mirror of https://github.com/itflow-org/itflow
Bump PHPMailer from 7.0.1 to 7.0.2
This commit is contained in:
johnnyq
parent
decea604ab
commit
065630b975
|
|
@ -1 +1 @@
|
|||
7.0.1
|
||||
7.0.2
|
||||
|
|
|
|||
|
|
@ -768,7 +768,7 @@ class PHPMailer
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '7.0.1';
|
||||
const VERSION = '7.0.2';
|
||||
|
||||
/**
|
||||
* Error severity: message only, continue processing.
|
||||
|
|
@ -988,6 +988,54 @@ class PHPMailer
|
|||
$this->Mailer = 'mail';
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract sendmail path and parse to deal with known parameters.
|
||||
*
|
||||
* @param string $sendmailPath The sendmail path as set in php.ini
|
||||
*
|
||||
* @return string The sendmail path without the known parameters
|
||||
*/
|
||||
private function parseSendmailPath($sendmailPath)
|
||||
{
|
||||
$sendmailPath = trim((string)$sendmailPath);
|
||||
if ($sendmailPath === '') {
|
||||
return $sendmailPath;
|
||||
}
|
||||
|
||||
$parts = preg_split('/\s+/', $sendmailPath);
|
||||
if (empty($parts)) {
|
||||
return $sendmailPath;
|
||||
}
|
||||
|
||||
$command = array_shift($parts);
|
||||
$remainder = [];
|
||||
|
||||
// Parse only -t, -i, -oi and -f parameters.
|
||||
for ($i = 0; $i < count($parts); ++$i) {
|
||||
$part = $parts[$i];
|
||||
if (preg_match('/^-(i|oi|t)$/', $part, $matches)) {
|
||||
continue;
|
||||
}
|
||||
if (preg_match('/^-f(.*)$/', $part, $matches)) {
|
||||
$address = $matches[1];
|
||||
if ($address === '' && isset($parts[$i + 1]) && strpos($parts[$i + 1], '-') !== 0) {
|
||||
$address = $parts[++$i];
|
||||
}
|
||||
$this->Sender = $address;
|
||||
continue;
|
||||
}
|
||||
|
||||
$remainder[] = $part;
|
||||
}
|
||||
|
||||
// The params that are not parsed are added back to the command.
|
||||
if (!empty($remainder)) {
|
||||
$command .= ' ' . implode(' ', $remainder);
|
||||
}
|
||||
|
||||
return $command;
|
||||
}
|
||||
|
||||
/**
|
||||
* Send messages using $Sendmail.
|
||||
*/
|
||||
|
|
@ -996,10 +1044,9 @@ class PHPMailer
|
|||
$ini_sendmail_path = ini_get('sendmail_path');
|
||||
|
||||
if (false === stripos($ini_sendmail_path, 'sendmail')) {
|
||||
$this->Sendmail = '/usr/sbin/sendmail';
|
||||
} else {
|
||||
$this->Sendmail = $ini_sendmail_path;
|
||||
$ini_sendmail_path = '/usr/sbin/sendmail';
|
||||
}
|
||||
$this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
|
||||
$this->Mailer = 'sendmail';
|
||||
}
|
||||
|
||||
|
|
@ -1011,10 +1058,9 @@ class PHPMailer
|
|||
$ini_sendmail_path = ini_get('sendmail_path');
|
||||
|
||||
if (false === stripos($ini_sendmail_path, 'qmail')) {
|
||||
$this->Sendmail = '/var/qmail/bin/qmail-inject';
|
||||
} else {
|
||||
$this->Sendmail = $ini_sendmail_path;
|
||||
$ini_sendmail_path = '/var/qmail/bin/qmail-inject';
|
||||
}
|
||||
$this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
|
||||
$this->Mailer = 'qmail';
|
||||
}
|
||||
|
||||
|
|
@ -1860,25 +1906,27 @@ class PHPMailer
|
|||
//PHP config has a sender address we can use
|
||||
$this->Sender = ini_get('sendmail_from');
|
||||
}
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
|
||||
$sendmailArgs = [];
|
||||
|
||||
// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
// Also don't add the -f automatically unless it has been set either via Sender
|
||||
// or sendmail_path. Otherwise it can introduce new problems.
