mirror of https://github.com/itflow-org/itflow
Bumped PHPMailer from 6.4.0 to 6.5.1
This commit is contained in:
johnnyq
parent
025e7caad2
commit
6908bdcd30
4
cron.php
4
cron.php
|
|
@ -2,8 +2,8 @@
|
|||
<?php include("functions.php"); ?>
|
||||
<?php
|
||||
|
||||
require("vendor/PHPMailer-6.4.0/src/PHPMailer.php");
|
||||
require("vendor/PHPMailer-6.4.0/src/SMTP.php");
|
||||
require("vendor/PHPMailer-6.5.1/src/PHPMailer.php");
|
||||
require("vendor/PHPMailer-6.5.1/src/SMTP.php");
|
||||
|
||||
use PHPMailer\PHPMailer\PHPMailer;
|
||||
use PHPMailer\PHPMailer\Exception;
|
||||
|
|
|
|||
4
post.php
4
post.php
|
|
@ -4,8 +4,8 @@ include("config.php");
|
|||
include("check_login.php");
|
||||
include("functions.php");
|
||||
|
||||
require("vendor/PHPMailer-6.4.0/src/PHPMailer.php");
|
||||
require("vendor/PHPMailer-6.4.0/src/SMTP.php");
|
||||
require("vendor/PHPMailer-6.5.1/src/PHPMailer.php");
|
||||
require("vendor/PHPMailer-6.5.1/src/SMTP.php");
|
||||
|
||||
use PHPMailer\PHPMailer\PHPMailer;
|
||||
use PHPMailer\PHPMailer\Exception;
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
6.4.0
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<phpunit
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/8.5/phpunit.xsd"
|
||||
backupGlobals="true"
|
||||
bootstrap="vendor/autoload.php"
|
||||
verbose="true"
|
||||
colors="true"
|
||||
forceCoversAnnotation="false"
|
||||
>
|
||||
<testsuites>
|
||||
<testsuite name="PHPMailerTests">
|
||||
<directory>./test/</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<listeners>
|
||||
<listener class="PHPMailer\Test\DebugLogTestListener" />
|
||||
</listeners>
|
||||
<groups>
|
||||
<exclude>
|
||||
<group>languages</group>
|
||||
<group>pop3</group>
|
||||
</exclude>
|
||||
</groups>
|
||||
<filter>
|
||||
<whitelist addUncoveredFilesFromWhitelist="true">
|
||||
<directory suffix=".php">./src</directory>
|
||||
</whitelist>
|
||||
</filter>
|
||||
<logging>
|
||||
<log type="coverage-text" target="php://stdout" showUncoveredFiles="true"/>
|
||||
<log type="coverage-clover" target="build/logs/clover.xml"/>
|
||||
<log type="junit" target="build/logs/junit.xml"/>
|
||||
</logging>
|
||||
</phpunit>
|
||||
|
|
@ -2,7 +2,12 @@
|
|||
|
||||
# PHPMailer – A full-featured email creation and transfer class for PHP
|
||||
|
||||
[](https://github.com/PHPMailer/PHPMailer/actions) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://phpmailer.github.io/PHPMailer/)
|
||||
[](https://github.com/PHPMailer/PHPMailer/actions)
|
||||
[](https://codecov.io/gh/PHPMailer/PHPMailer)
|
||||
[](https://packagist.org/packages/phpmailer/phpmailer)
|
||||
[](https://packagist.org/packages/phpmailer/phpmailer)
|
||||
[](https://packagist.org/packages/phpmailer/phpmailer)
|
||||
[](https://phpmailer.github.io/PHPMailer/)
|
||||
|
||||
## Features
|
||||
- Probably the world's most popular code for sending email from PHP!
|
||||
|
|
@ -17,7 +22,7 @@
|
|||
- Protects against header injection attacks
|
||||
- Error messages in over 50 languages!
|
||||
- DKIM and S/MIME signing support
|
||||
- Compatible with PHP 5.5 and later, including PHP 8.0
|
||||
- Compatible with PHP 5.5 and later, including PHP 8.1
|
||||
- Namespaced to prevent name clashes
|
||||
- Much more!
