Making sure that destinations are also properly escaped in all versio…

…n of ruby
mreinsch · Mar 6, 2012 · 39b590d · 39b590d
1 parent 0a940f4
commit 39b590d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/mail/network/delivery_methods/sendmail.rb b/lib/mail/network/delivery_methods/sendmail.rb
@@ -49,7 +49,7 @@ def deliver!(mail)
 
       arguments = [settings[:arguments], return_path].compact.join(" ")
 
-      self.class.call(settings[:location], arguments, mail.destinations.collect(&:shellescape).join(" "), mail)
+      self.class.call(settings[:location], arguments, mail.destinations.collect(&:escape_for_shell).join(" "), mail)
     end
 
     def self.call(path, arguments, destinations, mail)

diff --git a/spec/mail/network/delivery_methods/sendmail_spec.rb b/spec/mail/network/delivery_methods/sendmail_spec.rb
@@ -148,13 +148,13 @@
 
     mail = Mail.new do
       from    '"foo\";touch /tmp/PWNED;\""@blah.com'
-      to      'marcel@test.lindsaar.net'
+      to      '"foo\";touch /tmp/PWNED;\""@blah.com'
       subject 'invalid RFC2822'
     end
 
     Mail::Sendmail.should_receive(:call).with('/usr/sbin/sendmail', 
                                               "-f \"\\\"foo\\\\\\\"\\;touch /tmp/PWNED\\;\\\\\\\"\\\"@blah.com\"", 
-                                              'marcel@test.lindsaar.net', 
+                                              "\\\"foo\\\\\\\"\\;touch /tmp/PWNED\\;\\\\\\\"\\\"@blah.com", 
                                               mail)
     mail.deliver!
   end