Make WordPress Core

Changeset 39729


Ignore:
Timestamp:
01/06/2017 06:03:31 AM (7 years ago)
Author:
dd32
Message:

Mail: Upgrade PHPMailer to 5.2.21.

Merges [39645], [36083], [33142], [33124], [29783] to the 3.9 branch.
See #37210.

Location:
branches/3.9
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9

  • branches/3.9/src/wp-includes/class-phpmailer.php

    r27385 r39729  
    22/**
    33 * PHPMailer - PHP email creation and transport class.
    4  * PHP Version 5.0.0
    5  * Version 5.2.7
     4 * PHP Version 5
    65 * @package PHPMailer
    7  * @link https://github.com/PHPMailer/PHPMailer/
    8  * @author Marcus Bointon (coolbru) <phpmailer@synchromedia.co.uk>
     6 * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
     7 * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
    98 * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
    109 * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
    1110 * @author Brent R. Matzelle (original founder)
    12  * @copyright 2013 Marcus Bointon
     11 * @copyright 2012 - 2014 Marcus Bointon
    1312 * @copyright 2010 - 2012 Jim Jagielski
    1413 * @copyright 2004 - 2009 Andy Prevost
     
    1918 */
    2019
    21 if (version_compare(PHP_VERSION, '5.0.0', '<')) {
    22     exit("Sorry, PHPMailer will only run on PHP version 5 or greater!\n");
    23 }
    24 
    2520/**
    2621 * PHPMailer - PHP email creation and transport class.
    27  * PHP Version 5.0.0
    2822 * @package PHPMailer
    29  * @author Marcus Bointon (coolbru) <phpmailer@synchromedia.co.uk>
     23 * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
    3024 * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
    3125 * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
    3226 * @author Brent R. Matzelle (original founder)
    33  * @copyright 2013 Marcus Bointon
    34  * @copyright 2010 - 2012 Jim Jagielski
    35  * @copyright 2004 - 2009 Andy Prevost
    3627 */
    3728class PHPMailer
     
    3930    /**
    4031     * The PHPMailer Version number.
    41      * @type string
    42      */
    43     public $Version = '5.2.7';
     32     * @var string
     33     */
     34    public $Version = '5.2.21';
    4435
    4536    /**
    4637     * Email priority.
    47      * Options: 1 = High, 3 = Normal, 5 = low.
    48      * @type int
    49      */
    50     public $Priority = 3;
     38     * Options: null (default), 1 = High, 3 = Normal, 5 = low.
     39     * When null, the header is not set at all.
     40     * @var integer
     41     */
     42    public $Priority = null;
    5143
    5244    /**
    5345     * The character set of the message.
    54      * @type string
     46     * @var string
    5547     */
    5648    public $CharSet = 'iso-8859-1';
     
    5850    /**
    5951     * The MIME Content-type of the message.
    60      * @type string
     52     * @var string
    6153     */
    6254    public $ContentType = 'text/plain';
     
    6557     * The message encoding.
    6658     * Options: "8bit", "7bit", "binary", "base64", and "quoted-printable".
    67      * @type string
     59     * @var string
    6860     */
    6961    public $Encoding = '8bit';
     
    7163    /**
    7264     * Holds the most recent mailer error message.
    73      * @type string
     65     * @var string
    7466     */
    7567    public $ErrorInfo = '';
     
    7769    /**
    7870     * The From email address for the message.
    79      * @type string
     71     * @var string
    8072     */
    8173    public $From = 'root@localhost';
     
    8375    /**
    8476     * The From name of the message.
    85      * @type string
     77     * @var string
    8678     */
    8779    public $FromName = 'Root User';
     
    9082     * The Sender email (Return-Path) of the message.
    9183     * If not empty, will be sent via -f to sendmail or as 'MAIL FROM' in smtp mode.
    92      * @type string
     84     * @var string
    9385     */
    9486    public $Sender = '';
     
    9789     * The Return-Path of the message.
    9890     * If empty, it will be set to either From or Sender.
    99      * @type string
     91     * @var string
     92     * @deprecated Email senders should never set a return-path header;
     93     * it's the receiver's job (RFC5321 section 4.4), so this no longer does anything.
     94     * @link https://tools.ietf.org/html/rfc5321#section-4.4 RFC5321 reference
    10095     */
    10196    public $ReturnPath = '';
     
    10398    /**
    10499     * The Subject of the message.
    105      * @type string
     100     * @var string
    106101     */
    107102    public $Subject = '';
     