|
||||
|
||||
|
|
@ -39,7 +44,7 @@ This software is distributed under the [LGPL 2.1](http://www.gnu.org/licenses/lg
|
|||
PHPMailer is available on [Packagist](https://packagist.org/packages/phpmailer/phpmailer) (using semantic versioning), and installation via [Composer](https://getcomposer.org) is the recommended way to install PHPMailer. Just add this line to your `composer.json` file:
|
||||
|
||||
```json
|
||||
"phpmailer/phpmailer": "^6.2"
|
||||
"phpmailer/phpmailer": "^6.5"
|
||||
```
|
||||
|
||||
or run
|
||||
|
|
@ -89,7 +94,7 @@ use PHPMailer\PHPMailer\Exception;
|
|||
//Load Composer's autoloader
|
||||
require 'vendor/autoload.php';
|
||||
|
||||
//Instantiation and passing `true` enables exceptions
|
||||
//Create an instance; passing `true` enables exceptions
|
||||
$mail = new PHPMailer(true);
|
||||
|
||||
try {
|
||||
|
|
@ -100,8 +105,8 @@ try {
|
|||
$mail->SMTPAuth = true; //Enable SMTP authentication
|
||||
$mail->Username = 'user@example.com'; //SMTP username
|
||||
$mail->Password = 'secret'; //SMTP password
|
||||
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; //Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` encouraged
|
||||
$mail->Port = 587; //TCP port to connect to, use 465 for `PHPMailer::ENCRYPTION_SMTPS` above
|
||||
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS; //Enable implicit TLS encryption
|
||||
$mail->Port = 465; //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
|
||||
|
||||
//Recipients
|
||||
$mail->setFrom('from@example.com', 'Mailer');
|
||||
|
|
@ -2,6 +2,13 @@
|
|||
|
||||
Please disclose any security issues or vulnerabilities found through [Tidelift's coordinated disclosure system](https://tidelift.com/security) or to the maintainers privately.
|
||||
|
||||
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the `$patternselect` parameter to `validateAddress()` is set to `'php'` (the default, defined by `PHPMailer::$validator`), and the global namespace contains a function called `php`, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. Recorded as [CVE-2021-3603](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3603). Reported by [Vikrant Singh Chauhan](mailto:vi@hackberry.xyz) via [huntr.dev](https://www.huntr.dev/).
|
||||
|
||||
PHPMailer versions 6.4.1 and earlier contain a possible remote code execution vulnerability through the `$lang_path` parameter of the `setLanguage()` method. If the `$lang_path` parameter is passed unfiltered from user input, it can be set to [a UNC path](https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats#unc-paths), and if an attacker is also able to persuade the server to load a file from that UNC path, a script file under their control may be executed. This vulnerability only applies to systems that resolve UNC paths, typically only Microsoft Windows.
|
||||
PHPMailer 6.5.0 mitigates this by no longer treating translation files as PHP code, but by parsing their text content directly. This approach avoids the possibility of executing unknown code while retaining backward compatibility. This isn't ideal, so the current translation format is deprecated and will be replaced in the next major release. Recorded as [CVE-2021-34551](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34551). Reported by [Jilin Diting Information Technology Co., Ltd](https://listensec.com) via Tidelift.
|
||||
|
||||
PHPMailer versions between 6.1.8 and 6.4.0 contain a regression of the earlier CVE-2018-19296 object injection vulnerability as a result of [a fix for Windows UNC paths in 6.1.8](https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9). Recorded as [CVE-2020-36326](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36326). Reported by Fariskhi Vidyan via Tidelift. 6.4.1 fixes this issue, and also enforces stricter checks for URL schemes in local path contexts.
|
||||
|
||||
PHPMailer versions 6.1.5 and earlier contain an output escaping bug that occurs in `Content-Type` and `Content-Disposition` when filenames passed into `addAttachment` and other methods that accept attachment names contain double quote characters, in contravention of RFC822 3.4.1. No specific vulnerability has been found relating to this, but it could allow file attachments to bypass attachment filters that are based on matching filename extensions. Recorded as [CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625). Reported by Elar Lang of Clarified Security.
|
||||
|
||||
PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing `phar://` paths into `addAttachment()` and other functions that may receive unfiltered local paths, possibly leading to RCE. Recorded as [CVE-2018-19296](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19296). See [this article](https://knasmueller.net/5-answers-about-php-phar-exploitation) for more info on this type of vulnerability. Mitigated by blocking the use of paths containing URL-protocol style prefixes such as `phar://`. Reported by Sehun Oh of cyberone.kr.
|
||||
|
|
@ -0,0 +1 @@
|
|||
6.5.1
|
||||
|
|
@ -34,10 +34,12 @@
|
|||
"require-dev": {
|
||||
"dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
|
||||
"doctrine/annotations": "^1.2",
|
||||
"php-parallel-lint/php-console-highlighter": "^0.5.0",
|
||||
"php-parallel-lint/php-parallel-lint": "^1.3",
|
||||
"phpcompatibility/php-compatibility": "^9.3.5",
|
||||
"roave/security-advisories": "dev-latest",
|
||||
"squizlabs/php_codesniffer": "^3.5.6",
|
||||
"yoast/phpunit-polyfills": "^0.2.0"
|
||||
"squizlabs/php_codesniffer": "^3.6.0",
|
||||
"yoast/phpunit-polyfills": "^1.0.0"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-mbstring": "Needed to send email in multibyte encoding charset or decode encoded addresses",
|
||||
|
|
@ -57,5 +59,13 @@
|
|||
"PHPMailer\\Test\\": "test/"
|
||||
}
|
||||
},
|
||||
"license": "LGPL-2.1-only"
|
||||
"license": "LGPL-2.1-only",
|
||||
"scripts": {
|
||||
"check": "./vendor/bin/phpcs",
|
||||
"test": "./vendor/bin/phpunit --no-coverage",
|
||||
"coverage": "./vendor/bin/phpunit",
|
||||
"lint": [
|
||||
"@php ./vendor/php-parallel-lint/php-parallel-lint/parallel-lint . -e php,phps --exclude vendor --exclude .git --exclude build"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
@ -19,8 +19,7 @@ $PHPMAILER_LANG['instantiate'] = 'لا يمكن توفير خدمة ا
|
|||
$PHPMAILER_LANG['invalid_address'] = 'الإرسال غير ممكن لأن عنوان البريد الإلكتروني غير صالح: ';
|
||||
$PHPMAILER_LANG['mailer_not_supported'] = ' برنامج الإرسال غير مدعوم.';
|
||||
$PHPMAILER_LANG['provide_address'] = 'يجب توفير عنوان البريد الإلكتروني لمستلم واحد على الأقل.';
|
||||
$PHPMAILER_LANG['recipients_failed'] = 'خطأ SMTP: الأخطاء التالية ' .
