projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix for security exploit described in bug #812690 reported by Neal Krawetz
[squirrelmail.git] / class / deliver / Deliver_SendMail.class.php
diff --git a/class/deliver/Deliver_SendMail.class.php b/class/deliver/Deliver_SendMail.class.php
index 57b17ad7d33c93bf2a7203035f7e51314b2a8750..2f62a97d34da3bfe54025cc7b373b3d70a9f3ac7 100644 (file)
--- a/class/deliver/Deliver_SendMail.class.php
+++ b/class/deliver/Deliver_SendMail.class.php
@@ -23,7 +23,7 @@ class Deliver_SendMail extends Deliver {
     function initStream($message, $sendmail_path) {
         $rfc822_header = $message->rfc822_header;
        $from = $rfc822_header->from[0];
-       $envelopefrom = $from->mailbox.'@'.$from->host;
+       $envelopefrom = trim($from->mailbox.'@'.$from->host);
        if (strstr($sendmail_path, "qmail-inject")) {
            $stream = popen (escapeshellcmd("$sendmail_path -i -f$envelopefrom"), "w");
        } else {
Unnamed repository; edit this file 'description' to name the repository.