summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
3e1266e)
contain any spaces or other chars that could be used in an expolit.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@746
7612ce4b-ef26-0410-bec9-
ea0150e637f0
function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
global $sendmail_path, $username, $domain;
function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
global $sendmail_path, $username, $domain;
+ // Build envelope sender address. Make sure it doesn't contain
+ // spaces or other "weird" chars that would allow a user to
+ // exploit the shell/pipe it is used in.
+ $envelopefrom = "$username@$domain";
+ $envelopefrom = ereg_replace("[[:blank:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:space:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:cntrl:]]","", $envelopefrom);
+
- $fp = popen (escapeshellcmd("$sendmail_path -t -f$username@$domain"), "w");
+ $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), "w");
$headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($fp, $body);
$headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($fp, $body);