Skip to content

Commit 39b590d

Browse files
author
Mikel Lindsaar
committed
Making sure that destinations are also properly escaped in all version of ruby
1 parent 0a940f4 commit 39b590d

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

Diff for: lib/mail/network/delivery_methods/sendmail.rb

+1-1
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ def deliver!(mail)
4949

5050
arguments = [settings[:arguments], return_path].compact.join(" ")
5151

52-
self.class.call(settings[:location], arguments, mail.destinations.collect(&:shellescape).join(" "), mail)
52+
self.class.call(settings[:location], arguments, mail.destinations.collect(&:escape_for_shell).join(" "), mail)
5353
end
5454

5555
def self.call(path, arguments, destinations, mail)

Diff for: spec/mail/network/delivery_methods/sendmail_spec.rb

+2-2
Original file line numberDiff line numberDiff line change
@@ -148,13 +148,13 @@
148148

149149
mail = Mail.new do
150150
from '"foo\";touch /tmp/PWNED;\""@blah.com'
151-
to 'marcel@test.lindsaar.net'
151+
to '"foo\";touch /tmp/PWNED;\""@blah.com'
152152
subject 'invalid RFC2822'
153153
end
154154

155155
Mail::Sendmail.should_receive(:call).with('/usr/sbin/sendmail',
156156
"-f \"\\\"foo\\\\\\\"\\;touch /tmp/PWNED\\;\\\\\\\"\\\"@blah.com\"",
157-
'marcel@test.lindsaar.net',
157+
"\\\"foo\\\\\\\"\\;touch /tmp/PWNED\\;\\\\\\\"\\\"@blah.com",
158158
mail)
159159
mail.deliver!
160160
end

0 commit comments

Comments
 (0)