The following issue has been SUBMITTED. ====================================================================== http://www.dbmail.org/mantis/view.php?id=323 ====================================================================== Reported By: michael Assigned To: ====================================================================== Project: DBMail Issue ID: 323 Category: PIPE delivery (dbmail-smtp) Reproducibility: always Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 11-Apr-06 18:26 CEST Last Modified: 11-Apr-06 18:26 CEST ====================================================================== Summary: pipe to sendmail is opened incorrect Description: popen spawns a shell, the shell when gets <emailaddress>, treats it as some kind of I/O redirect. -f param should be enclosed with '. Also, it is non secure, because shell can extract variables...
Also, need to check if there are other popens in the code ====================================================================== Issue History Date Modified Username Field Change ====================================================================== 11-Apr-06 18:26 michael New Issue 11-Apr-06 18:26 michael File Added: forward.c.popen.patch ======================================================================
