Permalink
Browse files

Apply security fix see:

  • Loading branch information...
jmontoyaa committed Dec 27, 2016
1 parent a4b3f9e commit 069845f08759cce4aa3693235e8d0a9a131ca35b
Showing with 37 additions and 12 deletions.
  1. +37 −12 main/inc/lib/phpmailer/class.phpmailer.php
@@ -594,12 +594,35 @@ public function Send() {
* @access protected
* @return bool
*/
protected function SendmailSend($header, $body) {
if ($this->Sender != '') {
$sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
} else {
$sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
}
protected function SendmailSend($header, $body)
{
if (!(is_file($this->Sendmail) and is_executable($this->Sendmail))) {
throw new phpmailerException(
$this->lang('execute').$this->Sendmail,
self::STOP_CRITICAL
);
}
if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
if ($this->Mailer == 'qmail') {
$sendmail = sprintf(
'%s -f%s',
escapeshellcmd($this->Sendmail),
escapeshellarg($this->Sender)
);
} else {
$sendmail = sprintf(
'%s -oi -f%s -t',
escapeshellcmd($this->Sendmail),
escapeshellarg($this->Sender)
);
}
} else {
if ($this->Mailer == 'qmail') {
$sendmail = sprintf('%s', escapeshellcmd($this->Sendmail));
} else {
$sendmail = sprintf('%s -oi -t', escapeshellcmd($this->Sendmail));
}
}
if ($this->SingleTo === true) {
foreach ($this->SingleToArray as $key => $val) {
if(!@$mail = popen($sendmail, 'w')) {
@@ -648,7 +671,7 @@ protected function MailSend($header, $body) {
$to = implode(', ', $toArr);
$params = sprintf("-oi -f %s", $this->Sender);
if ($this->Sender != '' && strlen(ini_get('safe_mode'))< 1) {
if (!empty($this->Sender) and !ini_get('safe_mode') and $this->validateAddress($this->Sender)) {
$old_from = ini_get('sendmail_from');
ini_set('sendmail_from', $this->Sender);
if ($this->SingleTo === true && count($toArr) > 1) {
@@ -704,7 +727,12 @@ protected function SmtpSend($header, $body) {
if(!$this->SmtpConnect()) {
throw new phpmailerException($this->Lang('smtp_connect_failed'), self::STOP_CRITICAL);
}
$smtp_from = ($this->Sender == '') ? $this->From : $this->Sender;
if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
$smtp_from = $this->Sender;
} else {
$smtp_from = $this->From;
}
if(!$this->smtp->Mail($smtp_from)) {
throw new phpmailerException($this->Lang('from_failed') . $smtp_from, self::STOP_CRITICAL);
}
@@ -2013,9 +2041,7 @@ public function AddCustomHeader($custom_header) {
/**
* Evaluates the message and returns modifications for inline images and backgrounds
* @access public
* @param string $message
* @param string $basedir
* @return void
* @return $message
*/
public function MsgHTML($message, $basedir = '') {
preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images);
@@ -2334,4 +2360,3 @@ public function errorMessage() {
return $errorMsg;
}
}
?>

0 comments on commit 069845f

Please sign in to comment.