remijean/ZwiiCMS
2
1
Fork 0
forked from ZwiiCMS-Team/ZwiiCMS
Code Pull Requests Activity

update phpmailer v5.23

Browse Source
This commit is contained in:
fredtempez 2019-02-20 18:18:20 +01:00
parent 855256af95
commit dabdd115b3
1 changed files with 39 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
core/vendor/phpmailer/phpmailer.php vendored
View File

@ -31,7 +31,7 @@ class PHPMailer
* The PHPMailer Version number. * The PHPMailer Version number.
* @var string * @var string
*/ */
public $Version = '5.2.23'; public $Version = '5.2.27';
/** /**
* Email priority. * Email priority.
@ -440,9 +440,9 @@ class PHPMailer
* *
* Parameters: * Parameters:
* boolean $result result of the send action * boolean $result result of the send action
* string $to email address of the recipient * array $to email addresses of the recipients
* string $cc cc email addresses * array $cc cc email addresses
* string $bcc bcc email addresses * array $bcc bcc email addresses
* string $subject the subject * string $subject the subject
* string $body the email body * string $body the email body
* string $from email address of sender * string $from email address of sender
@ -659,6 +659,8 @@ class PHPMailer
if ($exceptions !== null) { if ($exceptions !== null) {
$this->exceptions = (boolean)$exceptions; $this->exceptions = (boolean)$exceptions;
} }
//Pick an appropriate debug output format automatically
$this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
} }
/** /**
@ -1294,9 +1296,12 @@ class PHPMailer
// Sign with DKIM if enabled // Sign with DKIM if enabled
if (!empty($this->DKIM_domain) if (!empty($this->DKIM_domain)
&& !empty($this->DKIM_selector) and !empty($this->DKIM_selector)
&& (!empty($this->DKIM_private_string) and (!empty($this->DKIM_private_string)
|| (!empty($this->DKIM_private) && file_exists($this->DKIM_private)) or (!empty($this->DKIM_private)
and self::isPermittedPath($this->DKIM_private)
and file_exists($this->DKIM_private)
)
) )
) { ) {
$header_dkim = $this->DKIM_Add( $header_dkim = $this->DKIM_Add(
@ -1461,6 +1466,18 @@ class PHPMailer
return true; return true;
} }
/**
* Check whether a file path is of a permitted type.
* Used to reject URLs and phar files from functions that access local file paths,
* such as addAttachment.
* @param string $path A relative or absolute path to a file.
* @return bool
*/
protected static function isPermittedPath($path)
{
return !preg_match('#^[a-z]+://#i', $path);
}
/** /**
* Send mail using the PHP mail() function. * Send mail using the PHP mail() function.
* @param string $header The message headers * @param string $header The message headers
@ -1622,8 +1639,13 @@ class PHPMailer
foreach ($hosts as $hostentry) { foreach ($hosts as $hostentry) {
$hostinfo = array(); $hostinfo = array();
if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) { if (!preg_match(
'/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
trim($hostentry),
$hostinfo
)) {
// Not a valid host entry // Not a valid host entry
$this->edebug('Ignoring invalid host: ' . $hostentry);
continue; continue;
} }
// $hostinfo[2]: optional ssl or tls prefix // $hostinfo[2]: optional ssl or tls prefix
@ -1742,6 +1764,7 @@ class PHPMailer
'dk' => 'da', 'dk' => 'da',
'no' => 'nb', 'no' => 'nb',
'se' => 'sv', 'se' => 'sv',
'sr' => 'rs'
); );
if (isset($renamed_langcodes[$langcode])) { if (isset($renamed_langcodes[$langcode])) {
@ -1783,7 +1806,7 @@ class PHPMailer
// There is no English translation file // There is no English translation file
if ($langcode != 'en') { if ($langcode != 'en') {
// Make sure language file path is readable // Make sure language file path is readable
if (!is_readable($lang_file)) { if (!self::isPermittedPath($lang_file) or !is_readable($lang_file)) {
$foundlang = false; $foundlang = false;
} else { } else {
// Overwrite language-specific strings. // Overwrite language-specific strings.
@ -2024,10 +2047,7 @@ class PHPMailer
{ {
$result = ''; $result = '';
if ($this->MessageDate == '') { $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
$this->MessageDate = self::rfcDate();
}
$result .= $this->headerLine('Date', $this->MessageDate);
// To be created automatically by mail() // To be created automatically by mail()
if ($this->SingleTo) { if ($this->SingleTo) {
@ -2494,6 +2514,8 @@ class PHPMailer
* Add an attachment from a path on the filesystem. * Add an attachment from a path on the filesystem.
* Never use a user-supplied path to a file! * Never use a user-supplied path to a file!
* Returns false if the file could not be found or read. * Returns false if the file could not be found or read.
* Explicitly *does not* support passing URLs; PHPMailer is not an HTTP client.
* If you need to do that, fetch the resource yourself and pass it in via a local file or string.
* @param string $path Path to the attachment. * @param string $path Path to the attachment.
* @param string $name Overrides the attachment name. * @param string $name Overrides the attachment name.
* @param string $encoding File encoding (see $Encoding). * @param string $encoding File encoding (see $Encoding).
@ -2505,7 +2527,7 @@ class PHPMailer
public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment') public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment')
{ {
try { try {
if (!@is_file($path)) { if (!self::isPermittedPath($path) or !@is_file($path)) {
throw new phpmailerException($this->lang('file_access') . $path, self::STOP_CONTINUE); throw new phpmailerException($this->lang('file_access') . $path, self::STOP_CONTINUE);
} }
@ -2686,7 +2708,7 @@ class PHPMailer
protected function encodeFile($path, $encoding = 'base64') protected function encodeFile($path, $encoding = 'base64')
{ {
try { try {
if (!is_readable($path)) { if (!self::isPermittedPath($path) or !file_exists($path)) {
throw new phpmailerException($this->lang('file_open') . $path, self::STOP_CONTINUE); throw new phpmailerException($this->lang('file_open') . $path, self::STOP_CONTINUE);
} }
$magic_quotes = get_magic_quotes_runtime(); $magic_quotes = get_magic_quotes_runtime();
@ -3030,7 +3052,7 @@ class PHPMailer
*/ */
public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline') public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline')
{ {
if (!@is_file($path)) { if (!self::isPermittedPath($path) or !@is_file($path)) {
$this->setError($this->lang('file_access') . $path); $this->setError($this->lang('file_access') . $path);
return false; return false;
} }
@ -4033,7 +4055,7 @@ class phpmailerException extends Exception
*/ */
public function errorMessage() public function errorMessage()
{ {
$errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n"; $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
return $errorMsg; return $errorMsg;
} }
} }