I'm in the process of upgrading 1.3.7 --> 1.3.8a.
I found change that I've made to includes/classes/class.phpmailer.php
I can't tell if the fix is in the newer version.Code:/*** SA 08-08-07 PHPMailer vulnerability patch (old code commented below) ***/ function SendmailSend($header, $body) { if ($this->Sender != "") { $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); } else { $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail)); } /* function SendmailSend($header, $body) { if ($this->Sender != "") $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender); else $sendmail = sprintf("%s -oi -t", $this->Sendmail); */
Please someone let me know.
s.ali
Results 1 to 2 of 2
Threaded View
-
16 Jan 2008, 12:57 PM #1
Zen Follower
- Join Date
- Jul 2007
- Location
- Jakarta
- Posts
- 358
- Plugin Contributions
- 0
2008 PHPMailer v1.7.2 Vunerability Patch
Similar Threads
-
Patch: PHPMailer security patch (Dec 2016) for v155c and older
By DrByte in forum Zen Cart Release AnnouncementsReplies: 3Last Post: 12 Apr 2017, 08:44 PM -
How to get of New PATCH Available: v1.3.8a - patch: [1] :: Important Security Patch
By hcd888 in forum General QuestionsReplies: 15Last Post: 2 Oct 2009, 11:45 AM -
USPS Patch May 12, 2008
By DrByte in forum Zen Cart Release AnnouncementsReplies: 2Last Post: 14 May 2008, 10:12 PM
Bookmarks