Suddenly have started receiving the above error without any changes having been made to the script.
Host is 1and1 (I know...)
The script still works fine on a different server, and so my suspicion is that there must have been some server config change that has lead to this, although the hosts plead ignorance.
There's no information on the above error at all in Google that I can find - does anybody have any ideas? Server is running Apache if that helps.
As was determined in the comments above, this was caused by an environmental difference - the HOME env var was set differently inside the executed process. Using proc_open instead of simple exec gave more precise control over said process and explicitly setting that env var solved the issue.
You can make a .htaccess file and enter Options -Indexes this will disable listing of the files in the directory.
If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER'] to see if the traffic originates from your site.
EDIT
Oh I forgot you can actually fix it all in the .htaccess:
Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]
RewriteRule ^.* /403-page [L,R]
This will do all the work of the script I suggested, so you won't need it anymore.
I think your problem is related with n and QMAIL, the mail function documentation state this.
Note: If messages are not received, try using a LF (n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with ยป RFC 2822.
so you if you header are separated by rn you could probably replace those by single n.
This bug report also provide a solution using a script.
Your problem is that you're trying to send message body as headers, as mentioned in the comments to your question.
Trying to send MIME mail attachments via mail() is probably considered torture in some countries. There are plenty of libraries to do this for you, I use the PEAR Mail_Mime package.
function mail_attachment($filename, $mailto, $from_mail, $from_name, $replyto, $subject, $message) {
include("Mail.php");
include("Mail/mime.php");
$headers = [
"To"=>$mailto,
"From"=>"$from_name <$from_mail>",
"Reply-To"=>$replyto
"Subject"=>$subject,
"Date"=>date(DATE_RFC822),
];
$msg = new Mail_mime();
$mail =& Mail::factory("smtp");
$msg->setTXTBody($message);
$msg->addAttachment(file_get_contents($filename), "application/pdf", basename($filename), false);
$body = $msg->get();
$headers = $msg->headers($headers);
$mail->send($email_address, $headers, $body);
}
Had just the similar problem.
It came out of the blue. No PHP Code was changed.
What was changed: PHP was upgraded 5.5.25-1 to 5.5.26.
A security risk in PHP
mail()function has been fixed and extra newlines inadditional_headersare allowed no more. Because extra newlines mean: now starts the email message (and we surely don't want somebody to inject some newlines through headers followed by an evil message).What previously have worked fine, e.g. just having extra newlines after headers or even passing the whole message to
additional_headers, will function no more.Solution:
additional_headersargument. These count as "multiple or malformed newlines":rr, r�, rnrn, nn, n�.additional_headersfor headers only. Email message (multipart or not, with ir without attachments, etc) belongs inmessageargument, not in headers.PHP Security Bug report: https://bugs.php.net/bug.php?id=68776
C Code diff how its fixed: http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/standard/mail.c;h=448013a472a3466245e64b1cb37a9d1b0f7c007e;hp=1ebc8fecb7ef4c266a341cdc701f0686d6482242;hb=9d168b863e007c4e15ebe4d2eecabdf8b0582e30;hpb=eee8b6c33fc968ef8c496db8fb54e8c9d9d5a8f9