Commit e2145fab authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #3007462 by dsnopek: [core, htmlmail] Add D6LTS patch for SA-CORE-2018-006

parent e6c755bf
diff --git a/htmlmail.mail.inc b/htmlmail.mail.inc
index e1126de..d6043e2 100644
--- a/htmlmail.mail.inc
+++ b/htmlmail.mail.inc
@@ -262,7 +262,7 @@ class HTMLMailSystem implements MailSystemInterface {
// if the parameter is NULL.
$result = @mail($to, $subject, $body, $txt_headers);
}
- else {
+ elseif ((variable_get('site_mail', ini_get('sendmail_from')) == $message['headers']['Return-Path'] || self::_isShellSafe($message['headers']['Return-Path']))) {
// On most non-Windows systems, the "-f" option to the sendmail command
// is used to set the Return-Path.
$extra = '-f' . $message['headers']['Return-Path'];
@@ -319,4 +319,26 @@ class HTMLMailSystem implements MailSystemInterface {
}
return implode("\n", $output);
}
+
+ /**
+ * Disallows potentially unsafe shell characters.
+ *
+ * @param string $string
+ * The string to be validated.
+ *
+ * @return bool
+ * True if the string is shell-safe.
+ *
+ * @see https://api.drupal.org/api/drupal/modules%21system%21system.mail.inc/7.x
+ */
+ protected static function _isShellSafe($string) {
+ if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) {
+ return FALSE;
+ }
+ if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {
+ return FALSE;
+ }
+ return TRUE;
+ }
+
}
diff --git a/includes/common.inc b/includes/common.inc
index 9a28c06..56e493b 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1558,6 +1558,10 @@ function url($path = NULL, $options = array()) {
}
elseif (!empty($path) && !$options['alias']) {
$path = drupal_get_path_alias($path, isset($options['language']) ? $options['language']->language : '');
+ // Strip leading slashes from internal paths to prevent them becoming external
+ // URLs without protocol. /example.com should not be turned into
+ // //example.com.
+ $path = ltrim($path, '/');
}
if (function_exists('custom_url_rewrite_outbound')) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment