From e18c7b050861162fa62d7475007bedc5db56723d Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Wed, 4 Dec 2013 19:15:51 +0100
Subject: [PATCH] [SECURITY] Clear cache before sending a mail

Will fix an issue with users receiving wrong mails, e.g. during password
resets ONLY IF smarty cache is enabled.

Please update ASAP if you have smarty caches enabled! This is a very big
issue. By default smarty caches are disabled and not recommended to be
used. See configuration file.

Fixes #899 once merged.
---
 public/include/classes/mail.class.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/include/classes/mail.class.php b/public/include/classes/mail.class.php
index c70e115a..08b34ddd 100644
--- a/public/include/classes/mail.class.php
+++ b/public/include/classes/mail.class.php
@@ -56,6 +56,9 @@ class Mail extends Base {
    *     email   : Destination address
    **/
   public function sendMail($template, $aData) {
+    // Make sure we don't load a cached filed
+    $this->smarty->clearCache(BASEPATH . 'templates/mail/' . $template  . '.tpl');
+    $this->smarty->clearCache(BASEPATH . 'templates/mail/subject.tpl');
     $this->smarty->assign('WEBSITENAME', $this->setting->getValue('website_name'));
     $this->smarty->assign('SUBJECT', $aData['subject']);
     $this->smarty->assign('DATA', $aData);