Revision 175ce36f
Added by Assos Assos almost 6 years ago
drupal7/modules/system/system.mail.inc | ||
---|---|---|
70 | 70 |
// hosts. The return value of this method will still indicate whether mail |
71 | 71 |
// was sent successfully. |
72 | 72 |
if (!isset($_SERVER['WINDIR']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') === FALSE) { |
73 |
if (isset($message['Return-Path']) && !ini_get('safe_mode')) { |
|
73 |
// We validate the return path, unless it is equal to the site mail, which |
|
74 |
// we assume to be safe. |
|
75 |
if (isset($message['Return-Path']) && !ini_get('safe_mode') && (variable_get('site_mail', ini_get('sendmail_from')) === $message['Return-Path'] || self::_isShellSafe($message['Return-Path']))) { |
|
74 | 76 |
// On most non-Windows systems, the "-f" option to the sendmail command |
75 | 77 |
// is used to set the Return-Path. There is no space between -f and |
76 | 78 |
// the value of the return path. |
... | ... | |
109 | 111 |
} |
110 | 112 |
return $mail_result; |
111 | 113 |
} |
114 |
|
|
115 |
/** |
|
116 |
* Disallows potentially unsafe shell characters. |
|
117 |
* |
|
118 |
* Functionally similar to PHPMailer::isShellSafe() which resulted from |
|
119 |
* CVE-2016-10045. Note that escapeshellarg and escapeshellcmd are inadequate |
|
120 |
* for this purpose. |
|
121 |
* |
|
122 |
* @param string $string |
|
123 |
* The string to be validated. |
|
124 |
* |
|
125 |
* @return bool |
|
126 |
* True if the string is shell-safe. |
|
127 |
* |
|
128 |
* @see https://github.com/PHPMailer/PHPMailer/issues/924 |
|
129 |
* @see https://github.com/PHPMailer/PHPMailer/blob/v5.2.21/class.phpmailer.php#L1430 |
|
130 |
* |
|
131 |
* @todo Rename to ::isShellSafe() and/or discuss whether this is the correct |
|
132 |
* location for this helper. |
|
133 |
*/ |
|
134 |
protected static function _isShellSafe($string) { |
|
135 |
if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) { |
|
136 |
return FALSE; |
|
137 |
} |
|
138 |
if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) { |
|
139 |
return FALSE; |
|
140 |
} |
|
141 |
return TRUE; |
|
142 |
} |
|
143 |
|
|
112 | 144 |
} |
113 | 145 |
|
114 | 146 |
/** |
Also available in: Unified diff
-a