    110105     * An HTML or plain text message body.
    111106     * If HTML then call isHTML(true).
    112      * @type string
     107     * @var string
    113108     */
    114109    public $Body = '';
     
    119114     * capability such as mutt & Eudora.
    120115     * Clients that can read HTML will view the normal Body.
    121      * @type string
     116     * @var string
    122117     */
    123118    public $AltBody = '';
     
    129124     * @link http://sprain.ch/blog/downloads/php-class-easypeasyics-create-ical-files-with-php/
    130125     * @link http://kigkonsult.se/iCalcreator/
    131      * @type string
     126     * @var string
    132127     */
    133128    public $Ical = '';
     
    136131     * The complete compiled MIME message body.
    137132     * @access protected
    138      * @type string
     133     * @var string
    139134     */
    140135    protected $MIMEBody = '';
     
    142137    /**
    143138     * The complete compiled MIME message headers.
    144      * @type string
     139     * @var string
    145140     * @access protected
    146141     */
     
    149144    /**
    150145     * Extra headers that createHeader() doesn't fold in.
    151      * @type string
     146     * @var string
    152147     * @access protected
    153148     */
     
    156151    /**
    157152     * Word-wrap the message body to this number of chars.
    158      * @type int
     153     * Set to 0 to not wrap. A useful value here is 78, for RFC2822 section 2.1.1 compliance.
     154     * @var integer
    159155     */
    160156    public $WordWrap = 0;
     
    163159     * Which method to use to send mail.
    164160     * Options: "mail", "sendmail", or "smtp".
    165      * @type string
     161     * @var string
    166162     */
    167163    public $Mailer = 'mail';
     
    169165    /**
    170166     * The path to the sendmail program.
    171      * @type string
     167     * @var string
    172168     */
    173169    public $Sendmail = '/usr/sbin/sendmail';
     
    176172     * Whether mail() uses a fully sendmail-compatible MTA.
    177173     * One which supports sendmail's "-oi -f" options.
    178      * @type bool
     174     * @var boolean
    179175     */
    180176    public $UseSendmailOptions = true;
     
    183179     * Path to PHPMailer plugins.
    184180     * Useful if the SMTP class is not in the PHP include path.
    185      * @type string
     181     * @var string
    186182     * @deprecated Should not be needed now there is an autoloader.
    187183     */
     
    189185
    190186    /**
    191      * The email address that a reading confirmation should be sent to.
    192      * @type string
     187     * The email address that a reading confirmation should be sent to, also known as read receipt.
     188     * @var string
    193189     */
    194190    public $ConfirmReadingTo = '';
    195191
    196192    /**
    197      * The hostname to use in Message-Id and Received headers
    198      * and as default HELO string.
    199      * If empty, the value returned
    200      * by SERVER_NAME is used or 'localhost.localdomain'.
    201      * @type string
     193     * The hostname to use in the Message-ID header and as default HELO string.
     194     * If empty, PHPMailer attempts to find one with, in order,
     195     * $_SERVER['SERVER_NAME'], gethostname(), php_uname('n'), or the value
     196     * 'localhost.localdomain'.
     197     * @var string
    202198     */
    203199    public $Hostname = '';
    204200
    205201    /**
    206      * An ID to be used in the Message-Id header.
     202     * An ID to be used in the Message-ID header.
    207203     * If empty, a unique id will be generated.
    208      * @type string
     204     * You can set your own, but it must be in the format "<id@domain>",
     205     * as defined in RFC5322 section 3.6.4 or it will be ignored.
     206     * @see https://tools.ietf.org/html/rfc5322#section-3.6.4
     207     * @var string
    209208     */
    210209    public $MessageID = '';
     
    213212     * The message Date to be used in the Date header.
    214213     * If empty, the current date will be added.
    215      * @type string
     214     * @var string
    216215     */
    217216    public $MessageDate = '';
     
    223222     * for each host by using this format: [hostname:port]
    224223     * (e.g. "smtp1.example.com:25;smtp2.example.com").
     224     * You can also specify encryption type, for example:
     225     * (e.g. "tls://smtp1.example.com:587;ssl://smtp2.example.com:465").
    225226     * Hosts will be tried in order.
    226      * @type string
     227     * @var string
    227228     */
    228229    public $Host = 'localhost';
     
    230231    /**
    231232     * The default SMTP server port.
    232      * @type int
    233      * @Todo Why is this needed when the SMTP class takes care of it?
     233     * @var integer
     234     * @TODO Why is this needed when the SMTP class takes care of it?
    234235     */
    235236    public $Port = 25;
     
