Permalink
Browse files

- Bug #16200: security bug to allow read/write arbitrary file

- Changed the escapeshellcmd on the $from to escapeshellarg.


git-svn-id: http://svn.php.net/repository/pear/packages/Mail/trunk@280134 c90b9560-bf6c-de11-be94-00142212c4b1
  • Loading branch information...
1 parent ed8beb5 commit 795a91a46a92c2ce98929d0712baac67cd415c19 David Coallier committed May 8, 2009
Showing with 2 additions and 1 deletion.
  1. +2 −1 Mail/sendmail.php
View
@@ -141,7 +141,8 @@ function send($recipients, $headers, $body)
return PEAR::raiseError('From address specified with dangerous characters.');
}
- $from = escapeShellCmd($from);
+ $from = escapeshellarg($from); // Security bug #16200
+
$mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
if (!$mail) {
return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');

0 comments on commit 795a91a

Please sign in to comment.