Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
aj
/
chamilo-lms2
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Browse Source

Apply PHPMailer security fix see:

https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
jmontoyaa 8 năm trước cách đây
mục cha
7e426eabac
commit
816a809da5
1 tập tin đã thay đổi với 25 bổ sung8 xóa
Split View Hiển thị tình trạng sai khác
  1. 25 8
      main/inc/lib/phpmailer/class.phpmailer.php

+ 25 - 8
main/inc/lib/phpmailer/class.phpmailer.php
Xem Tập Tin 

@@ -594,12 +594,24 @@ class PHPMailer {
 
    * @access protected
 
    * @return bool
 
    */
 
-  protected function SendmailSend($header, $body) {
 
-    if ($this->Sender != '') {
 
-      $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
 
-    } else {
 
-      $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
 
-    }
 
+  protected function SendmailSend($header, $body)
 
+  {
 
+        if (!(is_file($this->Sendmail) and is_executable($this->Sendmail))) {
 
+            throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);
 
+        }
 
+        if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
 
+            if ($this->Mailer == 'qmail') {
 
+                $sendmail = sprintf('%s -f%s', escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
 
+            } else {
 
+                $sendmail = sprintf('%s -oi -f%s -t', escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
 
+            }
 
+        } else {
 
+            if ($this->Mailer == 'qmail') {
 
+                $sendmail = sprintf('%s', escapeshellcmd($this->Sendmail));
 
+            } else {
 
+                $sendmail = sprintf('%s -oi -t', escapeshellcmd($this->Sendmail));
 
+            }
 
+        }
 
     if ($this->SingleTo === true) {
 
       foreach ($this->SingleToArray as $key => $val) {
 
         if(!@$mail = popen($sendmail, 'w')) {
 
@@ -648,7 +660,7 @@ class PHPMailer {
 
     $to = implode(', ', $toArr);
 
 
     $params = sprintf("-oi -f %s", $this->Sender);
 
-    if ($this->Sender != '' && strlen(ini_get('safe_mode'))< 1) {
 
+    if (!empty($this->Sender) and !ini_get('safe_mode') and $this->validateAddress($this->Sender)) {
 
       $old_from = ini_get('sendmail_from');
 
       ini_set('sendmail_from', $this->Sender);
 
       if ($this->SingleTo === true && count($toArr) > 1) {
 
@@ -704,7 +716,12 @@ class PHPMailer {
 
     if(!$this->SmtpConnect()) {
 
       throw new phpmailerException($this->Lang('smtp_connect_failed'), self::STOP_CRITICAL);
 
     }
 
-    $smtp_from = ($this->Sender == '') ? $this->From : $this->Sender;
 
+
 
+    if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
 
+        $smtp_from = $this->Sender;
 
+    } else {
 
+        $smtp_from = $this->From;
 
+    }
 
     if(!$this->smtp->Mail($smtp_from)) {
 
       throw new phpmailerException($this->Lang('from_failed') . $smtp_from, self::STOP_CRITICAL);
 
     }