    237238    /**
    238239     * The SMTP HELO of the message.
    239      * Default is $Hostname.
    240      * @type string
     240     * Default is $Hostname. If $Hostname is empty, PHPMailer attempts to find
     241     * one with the same method described above for $Hostname.
     242     * @var string
    241243     * @see PHPMailer::$Hostname
    242244     */
     
    244246
    245247    /**
    246      * The secure connection prefix.
    247      * Options: "", "ssl" or "tls"
    248      * @type string
     248     * What kind of encryption to use on the SMTP connection.
     249     * Options: '', 'ssl' or 'tls'
     250     * @var string
    249251     */
    250252    public $SMTPSecure = '';
     253
     254    /**
     255     * Whether to enable TLS encryption automatically if a server supports it,
     256     * even if `SMTPSecure` is not set to 'tls'.
     257     * Be aware that in PHP >= 5.6 this requires that the server's certificates are valid.
     258     * @var boolean
     259     */
     260    public $SMTPAutoTLS = true;
    251261
    252262    /**
    253263     * Whether to use SMTP authentication.
    254264     * Uses the Username and Password properties.
    255      * @type bool
     265     * @var boolean
    256266     * @see PHPMailer::$Username
    257267     * @see PHPMailer::$Password
     
    260270
    261271    /**
     272     * Options array passed to stream_context_create when connecting via SMTP.
     273     * @var array
     274     */
     275    public $SMTPOptions = array();
     276
     277    /**
    262278     * SMTP username.
    263      * @type string
     279     * @var string
    264280     */
    265281    public $Username = '';
     
    267283    /**
    268284     * SMTP password.
    269      * @type string
     285     * @var string
    270286     */
    271287    public $Password = '';
     
    273289    /**
    274290     * SMTP auth type.
    275      * Options are LOGIN (default), PLAIN, NTLM, CRAM-MD5
    276      * @type string
     291     * Options are CRAM-MD5, LOGIN, PLAIN, attempted in that order if not specified
     292     * @var string
    277293     */
    278294    public $AuthType = '';
     
    281297     * SMTP realm.
    282298     * Used for NTLM auth
    283      * @type string
     299     * @var string
    284300     */
    285301    public $Realm = '';
     
    288304     * SMTP workstation.
    289305     * Used for NTLM auth
    290      * @type string
     306     * @var string
    291307     */
    292308    public $Workstation = '';
     
    294310    /**
    295311     * The SMTP server timeout in seconds.
    296      * @type int
    297      */
    298     public $Timeout = 10;
     312     * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
     313     * @var integer
     314     */
     315    public $Timeout = 300;
    299316
    300317    /**
    301318     * SMTP class debug output mode.
    302      * Options: 0 = off, 1 = commands, 2 = commands and data
    303      * @type int
     319     * Debug output level.
     320     * Options:
     321     * * `0` No output
     322     * * `1` Commands
     323     * * `2` Data and commands
     324     * * `3` As 2 plus connection status
     325     * * `4` Low-level data output
     326     * @var integer
    304327     * @see SMTP::$do_debug
    305328     */
     
    307330
    308331    /**
    309      * The function/method to use for debugging output.
    310      * Options: "echo" or "error_log"
    311      * @type string
     332     * How to handle debug output.
     333     * Options:
     334     * * `echo` Output plain-text as-is, appropriate for CLI
     335     * * `html` Output escaped, line breaks converted to `<br>`, appropriate for browser output
     336     * * `error_log` Output to error log as configured in php.ini
     337     *
     338     * Alternatively, you can provide a callable expecting two params: a message string and the debug level:
     339     * <code>
     340     * $mail->Debugoutput = function($str, $level) {echo "debug level $level; message: $str";};
     341     * </code>
     342     * @var string|callable
    312343     * @see SMTP::$Debugoutput
    313344     */
    314     public $Debugoutput = "echo";
     345    public $Debugoutput = 'echo';
    315346
    316347    /**
     
    318349     * If this is set to true then to close the connection
    319350     * requires an explicit call to smtpClose().
    320      * @type bool
     351     * @var boolean
    321352     */
    322353    public $SMTPKeepAlive = false;
     
    325356     * Whether to split multiple to addresses into multiple messages
    326357     * or send them all in one message.
    327      * @type bool
     358     * Only supported in `mail` and `sendmail` transports, not in SMTP.
     359     * @var boolean
    328360     */
    329361    public $SingleTo = false;
     
