[pLog-svn] r5539 - plog/branches/lifetype-1.2/class/mail/phpmailer

oscar at devel.lifetype.net oscar at devel.lifetype.net
Wed Jun 13 14:15:58 EDT 2007


Author: oscar
Date: 2007-06-13 14:15:57 -0400 (Wed, 13 Jun 2007)
New Revision: 5539

Modified:
   plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php
Log:
Fix for issue http://bugs.lifetype.net/view.php?id=1339 -- hotfix for a potential phpmailer security issue, please see the details at https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707

Modified: plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php
===================================================================
--- plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php	2007-06-13 18:08:48 UTC (rev 5538)
+++ plog/branches/lifetype-1.2/class/mail/phpmailer/class.phpmailer.php	2007-06-13 18:15:57 UTC (rev 5539)
@@ -390,9 +390,9 @@
      */
     function SendmailSend($header, $body) {
         if ($this->Sender != "")
-            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+			$sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
         else
-            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
+            $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
 
         if(!@$mail = popen($sendmail, "w"))
         {
@@ -1496,4 +1496,4 @@
     }
 }
 
-?>
+?>



More information about the pLog-svn mailing list