WordPress.org

Make WordPress Core

Ticket #52954: 52954.patch

File 52954.patch, 4.2 KB (added by ayeshrajans, 7 weeks ago)

Update to PHPMailer 6.4.0. This is a verbatime copy of the upstream PHPMailer 6.4.0 tag, with this patch applied.

  • src/wp-includes/PHPMailer/PHPMailer.php

    diff --git a/src/wp-includes/PHPMailer/PHPMailer.php b/src/wp-includes/PHPMailer/PHPMailer.php
    index 52e2027859..8b27efc461 100644
    a b class PHPMailer 
    748748     *
    749749     * @var string
    750750     */
    751     const VERSION = '6.3.0';
     751    const VERSION = '6.4.0';
    752752
    753753    /**
    754754     * Error severity: message only, continue processing.
    public static function parseAddresses($addrstr, $useimap = true) 
    11991199                    )
    12001200                ) {
    12011201                    //Decode the name part if it's present and encoded
    1202                     if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) {
     1202                    if (
     1203                        property_exists($address, 'personal') &&
     1204                        extension_loaded('mbstring') &&
     1205                        preg_match('/^=\?.*\?=$/', $address->personal)
     1206                    ) {
    12031207                        $address->personal = mb_decode_mimeheader($address->personal);
    12041208                    }
    12051209
    protected function sendmailSend($header, $body) 
    16821686        //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html
    16831687        //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
    16841688        //Example problem: https://www.drupal.org/node/1057954
    1685         //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
    1686         if ('' === $this->Sender) {
    1687             $this->Sender = $this->From;
    1688         }
    16891689        if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
    16901690            //PHP config has a sender address we can use
    16911691            $this->Sender = ini_get('sendmail_from');
    16921692        }
    16931693        //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
    1694         //But sendmail requires this param, so fail without it
    16951694        if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
    16961695            if ($this->Mailer === 'qmail') {
    16971696                $sendmailFmt = '%s -f%s';
    protected function sendmailSend($header, $body) 
    16991698                $sendmailFmt = '%s -oi -f%s -t';
    17001699            }
    17011700        } else {
    1702             $this->edebug('Sender address unusable or missing: ' . $this->Sender);
    1703             return false;
     1701            //allow sendmail to choose a default envelope sender. It may
     1702            //seem preferable to force it to use the From header as with
     1703            //SMTP, but that introduces new problems (see
     1704            //<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
     1705            //it has historically worked this way.
     1706            $sendmailFmt = '%s -oi -t';
    17041707        }
    17051708
    17061709        $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
    protected function mailSend($header, $body) 
    18601863        //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
    18611864        //Example problem: https://www.drupal.org/node/1057954
    18621865        //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
    1863         if ('' === $this->Sender) {
    1864             $this->Sender = $this->From;
    1865         }
    18661866        if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
    18671867            //PHP config has a sender address we can use
    18681868            $this->Sender = ini_get('sendmail_from');
  • src/wp-includes/PHPMailer/SMTP.php

    diff --git a/src/wp-includes/PHPMailer/SMTP.php b/src/wp-includes/PHPMailer/SMTP.php
    index 68f3aeccc5..9d85929ddf 100644
    a b class SMTP 
    3535     *
    3636     * @var string
    3737     */
    38     const VERSION = '6.3.0';
     38    const VERSION = '6.4.0';
    3939
    4040    /**
    4141     * SMTP line break constant.
    public function authenticate( 
    553553                }
    554554                //Send encoded username and password
    555555                if (
     556                    //Format from https://tools.ietf.org/html/rfc4616#section-2
     557                    //We skip the first field (it's forgery), so the string starts with a null byte
    556558                    !$this->sendCommand(
    557559                        'User & Password',
    558560                        base64_encode("\0" . $username . "\0" . $password),