From: Stanislav Malyshev <stas@php.net>
Date: Tue, 10 Jul 2007 20:23:26 +0000 (+0000)
Subject: Escape mail.force_extra_parameters value
X-Git-Tag: BEFORE_IMPORT_OF_MYSQLND~258
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2afcf33fefbda75b3364bbbfca2030fd583156e9;p=php

Escape mail.force_extra_parameters value
---

diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 70c1d323be..fff0c53905 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -139,7 +139,7 @@ PHP_FUNCTION(mail)
 	}
 
 	if (force_extra_parameters) {
-		extra_cmd = estrdup(force_extra_parameters);
+		extra_cmd = php_escape_shell_cmd(force_extra_parameters);
 	} else if (extra_cmd) {
 		extra_cmd = php_escape_shell_cmd(extra_cmd);
 	}