From 41afe86f29a37ccf77079acfd0be9c4ef026de55 Mon Sep 17 00:00:00 2001
From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 11 May 2009 22:17:46 +0000
Subject: [PATCH] OMG - unsanitized shell command.  Thanks to Niels Teusink. 
 (CVE-2009-1579)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13675 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 doc/ChangeLog              | 2 ++
 functions/imap_general.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 234feac5..730473d6 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -301,6 +301,8 @@ Version 1.5.2 - SVN
   - Fixed the lack of sanitizing of contrib/decrypt_headers.php input;
     also includes general cleanup of that page (Thanks to Niels Teusink).
     [also CVE-2009-1578]
+  - Fixed unsanitized shell command in example IMAP username mapping
+    function (map_yp_alias) (Thanks to Niels Teusink). [CVE-2009-1579]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/functions/imap_general.php b/functions/imap_general.php
index d81192a7..0121a210 100755
--- a/functions/imap_general.php
+++ b/functions/imap_general.php
@@ -1436,6 +1436,6 @@ function sqimap_get_user_server ($imap_server, $username) {
  * @since 1.3.0
  */
 function map_yp_alias($username) {
-   $yp = `ypmatch $username aliases`;
+   $yp = `ypmatch ' . escapeshellarg($username) . ' aliases`;
    return chop(substr($yp, strlen($username)+1));
 }
-- 
2.25.1