php/archived-web-bugs
1
0
Fork 0
mirror of https://github.com/php/web-bugs.git synced 2026-03-26 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Email security reports to distribution's security contacts

Browse Source 
Only php.net's security team was receiving security reports, making
them go unnoticed to the distribution contacts.
This patch assumes that people in the $security_developers array (other
than those in $security_distro_people) receive a copy from php.net's
security address exploder.
This commit is contained in:
Raphael Geissert
2012-09-13 12:05:17 -05:00
parent 8e52b180c2
commit 6d41525e49
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/functions.php
View File

@@ -1356,6 +1356,9 @@ function get_package_mail($package_name, $bug_id = false, $bug_type = 'Bug')
} else if ($bug_type == 'Security') {
// Security problems *always* go to the sec team
$to[] = $secBugEmail;
foreach ($security_distro_people as $user) {
$to[] = "${user}@php.net";
}
$params = '-f bounce-no-user@php.net';
}
else {