Permalink
Browse files

Fix vulnerability in handling of mail()'s 5th argument

1 parent 6fa88c9 commit f84233785ddeed01445fc855f3ae1e8a62f167e1 @alecpl alecpl committed Nov 22, 2016
Showing with 2 additions and 1 deletion.
  1. +1 −0 CHANGELOG
  2. +1 −1 program/lib/Roundcube/rcube.php
View
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix vulnerability in handling of mail()'s 5th argument
- Fix To: header encoding in mail sent with mail() method (#5475)
- Fix flickering of header topline in min-mode (#5426)
- Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
@@ -1689,7 +1689,7 @@ public function deliver_message(&$message, $from, $mailto, &$error, &$body_file
if (filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN))
$sent = mail($to, $subject, $msg_body, $header_str);
else
- $sent = mail($to, $subject, $msg_body, $header_str, "-f$from");
+ $sent = mail($to, $subject, $msg_body, $header_str, '-f ' . escapeshellarg($from));
}
}

0 comments on commit f842337

Please sign in to comment.