Merge pull request #57 from rayphi/magento-1.9.2.4

Applied PATCH_SUPEE-9652 v2 to CE 1.5 - 1.9 and EE 1.9 - 1.13
firegento · Feb 14, 2017 · 36ed616 · 36ed616
2 parents 744e69f + 6216594
commit 36ed616
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/app/etc/applied.patches.list b/app/etc/applied.patches.list
@@ -252,3 +252,11 @@ patching file skin/adminhtml/default/default/media/uploaderSingle.swf
 patching file skin/adminhtml/default/default/xmlconnect/boxes.css
 
 
+2017-02-14 11:34:06 UTC | 
+
+
+
+2017-02-14 11:34:58 UTC | SUPEE-9652 | EE_1.14.3.1 | v1 | 4038f0785d828794083f53f10c01aaa6af403523 | Tue Jan 24 15:03:12 2017 +0200 | 9586981e6ca8b255014b242d50b68b88525b0754..4038f0785d828794083f53f10c01aaa6af403523
+patching file lib/Zend/Mail/Transport/Sendmail.php
+
+
diff --git a/lib/Zend/Mail/Transport/Sendmail.php b/lib/Zend/Mail/Transport/Sendmail.php
@@ -119,14 +119,19 @@ public function _sendMail()
                 );
             }
 
-            set_error_handler(array($this, '_handleMailErrors'));
-            $result = mail(
-                $this->recipients,
-                $this->_mail->getSubject(),
-                $this->body,
-                $this->header,
-                $this->parameters);
-            restore_error_handler();
+            // Sanitize the From header
+            if (!Zend_Validate::is(str_replace(' ', '', $this->parameters), 'EmailAddress')) {
+                throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+            } else {
+                set_error_handler(array($this, '_handleMailErrors'));
+                $result = mail(
+                    $this->recipients,
+                    $this->_mail->getSubject(),
+                    $this->body,
+                    $this->header,
+                    $this->parameters);
+                restore_error_handler();
+            }
         }
 
         if ($this->_errstr !== null || !$result) {