projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OMG - unsanitized shell command. Thanks to Niels Teusink. (CVE-2009-1579)
[squirrelmail.git] / functions / imap_general.php
diff --git a/functions/imap_general.php b/functions/imap_general.php
index d81192a7a9a67b7000e12a15f2b39b8aefe8475c..0121a21002998256607debe03972ddde0b685199 100755 (executable)
--- a/functions/imap_general.php
+++ b/functions/imap_general.php
@@ -1436,6 +1436,6 @@ function sqimap_get_user_server ($imap_server, $username) {
  * @since 1.3.0
  */
 function map_yp_alias($username) {
-   $yp = `ypmatch $username aliases`;
+   $yp = `ypmatch ' . escapeshellarg($username) . ' aliases`;
    return chop(substr($yp, strlen($username)+1));
 }
Unnamed repository; edit this file 'description' to name the repository.