[interchange-cvs] interchange - jon modified lib/Vend/Util.pm

interchange-core@interchange.redhat.com interchange-core@interchange.redhat.com
Mon Apr 15 10:41:00 2002


User:      jon
Date:      2002-04-15 14:40:03 GMT
Modified:  lib/Vend Util.pm
Log:
Apply patch recommended by Mike Heins and Kevin Walsh.
Avoid potential security problems if email address isn't scrubbed.

Revision  Changes    Path
2.23      +3 -3      interchange/lib/Vend/Util.pm


rev 2.23, prev_rev 2.22
Index: Util.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Util.pm,v
retrieving revision 2.22
retrieving revision 2.23
diff -u -u -r2.22 -r2.23
--- Util.pm	29 Mar 2002 18:47:33 -0000	2.22
+++ Util.pm	15 Apr 2002 14:40:03 -0000	2.23
@@ -1,6 +1,6 @@
 # Vend::Util - Interchange utility functions
 #
-# $Id: Util.pm,v 2.22 2002/03/29 18:47:33 racke Exp $
+# $Id: Util.pm,v 2.23 2002/04/15 14:40:03 jon Exp $
 # 
 # Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -82,7 +82,7 @@
 use Safe;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.22 $, 10);
+$VERSION = substr(q$Revision: 2.23 $, 10);
 
 BEGIN {
 	eval {
@@ -2138,7 +2138,7 @@
 #::logDebug("testing sendmail send none=$none");
 		last SEND if $none;
 #::logDebug("in Sendmail send $using");
-		open(MVMAIL,"|$Vend::Cfg->{SendMailProgram} $to") or last SEND;
+		open(MVMAIL,"|$Vend::Cfg->{SendMailProgram}") or last SEND;
 		my $mime = '';
 		$mime = Vend::Interpolate::mime('header', {}, '') if $use_mime;
 		print MVMAIL "To: $to\n", $reply, "Subject: $subject\n"