|
||||
// @see http://github.com/PHPMailer/PHPMailer/issues/2298
|
||||
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
|
||||
if ($this->Mailer === 'qmail') {
|
||||
$sendmailFmt = '%s -f%s';
|
||||
} else {
|
||||
$sendmailFmt = '%s -oi -f%s -t';
|
||||
}
|
||||
} elseif ($this->Mailer === 'qmail') {
|
||||
$sendmailFmt = '%s';
|
||||
} else {
|
||||
//Allow sendmail to choose a default envelope sender. It may
|
||||
//seem preferable to force it to use the From header as with
|
||||
//SMTP, but that introduces new problems (see
|
||||
//<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
|
||||
//it has historically worked this way.
|
||||
$sendmailFmt = '%s -oi -t';
|
||||
$sendmailArgs[] = '-f' . $this->Sender;
|
||||
}
|
||||
|
||||
$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
|
||||
// Qmail doesn't accept all the sendmail parameters
|
||||
// @see https://github.com/PHPMailer/PHPMailer/issues/3189
|
||||
if ($this->Mailer !== 'qmail') {
|
||||
$sendmailArgs[] = '-i';
|
||||
$sendmailArgs[] = '-t';
|
||||
}
|
||||
|
||||
$resultArgs = (empty($sendmailArgs) ? '' : ' ' . implode(' ', $sendmailArgs));
|
||||
|
||||
$sendmail = trim(escapeshellcmd($this->Sendmail) . $resultArgs);
|
||||
$this->edebug('Sendmail path: ' . $this->Sendmail);
|
||||
$this->edebug('Sendmail command: ' . $sendmail);
|
||||
$this->edebug('Envelope sender: ' . $this->Sender);
|
||||
|
|
@ -2062,7 +2110,8 @@ class PHPMailer
|
|||
$this->Sender = ini_get('sendmail_from');
|
||||
}
|
||||
if (!empty($this->Sender) && static::validateAddress($this->Sender)) {
|
||||
if (self::isShellSafe($this->Sender)) {
|
||||
$phpmailer_path = ini_get('sendmail_path');
|
||||
if (self::isShellSafe($this->Sender) && strpos($phpmailer_path, ' -f') === false) {
|
||||
$params = sprintf('-f%s', $this->Sender);
|
||||
}
|
||||
$old_from = ini_get('sendmail_from');
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class POP3
|
|||
* @var string
|
||||
* @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
|
||||
*/
|
||||
const VERSION = '7.0.1';
|
||||
const VERSION = '7.0.2';
|
||||
|
||||
/**
|
||||
* Default POP3 port number.
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class SMTP
|
|||
* @var string
|
||||
* @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
|
||||
*/
|
||||
const VERSION = '7.0.1';
|
||||
const VERSION = '7.0.2';
|
||||
|
||||
/**
|
||||
* SMTP line break constant.
|
||||
|
|
@ -770,6 +770,25 @@ class SMTP
|
|||
}
|
||||
}
|
||||
|
||||
private function iterateLines($s)
|
||||
{
|
||||
$start = 0;
|
||||
$length = strlen($s);
|
||||
|
||||
for ($i = 0; $i < $length; $i++) {
|
||||
$c = $s[$i];
|
||||
if ($c === "\n" || $c === "\r") {
|
||||
yield substr($s, $start, $i - $start);
|
||||
if ($c === "\r" && $i + 1 < $length && $s[$i + 1] === "\n") {
|
||||
$i++;
|
||||
}
|
||||
$start = $i + 1;
|
||||
}
|
||||
}
|
||||
|
||||
yield substr($s, $start);
|
||||
}
|
||||
|
||||
/**
|
||||
* Send an SMTP DATA command.
|
||||
* Issues a data command and sends the msg_data to the server,
|
||||
|
|
@ -798,15 +817,16 @@ class SMTP
|
|||
* NOTE: this does not count towards line-length limit.
|
||||
*/
|
||||
|
||||
//Normalize line breaks before exploding
|
||||
$lines = explode("\n", str_replace(["\r\n", "\r"], "\n", $msg_data));
|
||||
//Iterate over lines with normalized line breaks
|
||||
$lines = $this->iterateLines($msg_data);
|
||||
|
||||
/* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
|
||||
* of the first line (':' separated) does not contain a space then it _should_ be a header, and we will
|
||||
* process all lines before a blank line as headers.
|
||||
*/
|
||||
|
||||
$field = substr($lines[0], 0, strpos($lines[0], ':'));
|
||||
$first_line = $lines->current();
|
||||
$field = substr($first_line, 0, strpos($first_line, ':'));
|
||||
$in_headers = false;
|
||||
if (!empty($field) && strpos($field, ' ') === false) {
|
||||
$in_headers = true;
|
||||
|
|
|
|||
Loading…
Reference in New Issue