I run a PHP script that sends mails. In header there is an information about script's path. Is there a way to hide it? Is there a way to hide or change the name of a domain from that I send a mail?
4 Answers
Try overwriting it to null by adding it as a header:
$headers = 'X-PHP-Script: ';
mail($to, $subject, $message, $headers);
Alternative, you could edit the contents of the header as explained by this tutorial.
-
I have tried to overwrite it. It doesn't work. Is this way should work? Maybe I do something wrong.– DelicjaCommented May 29, 2012 at 5:36
-
Please contact your hoster about the options you have here. It's a security related setting and it's not always intended that you can disable/change it.
-
Unfortunately thy told me that they don't have influence on this situation and I should change something in my script.– DelicjaCommented May 29, 2012 at 5:31
-
@Delicja: And what did they told you to change in your script?– hakreCommented May 29, 2012 at 11:27
-
They are responsible for maintenance of servers so I'm not supposed them to tell me what I should change in my scripts. On the other hand I don't agree with them. You have right. I check in PHP options and they can change/disable this path in server configuration.– DelicjaCommented Jun 1, 2012 at 5:32
Try this - it work
// prevent user/script details being exposed in X-PHP-Script header
$oldphpself = $_SERVER['PHP_SELF'];
$oldremoteaddr = $_SERVER['REMOTE_ADDR'];
$_SERVER['PHP_SELF'] = "/";
$_SERVER['REMOTE_ADDR'] = $_SERVER['SERVER_ADDR'];
// send the email
mail($to, $subject, $message[, $additional_headers[, $additional_parameters]])
// restore obfuscated server variables
$_SERVER['PHP_SELF'] = $oldphpself;
$_SERVER['REMOTE_ADDR'] = $oldremoteaddr;
The hosting company knows why they want these headers - to spare themselves from spammers. They usually do not want allow you to change it.