diff options
| author | Andrey Andreev <narf@devilix.net> | 2016-12-01 13:06:57 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2016-12-01 13:06:57 +0100 |
| commit | 8db01f13809a92bac7bc95b02893175d7654d627 (patch) | |
| tree | 520f656b22f4545469828289c2d628f0a6c0ab2e | |
| parent | e377910ccf826b448203513bf63bd5721bbd1375 (diff) | |
Fix #4844
| -rw-r--r-- | system/libraries/Email.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 676bbcafb..2e6f5be90 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1878,7 +1878,7 @@ class CI_Email { // is popen() enabled? if ( ! function_usable('popen') OR FALSE === ($fp = @popen( - $this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t' + $this->mailpath.' -oi -f '.escapeshellarg($this->clean_email($this->_headers['From'])).' -t' , 'w')) ) // server probably has popen disabled, so nothing we can do to get a verbose error. { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 0d8a93b54..4f5efe276 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -24,6 +24,7 @@ Bug fixes for 3.1.3 - Fixed a bug (#4917) - :doc:`Date Helper <helpers/date_helper>` function :php:func:`nice_date()` didn't handle YYYYMMDD inputs properly. - Fixed a bug (#4923) - :doc:`Session Library <libraries/sessions>` could execute an erroneous SQL query with the 'database' driver, if the lock attempt times out. - Fixed a bug (#4927) - :doc:`Output Library <libraries/output>` method ``get_header()`` returned the first matching header, regardless of whether it would be replaced by a second ``set_header()`` call. +- Fixed a bug (#4844) - :doc:`Email Library <libraries/email>` didn't apply ``escapeshellarg()`` to the while passing the Sendmail ``-f`` parameter through ``popen()``. Version 3.1.2 ============= |