WordPress.org

Make WordPress Core

Ticket #19719: phpmailer-display-name-validation.patch

File phpmailer-display-name-validation.patch, 2.1 KB (added by dllh, 2 years ago)

Adds display name validation

  • wp-includes/class-phpmailer.php

     
    491491      echo $this->Lang('invalid_address').': '.$address; 
    492492      return false; 
    493493    } 
     494    if (!self::ValidateDisplayName($name)) { 
     495      $this->SetError($this->Lang('invalid_display_name').': '. $name); 
     496      if ($this->exceptions) { 
     497        throw new phpmailerException($this->Lang('invalid_display_name').': '.$name); 
     498      } 
     499      echo $this->Lang('invalid_display_name').': '.$name; 
     500      return false; 
     501    } 
    494502    if ($kind != 'ReplyTo') { 
    495503      if (!isset($this->all_recipients[strtolower($address)])) { 
    496504        array_push($this->$kind, array($address, $name)); 
     
    559567    } 
    560568  } 
    561569 
     570  /** 
     571   * Check that a string complies with the RFC5322 definition for display-name 
     572   * Static so it can be used without instantiation. 
     573   * Does utf8_decode() and then strips any characters disallowed by the spec, then compares to the original string to see if the transformations actually changed anything. If so, the name is invalid. 
     574   * Conforms approximately to RFC5322 (see section 3.4) 
     575   * @param string $name The display-name to check 
     576   * @return boolean 
     577   * @static 
     578   * @access public 
     579   */ 
     580  public static function ValidateDisplayName($name) { 
     581    $allow = '\s\!\$&*\-=\^`\|\~#%\'+\/\?_\{\}a-zA-Z0-9\.\"'; 
     582    $_name = $name; 
     583    $_name = utf8_decode( $_name ); 
     584    $_name = preg_replace( '/[^' . $allow . ']/', '', $_name ); 
     585    return $name == $_name; 
     586  } 
     587 
    562588  ///////////////////////////////////////////////// 
    563589  // METHODS, MAIL SENDING 
    564590  ///////////////////////////////////////////////// 
     
    924950      'smtp_error' => 'SMTP server error: ', 
    925951      'empty_message' => 'Message body empty', 
    926952      'invalid_address' => 'Invalid address', 
     953      'invalid_display_name' => 'Invalid display name', 
    927954      'variable_set' => 'Cannot set or reset variable: ' 
    928955    ); 
    929956    //Overwrite language-specific strings. This way we'll never have missing translations - no more "language string failed to load"!