File squirrelmail-1.4.22-escaping.patch of Package squirrelmail

diff -up squirrelmail-webmail-1.4.22/class/deliver/Deliver_SendMail.class.php.escaping squirrelmail-webmail-1.4.22/class/deliver/Deliver_SendMail.class.php
--- squirrelmail-webmail-1.4.22/class/deliver/Deliver_SendMail.class.php.escaping	2011-01-06 03:44:03.000000000 +0100
+++ squirrelmail-webmail-1.4.22/class/deliver/Deliver_SendMail.class.php	2017-04-26 15:56:20.527181332 +0200
@@ -91,11 +91,10 @@ class Deliver_SendMail extends Deliver {
         $rfc822_header = $message->rfc822_header;
         $from = $rfc822_header->from[0];
         $envelopefrom = trim($from->mailbox.'@'.$from->host);
-        $envelopefrom = str_replace(array("\0","\n"),array('',''),$envelopefrom);
         // save executed command for future reference
-        $this->sendmail_command = "$sendmail_path $this->sendmail_args -f$envelopefrom";
+        $this->sendmail_command = escapeshellcmd("$sendmail_path $this->sendmail_args -f") . escapeshellarg($envelopefrom);
         // open process handle for writing
-        $stream = popen(escapeshellcmd($this->sendmail_command), "w");
+        $stream = popen($this->sendmail_command, "w");
         return $stream;
     }

Places

File squirrelmail-1.4.22-escaping.patch of Package squirrelmail

Places