Bug #22214
closedin class t3lib_htmlmail, function sendTheMail() uses a problematic @ini_set for sendmail_from
0%
Description
If php has been built with suhosin and runs via FCGI SAPI, the @ini_set() function call is not ignored (which is obviously expected). Instead, the php process quits without closing the fcgi handler properly.
Due to the lack of proper fcgi communication, the webserver returns an error 500.
This can be seen as a faulty php behaviour.
Anyway, the @ini_set() call does not work on most Unices, except the administrator configured the local MTA to accept manipulation from unprivileged users which is highly discouraged.
To keep the fix narrow, I suggest to use @ini_set() only if TYPO3_OS == WIN as Windows seems to be the only OS in the wild which accepts such header manipulations without any privilege problems.
Install some php5.2 with suhosin path and run it with fastcgi or fcgi. Using sendTheMail() by e.g. frontend user registrion gives you a reproducable 500 server error.
Remove @ini_set() in t3lib_htmlmail::sendTheMail() and the problem is fixed without any loss of functionality.
Keeping a wider view on sendTheMail(), I suggest to open a discussion if php's mail() shouldn't get replaced by a SMTP handler.
mail() has been into php since the very beginning without any greater modifications, but in more and more shared hosting environments it's use is technically restricted or banned by contract.
There have been fruitless discussions about the issue at the php bugtracker, so it's unlikely to get an advanced SMTP-capable mail() function. Pear's net_SMTP provides classes which could obsolete the use of mail() completely.
(issue imported from #M13701)
Files