diff options
author | Brion Vibber <brion@pobox.com> | 2010-04-30 14:08:35 -0700 |
---|---|---|
committer | Brion Vibber <brion@pobox.com> | 2010-04-30 14:08:35 -0700 |
commit | e3e90b4c27e27bbdd293767071dea3d7b5022046 (patch) | |
tree | 969eaab74ac4127fbf97612e81c800a5be7e599e /extlib/Mail/sendmail.php | |
parent | cae1329f3bca1f5f1fbfdb1d96b38cbb790fbe00 (diff) | |
parent | dacd8f7f480b005ca1c7d60eaa167055e6c71c20 (diff) |
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Diffstat (limited to 'extlib/Mail/sendmail.php')
-rwxr-xr-x[-rw-r--r--] | extlib/Mail/sendmail.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/extlib/Mail/sendmail.php b/extlib/Mail/sendmail.php index cd248e61d..b056575e9 100644..100755 --- a/extlib/Mail/sendmail.php +++ b/extlib/Mail/sendmail.php @@ -20,7 +20,7 @@ * Sendmail implementation of the PEAR Mail:: interface. * @access public * @package Mail - * @version $Revision: 1.19 $ + * @version $Revision: 294744 $ */ class Mail_sendmail extends Mail { @@ -117,7 +117,7 @@ class Mail_sendmail extends Mail { if (is_a($recipients, 'PEAR_Error')) { return $recipients; } - $recipients = escapeShellCmd(implode(' ', $recipients)); + $recipients = implode(' ', array_map('escapeshellarg', $recipients)); $headerElements = $this->prepareHeaders($headers); if (is_a($headerElements, 'PEAR_Error')) { @@ -141,7 +141,8 @@ class Mail_sendmail extends Mail { return PEAR::raiseError('From address specified with dangerous characters.'); } - $from = escapeShellCmd($from); + $from = escapeshellarg($from); // Security bug #16200 + $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w'); if (!$mail) { return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.'); |