|
||||
'فشل في الارسال لكل من : ';
|
||||
$PHPMAILER_LANG['recipients_failed'] = 'خطأ SMTP: الأخطاء التالية فشل في الارسال لكل من : ';
|
||||
$PHPMAILER_LANG['signing'] = 'خطأ في التوقيع: ';
|
||||
$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() غير ممكن.';
|
||||
$PHPMAILER_LANG['smtp_error'] = 'خطأ على مستوى الخادم SMTP: ';
|
||||
|
|
@ -5,24 +5,25 @@
|
|||
* @package PHPMailer
|
||||
* @author Mitsuhiro Yoshida <http://mitstek.com/>
|
||||
* @author Yoshi Sakai <http://bluemooninc.jp/>
|
||||
* @author Arisophy <https://github.com/arisophy/>
|
||||
*/
|
||||
|
||||
$PHPMAILER_LANG['authenticate'] = 'SMTPエラー: 認証できませんでした。';
|
||||
$PHPMAILER_LANG['connect_host'] = 'SMTPエラー: SMTPホストに接続できませんでした。';
|
||||
$PHPMAILER_LANG['data_not_accepted'] = 'SMTPエラー: データが受け付けられませんでした。';
|
||||
//$PHPMAILER_LANG['empty_message'] = 'Message body empty';
|
||||
$PHPMAILER_LANG['empty_message'] = 'メール本文が空です。';
|
||||
$PHPMAILER_LANG['encoding'] = '不明なエンコーディング: ';
|
||||
$PHPMAILER_LANG['execute'] = '実行できませんでした: ';
|
||||
$PHPMAILER_LANG['file_access'] = 'ファイルにアクセスできません: ';
|
||||
$PHPMAILER_LANG['file_open'] = 'ファイルエラー: ファイルを開けません: ';
|
||||
$PHPMAILER_LANG['from_failed'] = 'Fromアドレスを登録する際にエラーが発生しました: ';
|
||||
$PHPMAILER_LANG['instantiate'] = 'メール関数が正常に動作しませんでした。';
|
||||
//$PHPMAILER_LANG['invalid_address'] = 'Invalid address: ';
|
||||
$PHPMAILER_LANG['invalid_address'] = '不正なメールアドレス: ';
|
||||
$PHPMAILER_LANG['provide_address'] = '少なくとも1つメールアドレスを 指定する必要があります。';
|
||||
$PHPMAILER_LANG['mailer_not_supported'] = ' メーラーがサポートされていません。';
|
||||
$PHPMAILER_LANG['recipients_failed'] = 'SMTPエラー: 次の受信者アドレスに 間違いがあります: ';
|
||||
//$PHPMAILER_LANG['signing'] = 'Signing Error: ';
|
||||
//$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() failed.';
|
||||
//$PHPMAILER_LANG['smtp_error'] = 'SMTP server error: ';
|
||||
//$PHPMAILER_LANG['variable_set'] = 'Cannot set or reset variable: ';
|
||||
//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: ';
|
||||
$PHPMAILER_LANG['signing'] = '署名エラー: ';
|
||||
$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP接続に失敗しました。';
|
||||
$PHPMAILER_LANG['smtp_error'] = 'SMTPサーバーエラー: ';
|
||||
$PHPMAILER_LANG['variable_set'] = '変数が存在しません: ';
|
||||
$PHPMAILER_LANG['extension_missing'] = '拡張機能が見つかりません: ';
|
||||
|
|
@ -7,23 +7,28 @@
|
|||
*/
|
||||
|
||||
$PHPMAILER_LANG['authenticate'] = 'SMTP-fout: authenticatie mislukt.';
|
||||
$PHPMAILER_LANG['buggy_php'] = 'PHP versie gededecteerd die onderhavig is aan een bug die kan resulteren in gecorrumpeerde berichten. Om dit te voorkomen, gebruik SMTP voor het verzenden van berichten, zet de mail.add_x_header optie in uw php.ini file uit, gebruik MacOS of Linux, of pas de gebruikte PHP versie aan naar versie 7.0.17+ or 7.1.3+.';
|
||||
$PHPMAILER_LANG['connect_host'] = 'SMTP-fout: kon niet verbinden met SMTP-host.';
|
||||
$PHPMAILER_LANG['data_not_accepted'] = 'SMTP-fout: data niet geaccepteerd.';
|
||||
$PHPMAILER_LANG['empty_message'] = 'Berichttekst is leeg';
|
||||
$PHPMAILER_LANG['encoding'] = 'Onbekende codering: ';
|
||||
$PHPMAILER_LANG['execute'] = 'Kon niet uitvoeren: ';
|
||||
$PHPMAILER_LANG['extension_missing'] = 'Extensie afwezig: ';
|
||||
$PHPMAILER_LANG['file_access'] = 'Kreeg geen toegang tot bestand: ';
|
