Hi
While preparing an update for libphp-phpmailer I noticed in the
patch/diff for DLA-1591-1 for libphp-phpmailer the following:
+--- libphp-phpmailer-5.2.9+dfsg.orig/class.phpmailer.php
++++ libphp-phpmailer-5.2.9+dfsg/class.phpmailer.php
+@@ -1022,10 +1022,12 @@ class PHPMailer
+
+ // Sign with DKIM if enabled
+ if (!empty($this->DKIM_domain)
+- && !empty($this->DKIM_private)
+- && !empty($this->DKIM_selector)
+- && !empty($this->DKIM_domain)
+- && file_exists($this->DKIM_private)) {
++ and !empty($this->DKIM_selector)
++ and (!empty($this->DKIM_private_string)
++ or (!empty($this->DKIM_private)
++ and self::isPermittedPath($this->DKIM_private)
++ and file_exists($this->DKIM_private)
++ ))) {
+ $header_dkim = $this->DKIM_Add(
+ $this->MIMEHeader . $this->mailHeader,
+ $this->encodeHeader($this->secureHeader($this->Subject)),
The diff seem to add here just what was in the commit, and newly using
$this->DKIM_private_string . This is not used anywhere in the code in 5.2.9 as
it was added later, though.
That said, I have not followed the code further if it might raise a
real problem.
Regards,
Salvatore
