Hi.
On Tuesday 11 December 2018 12:36 PM, Salvatore Bonaccorso wrote:
> Hi
>
> While preparing an update for libphp-phpmailer I noticed in the
> patch/diff for DLA-1591-1 for libphp-phpmailer the following:
>
> +--- libphp-phpmailer-5.2.9+dfsg.orig/class.phpmailer.php
> ++++ libphp-phpmailer-5.2.9+dfsg/class.phpmailer.php
> +@@ -1022,10 +1022,12 @@ class PHPMailer
> +
> + // Sign with DKIM if enabled
> + if (!empty($this->DKIM_domain)
> +- && !empty($this->DKIM_private)
> +- && !empty($this->DKIM_selector)
> +- && !empty($this->DKIM_domain)
> +- && file_exists($this->DKIM_private)) {
> ++ and !empty($this->DKIM_selector)
> ++ and (!empty($this->DKIM_private_string)
> ++ or (!empty($this->DKIM_private)
> ++ and self::isPermittedPath($this->DKIM_private)
> ++ and file_exists($this->DKIM_private)
> ++ ))) {
> + $header_dkim = $this->DKIM_Add(
> + $this->MIMEHeader . $this->mailHeader,
> +
> $this->encodeHeader($this->secureHeader($this->Subject)),
>
> The diff seem to add here just what was in the commit, and newly using
> $this->DKIM_private_string . This is not used anywhere in the code in 5.2.9 as
> it was added later, though.
$this->DKIM_private_string may create problem. But if its not declared
or not used. It should be empty, right.
> That said, I have not followed the code further if it might raise a
> real problem.
>
> Regards,
> Salvatore
>
--abhijith