||||
$PHPMAILER_LANG['file_open'] = 'Bestandsfout: kon bestand niet openen: ';
|
||||
$PHPMAILER_LANG['from_failed'] = 'Het volgende afzendersadres is mislukt: ';
|
||||
$PHPMAILER_LANG['instantiate'] = 'Kon mailfunctie niet initialiseren.';
|
||||
$PHPMAILER_LANG['invalid_address'] = 'Ongeldig adres: ';
|
||||
$PHPMAILER_LANG['invalid_header'] = 'Ongeldige header naam of waarde';
|
||||
$PHPMAILER_LANG['invalid_hostentry'] = 'Ongeldige hostentry: ';
|
||||
$PHPMAILER_LANG['invalid_host'] = 'Ongeldige host: ';
|
||||
$PHPMAILER_LANG['mailer_not_supported'] = ' mailer wordt niet ondersteund.';
|
||||
$PHPMAILER_LANG['provide_address'] = 'Er moet minstens één ontvanger worden opgegeven.';
|
||||
$PHPMAILER_LANG['recipients_failed'] = 'SMTP-fout: de volgende ontvangers zijn mislukt: ';
|
||||
$PHPMAILER_LANG['signing'] = 'Signeerfout: ';
|
||||
$PHPMAILER_LANG['smtp_code'] = 'SMTP code: ';
|
||||
$PHPMAILER_LANG['smtp_code_ex'] = 'Aanvullende SMTP informatie: ';
|
||||
$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Verbinding mislukt.';
|
||||
$PHPMAILER_LANG['smtp_detail'] = 'Detail: ';
|
||||
$PHPMAILER_LANG['smtp_error'] = 'SMTP-serverfout: ';
|
||||
$PHPMAILER_LANG['variable_set'] = 'Kan de volgende variabele niet instellen of resetten: ';
|
||||
$PHPMAILER_LANG['extension_missing'] = 'Extensie afwezig: ';
|
||||
|
|
@ -16,11 +16,11 @@ $PHPMAILER_LANG['file_access'] = 'Немає доступу до фай
|
|||
$PHPMAILER_LANG['file_open'] = 'Помилка файлової системи: не вдається відкрити файл: ';
|
||||
$PHPMAILER_LANG['from_failed'] = 'Невірна адреса відправника: ';
|
||||
$PHPMAILER_LANG['instantiate'] = 'Неможливо запустити функцію mail().';
|
||||
$PHPMAILER_LANG['provide_address'] = 'Будь-ласка, введіть хоча б одну email-адресу отримувача.';
|
||||
$PHPMAILER_LANG['provide_address'] = 'Будь ласка, введіть хоча б одну email-адресу отримувача.';
|
||||
$PHPMAILER_LANG['mailer_not_supported'] = ' - поштовий сервер не підтримується.';
|
||||
$PHPMAILER_LANG['recipients_failed'] = 'Помилка SMTP: не вдалося відправлення для таких отримувачів: ';
|
||||
$PHPMAILER_LANG['empty_message'] = 'Пусте повідомлення';
|
||||
$PHPMAILER_LANG['invalid_address'] = 'Не відправлено через невірний формат email-адреси: ';
|
||||
$PHPMAILER_LANG['invalid_address'] = 'Не відправлено через неправильний формат email-адреси: ';
|
||||
$PHPMAILER_LANG['signing'] = 'Помилка підпису: ';
|
||||
$PHPMAILER_LANG['smtp_connect_failed'] = 'Помилка з\'єднання з SMTP-сервером';
|
||||
$PHPMAILER_LANG['smtp_error'] = 'Помилка SMTP-сервера: ';
|
||||
|
|
@ -35,6 +35,6 @@ class Exception extends \Exception
|
|||
*/
|
||||
public function errorMessage()
|
||||
{
|
||||
return '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
|
||||
return '<strong>' . htmlspecialchars($this->getMessage(), ENT_COMPAT | ENT_HTML401) . "</strong><br />\n";
|
||||
}
|
||||
}
|
||||
|
|
@ -103,14 +103,14 @@ class PHPMailer
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
public $From = 'root@localhost';
|
||||
public $From = '';
|
||||
|
||||
/**
|
||||
* The From name of the message.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $FromName = 'Root User';
|
||||
public $FromName = '';
|
||||
|
||||
/**
|
||||
* The envelope sender of the message.
|
||||
|
|
@ -428,9 +428,11 @@ class PHPMailer
|
|||
public $Debugoutput = 'echo';
|
||||
|
||||
/**
|
||||
* Whether to keep SMTP connection open after each message.
|
||||
* If this is set to true then to close the connection
|
||||
* requires an explicit call to smtpClose().
|
||||
* Whether to keep the SMTP connection open after each message.
|
||||
* If this is set to true then the connection will remain open after a send,
|
||||
* and closing the connection will require an explicit call to smtpClose().
|
||||
* It's a good idea to use this if you are sending multiple messages as it reduces overhead.
|
||||
* See the mailing list example for how to use it.
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
|
|
@ -687,7 +689,7 @@ class PHPMailer
|
|||
protected $boundary = [];
|
||||
|
||||
/**
|
||||
* The array of available languages.
|
||||
* The array of available text strings for the current language.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
|
|
@ -748,7 +750,7 @@ class PHPMailer
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.4.0';
|
||||
const VERSION = '6.5.1';
|
||||
|
||||
/**
|
||||
* Error severity: message only, continue processing.
|
||||
|
|
@ -1186,25 +1188,33 @@ class PHPMailer
|
|||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function parseAddresses($addrstr, $useimap = true)
|
||||
public static function parseAddresses($addrstr, $useimap = true, $charset = self::CHARSET_ISO88591)
|
||||
{
|
||||
$addresses = [];
|
||||
if ($useimap && function_exists('imap_rfc822_parse_adrlist')) {
|
||||
//Use this built-in parser if it's available
|
||||
$list = imap_rfc822_parse_adrlist($addrstr, '');
|
||||
// Clear any potential IMAP errors to get rid of notices being thrown at end of script.
|
||||
imap_errors();
|
||||
foreach ($list as $address) {
|
||||
if (
|
||||
('.SYNTAX-ERROR.' !== $address->host) && static::validateAddress(
|
||||
$address->mailbox . '@' . $address->host
|
||||
)
|
||||
'.SYNTAX-ERROR.' !== $address->host &&
|
||||
static::validateAddress($address->mailbox . '@' . $address->host)
|
||||
) {
|
||||
//Decode the name part if it's present and encoded
|
||||
if (
|
||||
property_exists($address, 'personal') &&
|
||||
extension_loaded('mbstring') &&
|
||||
preg_match('/^=\?.*\?=$/', $address->personal)
|
||||
//Check for a Mbstring constant rather than using extension_loaded, which is sometimes disabled
|
||||
defined('MB_CASE_UPPER') &&
|
||||
preg_match('/^=\?.*\?=$/s', $address->personal)
|
||||
) {
|
||||
$origCharset = mb_internal_encoding();
|
||||
mb_internal_encoding($charset);
|
||||
//Undo any RFC2047-encoded spaces-as-underscores
|
||||
$address->personal = str_replace('_', '=20', $address->personal);
|
||||
//Decode the name
|
||||
$address->personal = mb_decode_mimeheader($address->personal);
|
||||
mb_internal_encoding($origCharset);
|
||||
}
|
||||
|
||||
$addresses[] = [
|
||||
|
|
@ -1232,9 +1242,16 @@ class PHPMailer
|
|||
$email = trim(str_replace('>', '', $email));
|
||||
$name = trim($name);
|
||||
if (static::validateAddress($email)) {
|
||||
//Check for a Mbstring constant rather than using extension_loaded, which is sometimes disabled
|
||||
//If this name is encoded, decode it
|
||||
if (preg_match('/^=\?.*\?=$/', $name)) {
|
||||
if (defined('MB_CASE_UPPER') && preg_match('/^=\?.*\?=$/s', $name)) {
|
||||
$origCharset = mb_internal_encoding();
|
||||
mb_internal_encoding($charset);
|
||||
//Undo any RFC2047-encoded spaces-as-underscores
|
||||
$name = str_replace('_', '=20', $name);
|
||||
//Decode the name
|
||||
$name = mb_decode_mimeheader($name);
|
||||
mb_internal_encoding($origCharset);
|
||||
}
|
||||
$addresses[] = [
|
||||
//Remove any surrounding quotes and spaces from the name
|
||||
|
|
@ -1335,7 +1352,8 @@ class PHPMailer
|
|||
if (null === $patternselect) {
|
||||
$patternselect = static::$validator;
|
||||
}
|
||||
if (is_callable($patternselect)) {
|
||||
//Don't allow strings as callables, see SECURITY.md and CVE-2021-3603
|
||||
if (is_callable($patternselect) && !is_string($patternselect)) {
|
||||
return call_user_func($patternselect, $address);
|
||||
}
|
||||
//Reject line breaks in addresses; it's valid RFC5322, but not RFC5321
|
||||
|
|
@ -1505,12 +1523,7 @@ class PHPMailer
|
|||
&& ini_get('mail.add_x_header') === '1'
|
||||
&& stripos(PHP_OS, 'WIN') === 0
|
||||
) {
|
||||
trigger_error(
|
||||
'Your version of PHP is affected by a bug that may result in corrupted messages.' .
