Escape mail.force_extra_parameters value

diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 08f0a121c7a24fbd6325e2f20608a85d1246ae0d..f87a74410fdc1373b70a38c38fb56a6866de85aa 100644 (file)
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -166,7 +166,7 @@ PHP_FUNCTION(mail)
        }
 
        if (force_extra_parameters) {
-               extra_cmd = estrdup(force_extra_parameters);
+               extra_cmd = php_escape_shell_cmd(force_extra_parameters);
        } else if (extra_cmd) {
                extra_cmd = php_escape_shell_cmd(extra_cmd);
        }