Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2007
    Location
    Jakarta
    Posts
    358
    Plugin Contributions
    0

    Default 2008 PHPMailer v1.7.2 Vunerability Patch

    I'm in the process of upgrading 1.3.7 --> 1.3.8a.

    I found change that I've made to includes/classes/class.phpmailer.php

    Code:
    /*** SA 08-08-07 PHPMailer vulnerability patch (old code commented below) ***/
    function SendmailSend($header, $body) {
             if ($this->Sender != "") {
             $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
             } else {
             $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
             }
    
    /*
      function SendmailSend($header, $body) {
    
        if ($this->Sender != "")
    
        $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
    
        else
    
        $sendmail = sprintf("%s -oi -t", $this->Sendmail);
    
    */
    I can't tell if the fix is in the newer version.
    Please someone let me know.

    s.ali

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: PHPMailer Vunerability Patch

    That patch was incorporated in v1.3.7.1
    In v1.3.8a you'll find it around line 408 of the file.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. Patch: PHPMailer security patch (Dec 2016) for v155c and older
    By DrByte in forum Zen Cart Release Announcements
    Replies: 3
    Last Post: 12 Apr 2017, 08:44 PM
  2. Replies: 15
    Last Post: 2 Oct 2009, 11:45 AM
  3. USPS Patch May 12, 2008
    By DrByte in forum Zen Cart Release Announcements
    Replies: 2
    Last Post: 14 May 2008, 10:12 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR