valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix vulnerability in PHPMailer

This commit is contained in:
Andrew Dolgov 2007-11-23 03:48:07 +01:00
parent 11063ec65c
commit 090ac2fea0
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
phpmailer/class.phpmailer.php
View File

@ -390,9 +390,11 @@ class PHPMailer
*/ */
function SendmailSend($header, $body) { function SendmailSend($header, $body) {
if ($this->Sender != "") if ($this->Sender != "")
$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender); $sendmail = sprintf("%s -oi -f %s -t",
escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
else else
$sendmail = sprintf("%s -oi -t", $this->Sendmail); $sendmail = sprintf("%s -oi -t",
escapeshellcmd($this->Sendmail));
if(!@$mail = popen($sendmail, "w")) if(!@$mail = popen($sendmail, "w"))
{ {
@ -1496,4 +1498,4 @@ class PHPMailer
} }
} }
?> ?>