Fix vulnerability in handling of mail()'s 5th argument

8 years ago · 45a3e81653
parent aa6bf38843
commit 45a3e81653
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Fix vulnerability in handling of mail()'s 5th argument
+
 RELEASE 1.1.6
 -------------
 - Searching in both contacts and groups when LDAP addressbook with group_filters option is used
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@ -1749,7 +1749,7 @@ class rcube
                if (filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN))
                    $sent = mail($to, $subject, $msg_body, $header_str);
                else
-                    $sent = mail($to, $subject, $msg_body, $header_str, "-f$from");
+                    $sent = mail($to, $subject, $msg_body, $header_str, '-f ' . escapeshellarg($from));
            }
        }