diff --git a/src/wp-includes/PHPMailer/PHPMailer.php b/src/wp-includes/PHPMailer/PHPMailer.php
index 25818104e0..5618251950 100644
a
|
b
|
class PHPMailer |
428 | 428 | public $Debugoutput = 'echo'; |
429 | 429 | |
430 | 430 | /** |
431 | | * Whether to keep SMTP connection open after each message. |
432 | | * If this is set to true then to close the connection |
433 | | * requires an explicit call to smtpClose(). |
| 431 | * Whether to keep the SMTP connection open after each message. |
| 432 | * If this is set to true then the connection will remain open after a send, |
| 433 | * and closing the connection will require an explicit call to smtpClose(). |
| 434 | * It's a good idea to use this if you are sending multiple messages as it reduces overhead. |
| 435 | * See the mailing list example for how to use it. |
434 | 436 | * |
435 | 437 | * @var bool |
436 | 438 | */ |
… |
… |
class PHPMailer |
748 | 750 | * |
749 | 751 | * @var string |
750 | 752 | */ |
751 | | const VERSION = '6.4.1'; |
| 753 | const VERSION = '6.5.0'; |
752 | 754 | |
753 | 755 | /** |
754 | 756 | * Error severity: message only, continue processing. |
… |
… |
public static function validateAddress($address, $patternselect = null) |
1335 | 1337 | if (null === $patternselect) { |
1336 | 1338 | $patternselect = static::$validator; |
1337 | 1339 | } |
1338 | | if (is_callable($patternselect)) { |
| 1340 | //Don't allow strings as callables, see SECURITY.md and CVE-2021-3603 |
| 1341 | if (is_callable($patternselect) && !is_string($patternselect)) { |
1339 | 1342 | return call_user_func($patternselect, $address); |
1340 | 1343 | } |
1341 | 1344 | //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321 |
… |
… |
public function smtpClose() |
2184 | 2187 | * The default language is English. |
2185 | 2188 | * |
2186 | 2189 | * @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr") |
2187 | | * @param string $lang_path Path to the language file directory, with trailing separator (slash) |
| 2190 | * @param string $lang_path Path to the language file directory, with trailing separator (slash).D |
| 2191 | * Do not set this from user input! |
2188 | 2192 | * |
2189 | 2193 | * @return bool |
2190 | 2194 | */ |
… |
… |
public function setLanguage($langcode = 'en', $lang_path = '') |
2246 | 2250 | if (!static::fileIsAccessible($lang_file)) { |
2247 | 2251 | $foundlang = false; |
2248 | 2252 | } else { |
2249 | | //Overwrite language-specific strings. |
2250 | | //This way we'll never have missing translation keys. |
2251 | | $foundlang = include $lang_file; |
| 2253 | //$foundlang = include $lang_file; |
| 2254 | $lines = file($lang_file); |
| 2255 | foreach ($lines as $line) { |
| 2256 | //Translation file lines look like this: |
| 2257 | //$PHPMAILER_LANG['authenticate'] = 'SMTP-Fehler: Authentifizierung fehlgeschlagen.'; |
| 2258 | //These files are parsed as text and not PHP so as to avoid the possibility of code injection |
| 2259 | //See https://blog.stevenlevithan.com/archives/match-quoted-string |
| 2260 | $matches = []; |
| 2261 | if ( |
| 2262 | preg_match( |
| 2263 | '/^\$PHPMAILER_LANG\[\'([a-z\d_]+)\'\]\s*=\s*(["\'])(.+)*?\2;/', |
| 2264 | $line, |
| 2265 | $matches |
| 2266 | ) && |
| 2267 | //Ignore unknown translation keys |
| 2268 | array_key_exists($matches[1], $PHPMAILER_LANG) |
| 2269 | ) { |
| 2270 | //Overwrite language-specific strings so we'll never have missing translation keys. |
| 2271 | $PHPMAILER_LANG[$matches[1]] = (string)$matches[3]; |
| 2272 | } |
| 2273 | } |
2252 | 2274 | } |
2253 | 2275 | } |
2254 | 2276 | $this->language = $PHPMAILER_LANG; |
2255 | 2277 | |
2256 | | return (bool) $foundlang; //Returns false if language not found |
| 2278 | return $foundlang; //Returns false if language not found |
2257 | 2279 | } |
2258 | 2280 | |
2259 | 2281 | /** |
diff --git a/src/wp-includes/PHPMailer/SMTP.php b/src/wp-includes/PHPMailer/SMTP.php
index 0e7f53df50..a4a91ed0dc 100644
a
|
b
|
class SMTP |
35 | 35 | * |
36 | 36 | * @var string |
37 | 37 | */ |
38 | | const VERSION = '6.4.1'; |
| 38 | const VERSION = '6.5.0'; |
39 | 39 | |
40 | 40 | /** |
41 | 41 | * SMTP line break constant. |
… |
… |
class SMTP |
186 | 186 | 'Amazon_SES' => '/[\d]{3} Ok (.*)/', |
187 | 187 | 'SendGrid' => '/[\d]{3} Ok: queued as (.*)/', |
188 | 188 | 'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/', |
| 189 | 'Haraka' => '/[\d]{3} Message Queued \((.*)\)/', |
189 | 190 | ]; |
190 | 191 | |
191 | 192 | /** |