    331363    /**
    332364     * Storage for addresses when SingleTo is enabled.
    333      * @type array
    334      * @todo This should really not be public
     365     * @var array
     366     * @TODO This should really not be public
    335367     */
    336368    public $SingleToArray = array();
     
    339371     * Whether to generate VERP addresses on send.
    340372     * Only applicable when sending via SMTP.
    341      * @link http://en.wikipedia.org/wiki/Variable_envelope_return_path
    342      * @type bool
     373     * @link https://en.wikipedia.org/wiki/Variable_envelope_return_path
     374     * @link http://www.postfix.org/VERP_README.html Postfix VERP info
     375     * @var boolean
    343376     */
    344377    public $do_verp = false;
     
    346379    /**
    347380     * Whether to allow sending messages with an empty body.
    348      * @type bool
     381     * @var boolean
    349382     */
    350383    public $AllowEmpty = false;
     
    354387     * @note The default remains "\n". We force CRLF where we know
    355388     *        it must be used via self::CRLF.
    356      * @type string
     389     * @var string
    357390     */
    358391    public $LE = "\n";
     
    360393    /**
    361394     * DKIM selector.
    362      * @type string
     395     * @var string
    363396     */
    364397    public $DKIM_selector = '';
     
    366399    /**
    367400     * DKIM Identity.
    368      * Usually the email address used as the source of the email
    369      * @type string
     401     * Usually the email address used as the source of the email.
     402     * @var string
    370403     */
    371404    public $DKIM_identity = '';
     
    374407     * DKIM passphrase.
    375408     * Used if your key is encrypted.
    376      * @type string
     409     * @var string
    377410     */
    378411    public $DKIM_passphrase = '';
     
    381414     * DKIM signing domain name.
    382415     * @example 'example.com'
    383      * @type string
     416     * @var string
    384417     */
    385418    public $DKIM_domain = '';
     
    387420    /**
    388421     * DKIM private key file path.
    389      * @type string
     422     * @var string
    390423     */
    391424    public $DKIM_private = '';
     425
     426    /**
     427     * DKIM private key string.
     428     * If set, takes precedence over `$DKIM_private`.
     429     * @var string
     430     */
     431    public $DKIM_private_string = '';
    392432
    393433    /**
     
    397437     * It is called out by send() for each email sent.
    398438     *
    399      * Value can be:
    400      * - 'function_name' for function names
    401      * - 'Class::Method' for static method calls
    402      * - array($object, 'Method') for calling methods on $object
    403      * See http://php.net/is_callable manual page for more details.
     439     * Value can be any php callable: http://www.php.net/is_callable
    404440     *
    405441     * Parameters:
    406      *   bool    $result        result of the send action
     442     *   boolean $result        result of the send action
    407443     *   string  $to            email address of the recipient
    408444     *   string  $cc            cc email addresses
     
    411447     *   string  $body          the email body
    412448     *   string  $from          email address of sender
    413      *
    414      * @type string
     449     * @var string
    415450     */
    416451    public $action_function = '';
    417452
    418453    /**
    419      * What to use in the X-Mailer header.
    420      * Options: null for default, whitespace for none, or a string to use
    421      * @type string
     454     * What to put in the X-Mailer header.
     455     * Options: An empty string for PHPMailer default, whitespace for none, or a string to use
     456     * @var string
    422457     */
    423458    public $XMailer = '';
    424459
    425460    /**
     461     * Which validator to use by default when validating email addresses.
     462     * May be a callable to inject your own validator, but there are several built-in validators.
     463     * @see PHPMailer::validateAddress()
     464     * @var string|callable
     465     * @static
     466     */
     467    public static $validator = 'auto';
     468
     469    /**
    426470     * An instance of the SMTP sender class.
    427      * @type SMTP
     471     * @var SMTP
    428472     * @access protected
    429473     */
     
    431475
    432476    /**
    433      * The array of 'to' addresses.
    434      * @type array
     477     * The array of 'to' names and addresses.
     478     * @var array
    435479     * @access protected
    436480     */
     
    438482
    439483    /**
    440      * The array of 'cc' addresses.
    441      * @type array
     484     * The array of 'cc' names and addresses.
     485     * @var array
    442486     * @access protected
    443487     */
     
    445489
    446490    /**
    447      * The array of 'bcc' addresses.
    448      * @type array
     491     * The array of 'bcc' names and addresses.
     492     * @var array
    449493     * @access protected
    450494     */
     
    453497    /**
    454498     * The array of reply-to names and addresses.
    455      * @type array
     499     * @var array
    456500     * @access protected
    457501     */
     
