From 44cdf261079f0a44e4c8e426c8ff988bd9b85aae Mon Sep 17 00:00:00 2001
From: stekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 25 Sep 2003 23:33:32 +0000
Subject: [PATCH] fix for security exploit described in bug #812690 reported by
 Neal Krawetz (hackerfactor)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@5774 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 class/deliver/Deliver_SendMail.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/class/deliver/Deliver_SendMail.class.php b/class/deliver/Deliver_SendMail.class.php
index 57b17ad7..2f62a97d 100644
--- a/class/deliver/Deliver_SendMail.class.php
+++ b/class/deliver/Deliver_SendMail.class.php
@@ -23,7 +23,7 @@ class Deliver_SendMail extends Deliver {
     function initStream($message, $sendmail_path) {
         $rfc822_header = $message->rfc822_header;
 	$from = $rfc822_header->from[0];
-	$envelopefrom = $from->mailbox.'@'.$from->host;
+	$envelopefrom = trim($from->mailbox.'@'.$from->host);
 	if (strstr($sendmail_path, "qmail-inject")) {
     	    $stream = popen (escapeshellcmd("$sendmail_path -i -f$envelopefrom"), "w");
 	} else {
-- 
2.25.1