Overview

File roundcubemail-1.0.9-007-a54dde8-boo_1012493.patch of Package roundcubemail.4690

From a54dde834c9085b1579aa34cc382fe925d209d8e Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Nov 2016 10:42:50 +0100
Subject: [PATCH] Fix vulnerability in handling of mail()'s 5th argument

---
 CHANGELOG                       | 1 +
 program/lib/Roundcube/rcube.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index fdaa57e..9ee4bbe 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix vulnerability in handling of mail()'s 5th argument
 - Don't create multipart/alternative messages with empty text/plain part (#5283)
 - Fix XSS issue in href attribute on area tag (#5240)
 - Wash position:fixed style in HTML mail for better security (#5264)
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 5fe4a4b..258a1c9 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -1542,7 +1542,7 @@ public function deliver_message(&$message, $from, $mailto, &$error, &$body_file
                 if (filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN))
                     $sent = mail($to, $subject, $msg_body, $header_str);
                 else
-                    $sent = mail($to, $subject, $msg_body, $header_str, "-f$from");
+                    $sent = mail($to, $subject, $msg_body, $header_str, '-f ' . escapeshellarg($from));
             }
         }
openSUSE Build Service is sponsored by
Places