mirror of
https://github.com/itflow-org/itflow
synced 2026-03-17 11:14:50 +00:00
Bump PHPMailer from 7.0.1 to 7.0.2
This commit is contained in:
johnnyq
@@ -1 +1 @@
|
|||||||
7.0.1
|
7.0.2
|
||||||
|
|||||||
@@ -768,7 +768,7 @@ class PHPMailer
|
|||||||
*
|
*
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
const VERSION = '7.0.1';
|
const VERSION = '7.0.2';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Error severity: message only, continue processing.
|
* Error severity: message only, continue processing.
|
||||||
@@ -988,6 +988,54 @@ class PHPMailer
|
|||||||
$this->Mailer = 'mail';
|
$this->Mailer = 'mail';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extract sendmail path and parse to deal with known parameters.
|
||||||
|
*
|
||||||
|
* @param string $sendmailPath The sendmail path as set in php.ini
|
||||||
|
*
|
||||||
|
* @return string The sendmail path without the known parameters
|
||||||
|
*/
|
||||||
|
private function parseSendmailPath($sendmailPath)
|
||||||
|
{
|
||||||
|
$sendmailPath = trim((string)$sendmailPath);
|
||||||
|
if ($sendmailPath === '') {
|
||||||
|
return $sendmailPath;
|
||||||
|
}
|
||||||
|
|
||||||
|
$parts = preg_split('/\s+/', $sendmailPath);
|
||||||
|
if (empty($parts)) {
|
||||||
|
return $sendmailPath;
|
||||||
|
}
|
||||||
|
|
||||||
|
$command = array_shift($parts);
|
||||||
|
$remainder = [];
|
||||||
|
|
||||||
|
// Parse only -t, -i, -oi and -f parameters.
|
||||||
|
for ($i = 0; $i < count($parts); ++$i) {
|
||||||
|
$part = $parts[$i];
|
||||||
|
if (preg_match('/^-(i|oi|t)$/', $part, $matches)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (preg_match('/^-f(.*)$/', $part, $matches)) {
|
||||||
|
$address = $matches[1];
|
||||||
|
if ($address === '' && isset($parts[$i + 1]) && strpos($parts[$i + 1], '-') !== 0) {
|
||||||
|
$address = $parts[++$i];
|
||||||
|
}
|
||||||
|
$this->Sender = $address;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
$remainder[] = $part;
|
||||||
|
}
|
||||||
|
|
||||||
|
// The params that are not parsed are added back to the command.
|
||||||
|
if (!empty($remainder)) {
|
||||||
|
$command .= ' ' . implode(' ', $remainder);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $command;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Send messages using $Sendmail.
|
* Send messages using $Sendmail.
|
||||||
*/
|
*/
|
||||||
@@ -996,10 +1044,9 @@ class PHPMailer
|
|||||||
$ini_sendmail_path = ini_get('sendmail_path');
|
$ini_sendmail_path = ini_get('sendmail_path');
|
||||||
|
|
||||||
if (false === stripos($ini_sendmail_path, 'sendmail')) {
|
if (false === stripos($ini_sendmail_path, 'sendmail')) {
|
||||||
$this->Sendmail = '/usr/sbin/sendmail';
|
$ini_sendmail_path = '/usr/sbin/sendmail';
|
||||||
} else {
|
|
||||||
$this->Sendmail = $ini_sendmail_path;
|
|
||||||
}
|
}
|
||||||
|
$this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
|
||||||
$this->Mailer = 'sendmail';
|
$this->Mailer = 'sendmail';
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1011,10 +1058,9 @@ class PHPMailer
|
|||||||
$ini_sendmail_path = ini_get('sendmail_path');
|
$ini_sendmail_path = ini_get('sendmail_path');
|
||||||
|
|
||||||
if (false === stripos($ini_sendmail_path, 'qmail')) {
|
if (false === stripos($ini_sendmail_path, 'qmail')) {
|
||||||
$this->Sendmail = '/var/qmail/bin/qmail-inject';
|
$ini_sendmail_path = '/var/qmail/bin/qmail-inject';
|
||||||
} else {
|
|
||||||
$this->Sendmail = $ini_sendmail_path;
|
|
||||||
}
|
}
|
||||||
|
$this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
|
||||||
$this->Mailer = 'qmail';
|
$this->Mailer = 'qmail';
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1860,25 +1906,27 @@ class PHPMailer
|
|||||||
//PHP config has a sender address we can use
|
//PHP config has a sender address we can use
|
||||||
$this->Sender = ini_get('sendmail_from');
|
$this->Sender = ini_get('sendmail_from');
|
||||||
}
|
}
|
||||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
|
||||||
|
$sendmailArgs = [];
|
||||||
|
|
||||||
|
// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||||
|
// Also don't add the -f automatically unless it has been set either via Sender
|
||||||
|
// or sendmail_path. Otherwise it can introduce new problems.
