@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
- Fix vulnerability in handling of mail()'s 5th argument
- Fix To: header encoding in mail sent with mail() method (#5475)
- Fix flickering of header topline in min-mode (#5426)
- Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
@ -1689,7 +1689,7 @@ class rcube
if (filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN))
$sent = mail($to, $subject, $msg_body, $header_str);
else
$sent = mail($to, $subject, $msg_body, $header_str, "-f$from");
$sent = mail($to, $subject, $msg_body, $header_str, '-f ' . escapeshellarg($from));
}