    460504    /**
    461505     * An array of all kinds of addresses.
    462      * Includes all of $to, $cc, $bcc, $replyto
    463      * @type array
     506     * Includes all of $to, $cc, $bcc
     507     * @var array
    464508     * @access protected
     509     * @see PHPMailer::$to @see PHPMailer::$cc @see PHPMailer::$bcc
    465510     */
    466511    protected $all_recipients = array();
    467512
    468513    /**
     514     * An array of names and addresses queued for validation.
     515     * In send(), valid and non duplicate entries are moved to $all_recipients
     516     * and one of $to, $cc, or $bcc.
     517     * This array is used only for addresses with IDN.
     518     * @var array
     519     * @access protected
     520     * @see PHPMailer::$to @see PHPMailer::$cc @see PHPMailer::$bcc
     521     * @see PHPMailer::$all_recipients
     522     */
     523    protected $RecipientsQueue = array();
     524
     525    /**
     526     * An array of reply-to names and addresses queued for validation.
     527     * In send(), valid and non duplicate entries are moved to $ReplyTo.
     528     * This array is used only for addresses with IDN.
     529     * @var array
     530     * @access protected
     531     * @see PHPMailer::$ReplyTo
     532     */
     533    protected $ReplyToQueue = array();
     534
     535    /**
    469536     * The array of attachments.
    470      * @type array
     537     * @var array
    471538     * @access protected
    472539     */
     
    475542    /**
    476543     * The array of custom headers.
    477      * @type array
     544     * @var array
    478545     * @access protected
    479546     */
     
    482549    /**
    483550     * The most recent Message-ID (including angular brackets).
    484      * @type string
     551     * @var string
    485552     * @access protected
    486553     */
     
    489556    /**
    490557     * The message's MIME type.
    491      * @type string
     558     * @var string
    492559     * @access protected
    493560     */
     
    496563    /**
    497564     * The array of MIME boundary strings.
    498      * @type array
     565     * @var array
    499566     * @access protected
    500567     */
     
    503570    /**
    504571     * The array of available languages.
    505      * @type array
     572     * @var array
    506573     * @access protected
    507574     */
     
    510577    /**
    511578     * The number of errors encountered.
    512      * @type integer
     579     * @var integer
    513580     * @access protected
    514581     */
     
    517584    /**
    518585     * The S/MIME certificate file path.
    519      * @type string
     586     * @var string
    520587     * @access protected
    521588     */
     
    524591    /**
    525592     * The S/MIME key file path.
    526      * @type string
     593     * @var string
    527594     * @access protected
    528595     */
    529596    protected $sign_key_file = '';
     597
     598    /**
     599     * The optional S/MIME extra certificates ("CA Chain") file path.
     600     * @var string
     601     * @access protected
     602     */
     603    protected $sign_extracerts_file = '';
    530604
    531605    /**
    532606     * The S/MIME password for the key.
    533607     * Used only if the key is encrypted.
    534      * @type string
     608     * @var string
    535609     * @access protected
    536610     */
     
    539613    /**
    540614     * Whether to throw exceptions for errors.
    541      * @type bool
     615     * @var boolean
    542616     * @access protected
    543617     */
     
    545619
    546620    /**
    547      * Error severity: message only, continue processing
     621     * Unique ID used for message ID and boundaries.
     622     * @var string
     623     * @access protected
     624     */
     625    protected $uniqueid = '';
     626
     627    /**
     628     * Error severity: message only, continue processing.
    548629     */
    549630    const STOP_MESSAGE = 0;
    550631
    551632    /**
    552      * Error severity: message, likely ok to continue processing
     633     * Error severity: message, likely ok to continue processing.
    553634     */
    554635    const STOP_CONTINUE = 1;
    555636
    556637    /**
    557      * Error severity: message, plus full stop, critical error reached
     638     * Error severity: message, plus full stop, critical error reached.
    558639     */
    559640    const STOP_CRITICAL = 2;
    560641
    561642    /**
    562      * SMTP RFC standard line ending
     643     * SMTP RFC standard line ending.
    563644     */
    564645    const CRLF = "\r\n";
    565646
    566647    /**
    567      * Constructor
    568      * @param bool $exceptions Should we throw external exceptions?
    569      */
    570     public function __construct($exceptions = false)
    571     {
    572         $this->exceptions = ($exceptions == true);
     648     * The maximum line length allowed by RFC 2822 section 2.1.1
     649     * @var integer
     650     */
     651    const MAX_LINE_LENGTH = 998;
     652
     653    /**
     654     * Constructor.
     655     * @param boolean $exceptions Should we throw external exceptions?
     656     */
     657    public function __construct($exceptions = null)
     658    {
     659        if ($exceptions !== null) {
     660            $this->exceptions = (boolean)$exceptions;
     661        }
    573662    }
    574663
     