|
||||
' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' .
|
||||
' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.',
|
||||
E_USER_WARNING
|
||||
);
|
||||
trigger_error($this->lang('buggy_php'), E_USER_WARNING);
|
||||
}
|
||||
|
||||
try {
|
||||
|
|
@ -1721,9 +1734,10 @@ class PHPMailer
|
|||
fwrite($mail, $header);
|
||||
fwrite($mail, $body);
|
||||
$result = pclose($mail);
|
||||
$addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
|
||||
$this->doCallback(
|
||||
($result === 0),
|
||||
[$toAddr],
|
||||
[[$addrinfo['address'], $addrinfo['name']]],
|
||||
$this->cc,
|
||||
$this->bcc,
|
||||
$this->Subject,
|
||||
|
|
@ -1810,7 +1824,8 @@ class PHPMailer
|
|||
*/
|
||||
protected static function isPermittedPath($path)
|
||||
{
|
||||
return !preg_match('#^[a-z]+://#i', $path);
|
||||
//Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1
|
||||
return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1822,12 +1837,15 @@ class PHPMailer
|
|||
*/
|
||||
protected static function fileIsAccessible($path)
|
||||
{
|
||||
if (!static::isPermittedPath($path)) {
|
||||
return false;
|
||||
}
|
||||
$readable = file_exists($path);
|
||||
//If not a UNC path (expected to start with \\), check read permission, see #2069
|
||||
if (strpos($path, '\\\\') !== 0) {
|
||||
$readable = $readable && is_readable($path);
|
||||
}
|
||||
return static::isPermittedPath($path) && $readable;
|
||||
return $readable;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1876,7 +1894,17 @@ class PHPMailer
|
|||
if ($this->SingleTo && count($toArr) > 1) {
|
||||
foreach ($toArr as $toAddr) {
|
||||
$result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
|
||||
$this->doCallback($result, [$toAddr], $this->cc, $this->bcc, $this->Subject, $body, $this->From, []);
|
||||
$addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
|
||||
$this->doCallback(
|
||||
$result,
|
||||
[[$addrinfo['address'], $addrinfo['name']]],
|
||||
$this->cc,
|
||||
$this->bcc,
|
||||
$this->Subject,
|
||||
$body,
|
||||
$this->From,
|
||||
[]
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$result = $this->mailPassthru($to, $this->Subject, $body, $header, $params);
|
||||
|
|
@ -1965,7 +1993,7 @@ class PHPMailer
|
|||
$isSent = true;
|
||||
}
|
||||
|
||||
$callbacks[] = ['issent' => $isSent, 'to' => $to[0]];
|
||||
$callbacks[] = ['issent' => $isSent, 'to' => $to[0], 'name' => $to[1]];
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1986,7 +2014,7 @@ class PHPMailer
|
|||
foreach ($callbacks as $cb) {
|
||||
$this->doCallback(
|
||||
$cb['issent'],
|
||||
[$cb['to']],
|
||||
[[$cb['to'], $cb['name']]],
|
||||
[],
|
||||
[],
|
||||
$this->Subject,
|
||||
|
|
@ -2163,13 +2191,15 @@ class PHPMailer
|
|||
|
||||
/**
|
||||
* Set the language for error messages.
|
||||
* Returns false if it cannot load the language file.
|
||||
* The default language is English.
|
||||
*
|
||||
* @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr")
|
||||
* @param string $lang_path Path to the language file directory, with trailing separator (slash)
|
||||
* Optionally, the language code can be enhanced with a 4-character
|
||||
* script annotation and/or a 2-character country annotation.
|
||||
* @param string $lang_path Path to the language file directory, with trailing separator (slash).D
|
||||
* Do not set this from user input!
|
||||
*
|
||||
* @return bool
|
||||
* @return bool Returns true if the requested language was loaded, false otherwise.
|
||||
*/
|
||||
public function setLanguage($langcode = 'en', $lang_path = '')
|
||||
{
|
||||
|
|
@ -2192,51 +2222,102 @@ class PHPMailer
|
|||
//Define full set of translatable strings in English
|
||||
$PHPMAILER_LANG = [
|
||||
'authenticate' => 'SMTP Error: Could not authenticate.',
|
||||
'buggy_php' => 'Your version of PHP is affected by a bug that may result in corrupted messages.' .
|
||||
' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' .
