Ticket #25239: CVE-2017-8295.patch
File CVE-2017-8295.patch, 941 bytes (added by , 7 years ago) |
---|
-
wp-includes/pluggable.php
old new 323 323 324 324 if ( !isset( $from_email ) ) { 325 325 // Get the site domain and get rid of www. 326 $sitename = strtolower( $_SERVER['SERVER_NAME'] ); 327 if ( substr( $sitename, 0, 4 ) == 'www.' ) { 328 $sitename = substr( $sitename, 4 ); 329 } 330 326 $sitename = parse_url( network_home_url(), PHP_URL_HOST ); 327 331 328 $from_email = 'wordpress@' . $sitename; 332 329 } 333 330 … … 1491 1488 $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; 1492 1489 } 1493 1490 1494 $wp_email = 'wordpress@' . p reg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME']));1491 $wp_email = 'wordpress@' . parse_url(network_home_url(), PHP_URL_HOST); 1495 1492 1496 1493 if ( '' == $comment->comment_author ) { 1497 1494 $from = "From: \"$blogname\" <$wp_email>";