X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=extlib%2FMail%2Fsendmail.php;h=b056575e99274f886b1473b5ee35f002d2699329;hb=2688b45b572626694c67f912ef3b0d7556426550;hp=cd248e61d267e4c70b6078833e171ac62605eb6a;hpb=8c0f119724dc22518fd54d6b25c775ceefd7281e;p=quix0rs-gnu-social.git

diff --git a/extlib/Mail/sendmail.php b/extlib/Mail/sendmail.php
old mode 100644
new mode 100755
index cd248e61d2..b056575e99
--- a/extlib/Mail/sendmail.php
+++ b/extlib/Mail/sendmail.php
@@ -20,7 +20,7 @@
  * Sendmail implementation of the PEAR Mail:: interface.
  * @access public
  * @package Mail
- * @version $Revision: 1.19 $
+ * @version $Revision: 294744 $
  */
 class Mail_sendmail extends Mail {
 
@@ -117,7 +117,7 @@ class Mail_sendmail extends Mail {
         if (is_a($recipients, 'PEAR_Error')) {
             return $recipients;
         }
-        $recipients = escapeShellCmd(implode(' ', $recipients));
+        $recipients = implode(' ', array_map('escapeshellarg', $recipients));
 
         $headerElements = $this->prepareHeaders($headers);
         if (is_a($headerElements, 'PEAR_Error')) {
@@ -141,7 +141,8 @@ class Mail_sendmail extends Mail {
             return PEAR::raiseError('From address specified with dangerous characters.');
         }
 
-        $from = escapeShellCmd($from);
+        $from = escapeshellarg($from); // Security bug #16200
+
         $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
         if (!$mail) {
             return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');