|
||||
' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.',
|
||||
'connect_host' => 'SMTP Error: Could not connect to SMTP host.',
|
||||
'data_not_accepted' => 'SMTP Error: data not accepted.',
|
||||
'empty_message' => 'Message body empty',
|
||||
'encoding' => 'Unknown encoding: ',
|
||||
'execute' => 'Could not execute: ',
|
||||
'extension_missing' => 'Extension missing: ',
|
||||
'file_access' => 'Could not access file: ',
|
||||
'file_open' => 'File Error: Could not open file: ',
|
||||
'from_failed' => 'The following From address failed: ',
|
||||
'instantiate' => 'Could not instantiate mail function.',
|
||||
'invalid_address' => 'Invalid address: ',
|
||||
'invalid_header' => 'Invalid header name or value',
|
||||
'invalid_hostentry' => 'Invalid hostentry: ',
|
||||
'invalid_host' => 'Invalid host: ',
|
||||
'mailer_not_supported' => ' mailer is not supported.',
|
||||
'provide_address' => 'You must provide at least one recipient email address.',
|
||||
'recipients_failed' => 'SMTP Error: The following recipients failed: ',
|
||||
'signing' => 'Signing Error: ',
|
||||
'smtp_code' => 'SMTP code: ',
|
||||
'smtp_code_ex' => 'Additional SMTP info: ',
|
||||
'smtp_connect_failed' => 'SMTP connect() failed.',
|
||||
'smtp_detail' => 'Detail: ',
|
||||
'smtp_error' => 'SMTP server error: ',
|
||||
'variable_set' => 'Cannot set or reset variable: ',
|
||||
'extension_missing' => 'Extension missing: ',
|
||||
];
|
||||
if (empty($lang_path)) {
|
||||
//Calculate an absolute path so it can work if CWD is not here
|
||||
$lang_path = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR;
|
||||
}
|
||||
|
||||
//Validate $langcode
|
||||
if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) {
|
||||
$foundlang = true;
|
||||
$langcode = strtolower($langcode);
|
||||
if (
|
||||
!preg_match('/^(?P<lang>[a-z]{2})(?P<script>_[a-z]{4})?(?P<country>_[a-z]{2})?$/', $langcode, $matches)
|
||||
&& $langcode !== 'en'
|
||||
) {
|
||||
$foundlang = false;
|
||||
$langcode = 'en';
|
||||
}
|
||||
$foundlang = true;
|
||||
$lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php';
|
||||
|
||||
//There is no English translation file
|
||||
if ('en' !== $langcode) {
|
||||
//Make sure language file path is readable
|
||||
if (!static::fileIsAccessible($lang_file)) {
|
||||
$langcodes = [];
|
||||
if (!empty($matches['script']) && !empty($matches['country'])) {
|
||||
$langcodes[] = $matches['lang'] . $matches['script'] . $matches['country'];
|
||||
}
|
||||
if (!empty($matches['country'])) {
|
||||
$langcodes[] = $matches['lang'] . $matches['country'];
|
||||
}
|
||||
if (!empty($matches['script'])) {
|
||||
$langcodes[] = $matches['lang'] . $matches['script'];
|
||||
}
|
||||
$langcodes[] = $matches['lang'];
|
||||
|
||||
//Try and find a readable language file for the requested language.
|
||||
$foundFile = false;
|
||||
foreach ($langcodes as $code) {
|
||||
$lang_file = $lang_path . 'phpmailer.lang-' . $code . '.php';
|
||||
if (static::fileIsAccessible($lang_file)) {
|
||||
$foundFile = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($foundFile === false) {
|
||||
$foundlang = false;
|
||||
} else {
|
||||
//Overwrite language-specific strings.
|
||||
//This way we'll never have missing translation keys.
|
||||
$foundlang = include $lang_file;
|
||||
$lines = file($lang_file);
|
||||
foreach ($lines as $line) {
|
||||
//Translation file lines look like this:
|
||||
//$PHPMAILER_LANG['authenticate'] = 'SMTP-Fehler: Authentifizierung fehlgeschlagen.';
|
||||
//These files are parsed as text and not PHP so as to avoid the possibility of code injection
|
||||
//See https://blog.stevenlevithan.com/archives/match-quoted-string
|
||||
$matches = [];
|
||||
if (
|
||||
preg_match(
|
||||
'/^\$PHPMAILER_LANG\[\'([a-z\d_]+)\'\]\s*=\s*(["\'])(.+)*?\2;/',
|
||||
$line,
|
||||
$matches
|
||||
) &&
|
||||
//Ignore unknown translation keys
|
||||
array_key_exists($matches[1], $PHPMAILER_LANG)
|
||||
) {
|
||||
//Overwrite language-specific strings so we'll never have missing translation keys.
|
||||
$PHPMAILER_LANG[$matches[1]] = (string)$matches[3];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->language = $PHPMAILER_LANG;
|
||||
|
||||
return (bool) $foundlang; //Returns false if language not found
|
||||
return $foundlang; //Returns false if language not found
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -2246,6 +2327,10 @@ class PHPMailer
|
|||
*/
|
||||
public function getTranslations()
|
||||
{
|
||||
if (empty($this->language)) {
|
||||
$this->setLanguage(); // Set the default language.
