Changes between Initial Version and Version 1 of Ticket #40576, comment 3
- Timestamp:
- 05/01/2017 02:46:31 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #40576, comment 3
initial v1 1 Unfortunately simply switching from `escapeshellcmd()` to `escapeshellarg()` isn't viable here, and likely introduces security concerns. They were introduced to fix the issues surrounging CVE-2016-10033 & CVE-2016-10045. 1 Unfortunately simply switching from `escapeshellcmd()` to `escapeshellarg()` isn't viable here, and likely introduces security concerns. They were introduced to fix the issues surrounging CVE-2016-10033 & CVE-2016-10045. (Installs which disable `escapeshellcmd()` most likely also disable `escapeshellarg()` btw) 2 2 3 3 https://github.com/PHPMailer/PHPMailer/issues/966 & https://github.com/PHPMailer/PHPMailer/issues/948 are the upstream issues for this problem, which have unfortunately been closed as wontfix.