diff options
author | Andrew Dolgov <[email protected]> | 2007-11-23 03:48:07 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2007-11-23 03:48:07 +0100 |
commit | 090ac2fea07da2c4a380329fafa6c4a5f15f5e2f (patch) | |
tree | 65cdf3805b657452fc6e35e28d9c188caccf724f /phpmailer/class.phpmailer.php | |
parent | 11063ec65cd0272bcc1ac30cca5812eb326819c8 (diff) |
fix vulnerability in PHPMailer
Diffstat (limited to 'phpmailer/class.phpmailer.php')
-rw-r--r-- | phpmailer/class.phpmailer.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/phpmailer/class.phpmailer.php b/phpmailer/class.phpmailer.php index 5eb7ac05a..061a16f47 100644 --- a/phpmailer/class.phpmailer.php +++ b/phpmailer/class.phpmailer.php @@ -390,9 +390,11 @@ class PHPMailer */
function SendmailSend($header, $body) {
if ($this->Sender != "")
- $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+ $sendmail = sprintf("%s -oi -f %s -t",
+ escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
else
- $sendmail = sprintf("%s -oi -t", $this->Sendmail);
+ $sendmail = sprintf("%s -oi -t",
+ escapeshellcmd($this->Sendmail));
if(!@$mail = popen($sendmail, "w"))
{
@@ -1496,4 +1498,4 @@ class PHPMailer }
}
-?>
\ No newline at end of file +?>
|