magento : Security patch 9652
-
07-10-2020 - |
Question
I applied Security patch 9652 to my local.Its coming
sh PATCH_SUPEE-9652_v2-2017-02-07-01-18-38.sh
PATCH_SUPEE-9652_v2-2017-02-07-01-18-38.sh: 14:PATCH_SUPEE9652_v2-2017-02-07-01-18-38.sh: 127: not found
PATCH_SUPEE-9652_v2-2017-02-07-01-18-38.sh: 14:PATCH_SUPEE9652_v2-2017-02-07-01-18-38.sh: 127: not found
PATCH_SUPEE-9652_v2-2017-02-07-01-18-38.sh: 25: PATCH_SUPEE9652_v2-2017-02-07-01-18-38.sh: 0: not found
Checking if patch can be applied/reverted successfully...
-e ERROR: Patch can't be applied/reverted successfully.
Is this patch applied or not?
La solution
You need to check this patch Manually
ust goto lib/Zend/Mail/Transport/Sendmail.php
diff --git lib/Zend/Mail/Transport/Sendmail.php lib/Zend/Mail/Transport/Sendmail.php
index b24026b..9323f58 100644
--- lib/Zend/Mail/Transport/Sendmail.php
+++ lib/Zend/Mail/Transport/Sendmail.php
@@ -119,14 +119,19 @@ class Zend_Mail_Transport_Sendmail extends Zend_Mail_Transport_Abstract
);
}
- set_error_handler(array($this, '_handleMailErrors'));
- $result = mail(
- $this->recipients,
- $this->_mail->getSubject(),
- $this->body,
- $this->header,
- $this->parameters);
- restore_error_handler();
+ // Sanitize the From header
+ if (!Zend_Validate::is(str_replace(' ', '', $this->parameters), 'EmailAddress')) {
+ throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+ } else {
+ set_error_handler(array($this, '_handleMailErrors'));
+ $result = mail(
+ $this->recipients,
+ $this->_mail->getSubject(),
+ $this->body,
+ $this->header,
+ $this->parameters);
+ restore_error_handler();
+ }
}
if ($this->_errstr !== null || !$resul
Licencié sous: CC-BY-SA avec attribution
Non affilié à magento.stackexchange