Permalink
Browse files

Making sure that destinations are also properly escaped in all versio…

…n of ruby
  • Loading branch information...
1 parent 0a940f4 commit 39b590ddb08f90ddbe445837359a2c8843e533d0 @mikel mikel committed Mar 6, 2012
@@ -49,7 +49,7 @@ def deliver!(mail)
arguments = [settings[:arguments], return_path].compact.join(" ")
- self.class.call(settings[:location], arguments, mail.destinations.collect(&:shellescape).join(" "), mail)
+ self.class.call(settings[:location], arguments, mail.destinations.collect(&:escape_for_shell).join(" "), mail)
end
def self.call(path, arguments, destinations, mail)
@@ -148,13 +148,13 @@
mail = Mail.new do
from '"foo\";touch /tmp/PWNED;\""@blah.com'
- to 'marcel@test.lindsaar.net'
+ to '"foo\";touch /tmp/PWNED;\""@blah.com'
subject 'invalid RFC2822'
end
Mail::Sendmail.should_receive(:call).with('/usr/sbin/sendmail',
"-f \"\\\"foo\\\\\\\"\\;touch /tmp/PWNED\\;\\\\\\\"\\\"@blah.com\"",
- 'marcel@test.lindsaar.net',
+ "\\\"foo\\\\\\\"\\;touch /tmp/PWNED\\;\\\\\\\"\\\"@blah.com",
mail)
mail.deliver!
end

0 comments on commit 39b590d

Please sign in to comment.