|
||||
}
|
||||
|
||||
return $this->language;
|
||||
}
|
||||
|
||||
|
|
@ -2514,7 +2599,17 @@ class PHPMailer
|
|||
|
||||
//Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4
|
||||
//https://tools.ietf.org/html/rfc5322#section-3.6.4
|
||||
if ('' !== $this->MessageID && preg_match('/^<.*@.*>$/', $this->MessageID)) {
|
||||
if (
|
||||
'' !== $this->MessageID &&
|
||||
preg_match(
|
||||
'/^<((([a-z\d!#$%&\'*+\/=?^_`{|}~-]+(\.[a-z\d!#$%&\'*+\/=?^_`{|}~-]+)*)' .
|
||||
'|("(([\x01-\x08\x0B\x0C\x0E-\x1F\x7F]|[\x21\x23-\x5B\x5D-\x7E])' .
|
||||
'|(\\[\x01-\x09\x0B\x0C\x0E-\x7F]))*"))@(([a-z\d!#$%&\'*+\/=?^_`{|}~-]+' .
|
||||
'(\.[a-z\d!#$%&\'*+\/=?^_`{|}~-]+)*)|(\[(([\x01-\x08\x0B\x0C\x0E-\x1F\x7F]' .
|
||||
'|[\x21-\x5A\x5E-\x7E])|(\\[\x01-\x09\x0B\x0C\x0E-\x7F]))*\])))>$/Di',
|
||||
$this->MessageID
|
||||
)
|
||||
) {
|
||||
$this->lastMessageID = $this->MessageID;
|
||||
} else {
|
||||
$this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname());
|
||||
|
|
@ -3898,13 +3993,13 @@ class PHPMailer
|
|||
if (!empty($lasterror['error'])) {
|
||||
$msg .= $this->lang('smtp_error') . $lasterror['error'];
|
||||
if (!empty($lasterror['detail'])) {
|
||||
$msg .= ' Detail: ' . $lasterror['detail'];
|
||||
$msg .= ' ' . $this->lang('smtp_detail') . $lasterror['detail'];
|
||||
}
|
||||
if (!empty($lasterror['smtp_code'])) {
|
||||
$msg .= ' SMTP code: ' . $lasterror['smtp_code'];
|
||||
$msg .= ' ' . $this->lang('smtp_code') . $lasterror['smtp_code'];
|
||||
}
|
||||
if (!empty($lasterror['smtp_code_ex'])) {
|
||||
$msg .= ' Additional SMTP info: ' . $lasterror['smtp_code_ex'];
|
||||
$msg .= ' ' . $this->lang('smtp_code_ex') . $lasterror['smtp_code_ex'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -3965,7 +4060,7 @@ class PHPMailer
|
|||
empty($host)
|
||||
|| !is_string($host)
|
||||
|| strlen($host) > 256
|
||||
|| !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+])$/', $host)
|
||||
|| !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+\])$/', $host)
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -4042,11 +4137,11 @@ class PHPMailer
|
|||
list($name, $value) = explode(':', $name, 2);
|
||||
}
|
||||
$name = trim($name);
|
||||
$value = trim($value);
|
||||
$value = (null === $value) ? '' : trim($value);
|
||||
//Ensure name is not empty, and that neither name nor value contain line breaks
|
||||
if (empty($name) || strpbrk($name . $value, "\r\n") !== false) {
|
||||
if ($this->exceptions) {
|
||||
throw new Exception('Invalid header name or value');
|
||||
throw new Exception($this->lang('invalid_header'));
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
@ -4200,7 +4295,8 @@ class PHPMailer
|
|||
*
|
||||
* @param string $html The HTML text to convert
|
||||
* @param bool|callable $advanced Any boolean value to use the internal converter,
|
||||
* or provide your own callable for custom conversion
|
||||
* or provide your own callable for custom conversion.
|
||||
* *Never* pass user-supplied data into this parameter
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
|
|
@ -46,7 +46,7 @@ class POP3
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.4.0';
|
||||
const VERSION = '6.5.1';
|
||||
|
||||
/**
|
||||
* Default POP3 port number.
|
||||
|
|
@ -35,7 +35,7 @@ class SMTP
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.4.0';
|
||||
const VERSION = '6.5.1';
|
||||
|
||||
/**
|
||||
* SMTP line break constant.
|
||||
|
|
@ -186,6 +186,7 @@ class SMTP
|
|||
'Amazon_SES' => '/[\d]{3} Ok (.*)/',
|
||||
'SendGrid' => '/[\d]{3} Ok: queued as (.*)/',
|
||||
'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/',
|
||||
'Haraka' => '/[\d]{3} Message Queued \((.*)\)/',
|
||||
];
|
||||
|
||||
/**
|
||||
Loading…
Reference in New Issue