mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 14:46:56 +02:00
Code Issues Releases Wiki Activity

extra vetting on input - thanks nlstart

Browse Source
This commit is contained in:
e107steved
2007-06-19 20:16:25 +00:00
parent 7005fbdd00
commit cd5cd7e22a
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
e107_handlers/phpmailer/class.phpmailer.php
View File

@@ -390,10 +390,9 @@ class PHPMailer
*/ */
function SendmailSend($header, $body) { function SendmailSend($header, $body) {
if ($this->Sender != "") if ($this->Sender != "")
$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender); $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
else else
$sendmail = sprintf("%s -oi -t", $this->Sendmail); $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
if(!@$mail = popen($sendmail, "w")) if(!@$mail = popen($sendmail, "w"))
{ {
$this->SetError($this->Lang("execute") . $this->Sendmail); $this->SetError($this->Lang("execute") . $this->Sendmail);