projects
/
squirrelmail.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete.
[squirrelmail.git]
/
functions
/
imap_general.php
diff --git
a/functions/imap_general.php
b/functions/imap_general.php
index d81192a7a9a67b7000e12a15f2b39b8aefe8475c..2b0b0cf67620d37756f6d3117b8fdc049413ecd0 100755
(executable)
--- a/
functions/imap_general.php
+++ b/
functions/imap_general.php
@@
-1436,6
+1436,7
@@
function sqimap_get_user_server ($imap_server, $username) {
* @since 1.3.0
*/
function map_yp_alias($username) {
- $yp = `ypmatch $username aliases`;
+ $safe_username = escapeshellarg($username);
+ $yp = `ypmatch $safe_username aliases`;
return chop(substr($yp, strlen($username)+1));
}