo Posted September 29, 2008 Author Share Posted September 29, 2008 Thank you, I will try PHPMailer looks cool Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.