From 090ac2fea07da2c4a380329fafa6c4a5f15f5e2f Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Fri, 23 Nov 2007 03:48:07 +0100
Subject: fix vulnerability in PHPMailer

---
 phpmailer/class.phpmailer.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/phpmailer/class.phpmailer.php b/phpmailer/class.phpmailer.php
index 5eb7ac05a..061a16f47 100644
--- a/phpmailer/class.phpmailer.php
+++ b/phpmailer/class.phpmailer.php
@@ -390,9 +390,11 @@ class PHPMailer
      */
     function SendmailSend($header, $body) {
         if ($this->Sender != "")
-            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+            $sendmail = sprintf("%s -oi -f %s -t", 
+                escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
         else
-            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
+            $sendmail = sprintf("%s -oi -t", 
+                escapeshellcmd($this->Sendmail));
 
         if(!@$mail = popen($sendmail, "w"))
         {
@@ -1496,4 +1498,4 @@ class PHPMailer
     }
 }
 
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3