Marcin Szymonik:
> if($user)
> {
> exec("$sendmail -f $sender -- $recipient < $file",$out,$status);
> }
> else
> {
> (check if spam)
>
> if($spam) exec("/usr/bin/formail -I 'X-Spam-Flag: YES' <
> $file|$sendmail -f $sender -- $recipient",$out,$status);
> else exec("$sendmail -f $sender -- $recipient < $file",$out,$status);
> }
Oh, and the above is extremely vulnerable to shell command injection.
Using quotes like '$sender' won't make your code safe to use.
Instead, you need to eliminate all characters except those that are
known to be safe: a-zA-Z0-9_@:=+, the '-', and maybe a few more.
Otherwise, see http://www.php.net/manual/en/function.exec.php for
suggestions (I do not know whether these suggestions actually solve
the problem).
The real fix is not to process the above commands with the shell.
Wietse
