From 5844a8aefca43c8b782335b7035f15c557dbed8e Mon Sep 17 00:00:00 2001
From: themancalledjakob <github@jrkb.land>
Date: Sun, 30 Jul 2023 08:53:33 +0200
Subject: [PATCH] patching source

prevent privilege escalation
---
 scripts/restore | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/restore b/scripts/restore
index cf0d895d..085b019e 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -20,6 +20,15 @@ ynh_restore_file --origin_path="$install_dir"
 chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"
 
+#=================================================
+# PATCHING SOURCE
+#=================================================
+ynh_script_progression --message="Patching source files..." --weight=1
+
+# Prevent privilege escalation by injecting commands in an email name
+# This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security
+ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php
+
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================