diff options
-rw-r--r-- | system/libraries/Email.php | 2 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 676bbcafb..2e6f5be90 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1878,7 +1878,7 @@ class CI_Email { // is popen() enabled? if ( ! function_usable('popen') OR FALSE === ($fp = @popen( - $this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t' + $this->mailpath.' -oi -f '.escapeshellarg($this->clean_email($this->_headers['From'])).' -t' , 'w')) ) // server probably has popen disabled, so nothing we can do to get a verbose error. { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 0d8a93b54..4f5efe276 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -24,6 +24,7 @@ Bug fixes for 3.1.3 - Fixed a bug (#4917) - :doc:`Date Helper <helpers/date_helper>` function :php:func:`nice_date()` didn't handle YYYYMMDD inputs properly. - Fixed a bug (#4923) - :doc:`Session Library <libraries/sessions>` could execute an erroneous SQL query with the 'database' driver, if the lock attempt times out. - Fixed a bug (#4927) - :doc:`Output Library <libraries/output>` method ``get_header()`` returned the first matching header, regardless of whether it would be replaced by a second ``set_header()`` call. +- Fixed a bug (#4844) - :doc:`Email Library <libraries/email>` didn't apply ``escapeshellarg()`` to the while passing the Sendmail ``-f`` parameter through ``popen()``. Version 3.1.2 ============= |