Explorar el Código

Small security patch: Make sure that the envelope sender address doesn't
contain any spaces or other chars that could be used in an expolit.

pallo hace 25 años
padre
commit
6359632f7b
Se han modificado 1 ficheros con 9 adiciones y 1 borrados
  1. 9 1
      functions/smtp.php

+ 9 - 1
functions/smtp.php

@@ -254,8 +254,16 @@
    function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
       global $sendmail_path, $username, $domain;
 
+      // Build envelope sender address. Make sure it doesn't contain 
+      // spaces or other "weird" chars that would allow a user to
+      // exploit the shell/pipe it is used in.
+      $envelopefrom = "$username@$domain";
+      $envelopefrom = ereg_replace("[[:blank:]]","", $envelopefrom);
+      $envelopefrom = ereg_replace("[[:space:]]","", $envelopefrom);
+      $envelopefrom = ereg_replace("[[:cntrl:]]","", $envelopefrom);
+
       // open pipe to sendmail
-      $fp = popen (escapeshellcmd("$sendmail_path -t -f$username@$domain"), "w");
+      $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), "w");
       
       $headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
       $bodylength = writeBody($fp, $body);