2008 PHPMailer v1.7.2 Vunerability Patch
I'm in the process of upgrading 1.3.7 --> 1.3.8a.
I found change that I've made to includes/classes/class.phpmailer.php
Code:
/*** SA 08-08-07 PHPMailer vulnerability patch (old code commented below) ***/
function SendmailSend($header, $body) {
if ($this->Sender != "") {
$sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
} else {
$sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
}
/*
function SendmailSend($header, $body) {
if ($this->Sender != "")
$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
else
$sendmail = sprintf("%s -oi -t", $this->Sendmail);
*/
I can't tell if the fix is in the newer version.
Please someone let me know.
s.ali
Re: PHPMailer Vunerability Patch
That patch was incorporated in v1.3.7.1
In v1.3.8a you'll find it around line 408 of the file.