Escape mail.force_extra_parameters value

diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 70c1d323bea64fc9272b2e8213a8d51f4abad935..fff0c53905c073b3f684a87b4cf73d58a3e0c4f8 100644 (file)
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -139,7 +139,7 @@ PHP_FUNCTION(mail)
        }
 
        if (force_extra_parameters) {
-               extra_cmd = estrdup(force_extra_parameters);
+               extra_cmd = php_escape_shell_cmd(force_extra_parameters);
        } else if (extra_cmd) {
                extra_cmd = php_escape_shell_cmd(extra_cmd);
        }