summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Email.php2
-rw-r--r--user_guide_src/source/changelog.rst1
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 676bbcafb..2e6f5be90 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1878,7 +1878,7 @@ class CI_Email {
// is popen() enabled?
if ( ! function_usable('popen')
OR FALSE === ($fp = @popen(
- $this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t'
+ $this->mailpath.' -oi -f '.escapeshellarg($this->clean_email($this->_headers['From'])).' -t'
, 'w'))
) // server probably has popen disabled, so nothing we can do to get a verbose error.
{
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 0d8a93b54..4f5efe276 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -24,6 +24,7 @@ Bug fixes for 3.1.3
- Fixed a bug (#4917) - :doc:`Date Helper <helpers/date_helper>` function :php:func:`nice_date()` didn't handle YYYYMMDD inputs properly.
- Fixed a bug (#4923) - :doc:`Session Library <libraries/sessions>` could execute an erroneous SQL query with the 'database' driver, if the lock attempt times out.
- Fixed a bug (#4927) - :doc:`Output Library <libraries/output>` method ``get_header()`` returned the first matching header, regardless of whether it would be replaced by a second ``set_header()`` call.
+- Fixed a bug (#4844) - :doc:`Email Library <libraries/email>` didn't apply ``escapeshellarg()`` to the while passing the Sendmail ``-f`` parameter through ``popen()``.
Version 3.1.2
=============