Changeset 19942 for branches/version-2_5-dev/data/module/Mail/sendmail.php
- Timestamp:
- 2011/01/17 14:46:37 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/version-2_5-dev/data/module/Mail/sendmail.php
r16503 r19942 25 25 class Mail_sendmail extends Mail { 26 26 27 27 /** 28 28 * The location of the sendmail or sendmail wrapper binary on the 29 29 * filesystem. … … 32 32 var $sendmail_path = '/usr/sbin/sendmail'; 33 33 34 34 /** 35 35 * Any extra command-line parameters to pass to the sendmail or 36 36 * sendmail wrapper binary. … … 39 39 var $sendmail_args = '-i'; 40 40 41 41 /** 42 42 * Constructor. 43 43 * … … 78 78 } 79 79 80 80 /** 81 81 * Implements Mail::send() function using the sendmail 82 82 * command-line binary. … … 105 105 function send($recipients, $headers, $body) 106 106 { 107 if (!is_array($headers)) { 108 return PEAR::raiseError('$headers must be an array'); 109 } 110 111 $result = $this->_sanitizeHeaders($headers); 112 if (is_a($result, 'PEAR_Error')) { 113 return $result; 114 } 115 107 116 $recipients = $this->parseRecipients($recipients); 108 if ( PEAR::isError($recipients)) {117 if (is_a($recipients, 'PEAR_Error')) { 109 118 return $recipients; 110 119 } 111 $recipients = escapeShellCmd(implode('', $recipients));120 $recipients = implode(' ', array_map('escapeshellarg', $recipients)); 112 121 113 $this->_sanitizeHeaders($headers);114 122 $headerElements = $this->prepareHeaders($headers); 115 if ( PEAR::isError($headerElements)) {123 if (is_a($headerElements, 'PEAR_Error')) { 116 124 return $headerElements; 117 125 } 118 126 list($from, $text_headers) = $headerElements; 127 128 /* Since few MTAs are going to allow this header to be forged 129 * unless it's in the MAIL FROM: exchange, we'll use 130 * Return-Path instead of From: if it's set. */ 131 if (!empty($headers['Return-Path'])) { 132 $from = $headers['Return-Path']; 133 } 119 134 120 135 if (!isset($from)) { … … 127 142 } 128 143 129 $from = escapeShellCmd($from); 144 $from = escapeshellarg($from); // Security bug #16200 145 130 146 $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w'); 131 147 if (!$mail) {
Note: See TracChangeset
for help on using the changeset viewer.