Ignore:
Timestamp:
2011/01/17 14:46:37 (13 years ago)
Author:
Seasoft
Message:

#403(インクルードしているライブラリ群をバージョンアップする)

  • PEAR::Mail 1.2.0
  • PEAR::Net_SMTP 1.4.4
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/version-2_5-dev/data/module/Mail/sendmail.php

    r16503 r19942  
    2525class Mail_sendmail extends Mail { 
    2626 
    27     /** 
     27    /** 
    2828     * The location of the sendmail or sendmail wrapper binary on the 
    2929     * filesystem. 
     
    3232    var $sendmail_path = '/usr/sbin/sendmail'; 
    3333 
    34     /** 
     34    /** 
    3535     * Any extra command-line parameters to pass to the sendmail or 
    3636     * sendmail wrapper binary. 
     
    3939    var $sendmail_args = '-i'; 
    4040 
    41     /** 
     41    /** 
    4242     * Constructor. 
    4343     * 
     
    7878    } 
    7979 
    80     /** 
     80    /** 
    8181     * Implements Mail::send() function using the sendmail 
    8282     * command-line binary. 
     
    105105    function send($recipients, $headers, $body) 
    106106    { 
     107        if (!is_array($headers)) { 
     108            return PEAR::raiseError('$headers must be an array'); 
     109        } 
     110 
     111        $result = $this->_sanitizeHeaders($headers); 
     112        if (is_a($result, 'PEAR_Error')) { 
     113            return $result; 
     114        } 
     115 
    107116        $recipients = $this->parseRecipients($recipients); 
    108         if (PEAR::isError($recipients)) { 
     117        if (is_a($recipients, 'PEAR_Error')) { 
    109118            return $recipients; 
    110119        } 
    111         $recipients = escapeShellCmd(implode(' ', $recipients)); 
     120        $recipients = implode(' ', array_map('escapeshellarg', $recipients)); 
    112121 
    113         $this->_sanitizeHeaders($headers); 
    114122        $headerElements = $this->prepareHeaders($headers); 
    115         if (PEAR::isError($headerElements)) { 
     123        if (is_a($headerElements, 'PEAR_Error')) { 
    116124            return $headerElements; 
    117125        } 
    118126        list($from, $text_headers) = $headerElements; 
     127 
     128        /* Since few MTAs are going to allow this header to be forged 
     129         * unless it's in the MAIL FROM: exchange, we'll use 
     130         * Return-Path instead of From: if it's set. */ 
     131        if (!empty($headers['Return-Path'])) { 
     132            $from = $headers['Return-Path']; 
     133        } 
    119134 
    120135        if (!isset($from)) { 
     
    127142        } 
    128143 
    129         $from = escapeShellCmd($from); 
     144        $from = escapeshellarg($from); // Security bug #16200 
     145 
    130146        $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w'); 
    131147        if (!$mail) { 
Note: See TracChangeset for help on using the changeset viewer.