tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX: Escape the -f argument passed to mail()

Browse Source
This commit is contained in:
Sam Minnee 2013-01-18 11:24:23 +13:00
parent e74ec57756
commit 0c9b216894
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
email/Mailer.php
View File

@ -1,4 +1,5 @@
<?php
/**
* Mailer objects are responsible for actually sending emails.
* The default Mailer class will use PHP's mail() function.
@ -163,7 +164,7 @@ function htmlEmail($to, $from, $subject, $htmlContent, $attachedFiles = false, $
$to = validEmailAddr($to);
// Try it without the -f option if it fails
if(!($result = @mail($to, $subject, $fullBody, $headers, "-f$bounceAddress"))) {
if(!($result = @mail($to, $subject, $fullBody, $headers, escapeshellarg("-f$bounceAddress")))) {
$result = mail($to, $subject, $fullBody, $headers);
}
@ -248,8 +249,9 @@ function plaintextEmail($to, $from, $subject, $plainContent, $attachedFiles, $cu
$to = validEmailAddr($to);
// Try it without the -f option if it fails
if(!$result = @mail($to, $subject, $fullBody, $headers, "-f$bounceAddress"))
if(!$result = @mail($to, $subject, $fullBody, $headers, escapeshellarg("-f$bounceAddress"))) {
$result = mail($to, $subject, $fullBody, $headers);
}
if($result)
return array($to,$subject,$fullBody,$headers);