[pLog-svn] r5539 - plog/branches/lifetype-1.2/class/mail/phpmailer
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Wed Jun 13 14:15:58 EDT 2007
Author: oscar
Date: 2007-06-13 14:15:57 -0400 (Wed, 13 Jun 2007)
New Revision: 5539
Modified:
plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php
Log:
Fix for issue http://bugs.lifetype.net/view.php?id=1339 -- hotfix for a potential phpmailer security issue, please see the details at https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707
Modified: plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php
===================================================================
--- plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php 2007-06-13 18:08:48 UTC (rev 5538)
+++ plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php 2007-06-13 18:15:57 UTC (rev 5539)
@@ -390,9 +390,9 @@
*/
function SendmailSend($header, $body) {
if ($this->Sender != "")
- $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+ $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
else
- $sendmail = sprintf("%s -oi -t", $this->Sendmail);
+ $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
if(!@$mail = popen($sendmail, "w"))
{
@@ -1496,4 +1496,4 @@
}
}
-?>
+?>
More information about the pLog-svn
mailing list