From fb4f5c93a2e536205cdb978bb6dc2f7a6586c661 Mon Sep 17 00:00:00 2001
From: themancalledjakob <github@jrkb.land>
Date: Sun, 30 Jul 2023 08:52:43 +0200
Subject: [PATCH] patching source

prevent privilege escalation
---
 scripts/upgrade | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/upgrade b/scripts/upgrade
index 51dc4d48..ae490428 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -109,6 +109,15 @@ chown -R $app:www-data "$install_dir"
 # Pixelfed app should be able to edit its settings from the admin panel
 chmod 600 "$install_dir"/.env
 
+#=================================================
+# PATCHING SOURCE
+#=================================================
+ynh_script_progression --message="Patching source files..." --weight=1
+
+# Prevent privilege escalation by injecting commands in an email name
+# This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security
+ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php
+
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================