I'm in the process of upgrading 1.3.7 --> 1.3.8a.
I found change that I've made to includes/classes/class.phpmailer.php
Code:
/*** SA 08-08-07 PHPMailer vulnerability patch (old code commented below) ***/
function SendmailSend($header, $body) {
if ($this->Sender != "") {
$sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
} else {
$sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
}
/*
function SendmailSend($header, $body) {
if ($this->Sender != "")
$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
else
$sendmail = sprintf("%s -oi -t", $this->Sendmail);
*/
I can't tell if the fix is in the newer version.
Please someone let me know.
s.ali
Bookmarks