|
||||||
|
// @see http://github.com/PHPMailer/PHPMailer/issues/2298
|
||||||
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
|
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
|
||||||
if ($this->Mailer === 'qmail') {
|
$sendmailArgs[] = '-f' . $this->Sender;
|
||||||
$sendmailFmt = '%s -f%s';
|
|
||||||
} else {
|
|
||||||
$sendmailFmt = '%s -oi -f%s -t';
|
|
||||||
}
|
|
||||||
} elseif ($this->Mailer === 'qmail') {
|
|
||||||
$sendmailFmt = '%s';
|
|
||||||
} else {
|
|
||||||
//Allow sendmail to choose a default envelope sender. It may
|
|
||||||
//seem preferable to force it to use the From header as with
|
|
||||||
//SMTP, but that introduces new problems (see
|
|
||||||
//<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
|
|
||||||
//it has historically worked this way.
|
|
||||||
$sendmailFmt = '%s -oi -t';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
|
// Qmail doesn't accept all the sendmail parameters
|
||||||
|
// @see https://github.com/PHPMailer/PHPMailer/issues/3189
|
||||||
|
if ($this->Mailer !== 'qmail') {
|
||||||
|
$sendmailArgs[] = '-i';
|
||||||
|
$sendmailArgs[] = '-t';
|
||||||
|
}
|
||||||
|
|
||||||
|
$resultArgs = (empty($sendmailArgs) ? '' : ' ' . implode(' ', $sendmailArgs));
|
||||||
|
|
||||||
|
$sendmail = trim(escapeshellcmd($this->Sendmail) . $resultArgs);
|
||||||
$this->edebug('Sendmail path: ' . $this->Sendmail);
|
$this->edebug('Sendmail path: ' . $this->Sendmail);
|
||||||
$this->edebug('Sendmail command: ' . $sendmail);
|
$this->edebug('Sendmail command: ' . $sendmail);
|
||||||
$this->edebug('Envelope sender: ' . $this->Sender);
|
$this->edebug('Envelope sender: ' . $this->Sender);
|
||||||
@@ -2062,7 +2110,8 @@ class PHPMailer
|
|||||||
$this->Sender = ini_get('sendmail_from');
|
$this->Sender = ini_get('sendmail_from');
|
||||||
}
|
}
|
||||||
if (!empty($this->Sender) && static::validateAddress($this->Sender)) {
|
if (!empty($this->Sender) && static::validateAddress($this->Sender)) {
|
||||||
if (self::isShellSafe($this->Sender)) {
|
$phpmailer_path = ini_get('sendmail_path');
|
||||||
|
if (self::isShellSafe($this->Sender) && strpos($phpmailer_path, ' -f') === false) {
|
||||||
$params = sprintf('-f%s', $this->Sender);
|
$params = sprintf('-f%s', $this->Sender);
|
||||||
}
|
}
|
||||||
$old_from = ini_get('sendmail_from');
|
$old_from = ini_get('sendmail_from');
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ class POP3
|
|||||||
* @var string
|
* @var string
|
||||||
* @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
|
* @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
|
||||||
*/
|
*/
|
||||||
const VERSION = '7.0.1';
|
const VERSION = '7.0.2';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default POP3 port number.
|
* Default POP3 port number.
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ class SMTP
|
|||||||
* @var string
|
* @var string
|
||||||
* @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
|
* @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
|
||||||
*/
|
*/
|
||||||
const VERSION = '7.0.1';
|
const VERSION = '7.0.2';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SMTP line break constant.
|
* SMTP line break constant.
|
||||||
@@ -770,6 +770,25 @@ class SMTP
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function iterateLines($s)
|
||||||
|
{
|
||||||
|
$start = 0;
|
||||||
|
$length = strlen($s);
|
||||||
|
|
||||||
|
for ($i = 0; $i < $length; $i++) {
|
||||||
|
$c = $s[$i];
|
||||||
|
if ($c === "\n" || $c === "\r") {
|
||||||
|
yield substr($s, $start, $i - $start);
|
||||||
|
if ($c === "\r" && $i + 1 < $length && $s[$i + 1] === "\n") {
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
$start = $i + 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
yield substr($s, $start);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Send an SMTP DATA command.
|
* Send an SMTP DATA command.
|
||||||
* Issues a data command and sends the msg_data to the server,
|
* Issues a data command and sends the msg_data to the server,
|
||||||
@@ -798,15 +817,16 @@ class SMTP
|
|||||||
* NOTE: this does not count towards line-length limit.
|
* NOTE: this does not count towards line-length limit.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
//Normalize line breaks before exploding
|
//Iterate over lines with normalized line breaks
|
||||||
$lines = explode("\n", str_replace(["\r\n", "\r"], "\n", $msg_data));
|
$lines = $this->iterateLines($msg_data);
|
||||||
|
|
||||||
/* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
|
/* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
|
||||||
* of the first line (':' separated) does not contain a space then it _should_ be a header, and we will
|
* of the first line (':' separated) does not contain a space then it _should_ be a header, and we will
|
||||||
* process all lines before a blank line as headers.
|
* process all lines before a blank line as headers.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$field = substr($lines[0], 0, strpos($lines[0], ':'));
|
$first_line = $lines->current();
|
||||||
|
$field = substr($first_line, 0, strpos($first_line, ':'));
|
||||||
$in_headers = false;
|
$in_headers = false;
|
||||||
if (!empty($field) && strpos($field, ' ') === false) {
|
if (!empty($field) && strpos($field, ' ') === false) {
|
||||||
$in_headers = true;
|
$in_headers = true;
|
||||||
|
|||||||
Reference in New Issue
Block a user