    578667    public function __destruct()
    579668    {
    580         if ($this->Mailer == 'smtp') { //close any open SMTP connection nicely
    581             $this->smtpClose();
    582         }
     669        //Close any open SMTP connection nicely
     670        $this->smtpClose();
    583671    }
    584672
     
    594682     * @param string $params Params
    595683     * @access private
    596      * @return bool
     684     * @return boolean
    597685     */
    598686    private function mailPassthru($to, $subject, $body, $header, $params)
    599687    {
    600         if (ini_get('safe_mode') || !($this->UseSendmailOptions)) {
    601             $rt = @mail($to, $this->encodeHeader($this->secureHeader($subject)), $body, $header);
     688        //Check overloading of mail function to avoid double-encoding
     689        if (ini_get('mbstring.func_overload') & 1) {
     690            $subject = $this->secureHeader($subject);
    602691        } else {
    603             $rt = @mail($to, $this->encodeHeader($this->secureHeader($subject)), $body, $header, $params);
    604         }
    605         return $rt;
    606     }
    607 
     692            $subject = $this->encodeHeader($this->secureHeader($subject));
     693        }
     694
     695        //Can't use additional_parameters in safe_mode, calling mail() with null params breaks
     696        //@link http://php.net/manual/en/function.mail.php
     697        if (ini_get('safe_mode') or !$this->UseSendmailOptions or is_null($params)) {
     698            $result = @mail($to, $subject, $body, $header);
     699        } else {
     700            $result = @mail($to, $subject, $body, $header, $params);
     701        }
     702        return $result;
     703    }
    608704    /**
    609705     * Output debugging info via user-defined method.
    610      * Only if debug output is enabled.
     706     * Only generates output if SMTP debug output is enabled (@see SMTP::$do_debug).
    611707     * @see PHPMailer::$Debugoutput
    612708     * @see PHPMailer::$SMTPDebug
     
    615711    protected function edebug($str)
    616712    {
    617         if (!$this->SMTPDebug) {
     713        if ($this->SMTPDebug <= 0) {
     714            return;
     715        }
     716        //Avoid clash with built-in function names
     717        if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {
     718            call_user_func($this->Debugoutput, $str, $this->SMTPDebug);
    618719            return;
    619720        }
    620721        switch ($this->Debugoutput) {
    621722            case 'error_log':
     723                //Don't output, just log
    622724                error_log($str);
    623725                break;
    624726            case 'html':
    625                 //Cleans up output a bit for a better looking display that's HTML-safe
    626                 echo htmlentities(preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, $this->CharSet) . "<br>\n";
     727                //Cleans up output a bit for a better looking, HTML-safe output
     728                echo htmlentities(
     729                    preg_replace('/[\r\n]+/', '', $str),
     730                    ENT_QUOTES,
     731                    'UTF-8'
     732                )
     733                . "<br>\n";
    627734                break;
    628735            case 'echo':
    629736            default:
    630                 //Just echoes exactly what was received
    631                 echo $str;
     737                //Normalize line breaks
     738                $str = preg_replace('/\r\n?/ms', "\n", $str);
     739                echo gmdate('Y-m-d H:i:s') . "\t" . str_replace(
     740                    "\n",
     741                    "\n                   \t                  ",
     742                    trim($str)
     743                ) . "\n";
    632744        }
    633745    }
     
    635747    /**
    636748     * Sets message type to HTML or plain.
    637      * @param bool $ishtml True for HTML mode.
     749     * @param boolean $isHtml True for HTML mode.
    638750     * @return void
    639751     */
    640     public function isHTML($ishtml = true)
    641     {
    642         if ($ishtml) {
     752    public function isHTML($isHtml = true)
     753    {
     754        if ($isHtml) {
    643755            $this->ContentType = 'text/html';
    644756        } else {
     
    671783    public function isSendmail()
    672784    {
    673         if (!stristr(ini_get('sendmail_path'), 'sendmail')) {
    674             $this->Sendmail = '/var/qmail/bin/sendmail';
     785        $ini_sendmail_path = ini_get('sendmail_path');
     786
     787        if (!stristr($ini_sendmail_path, 'sendmail')) {
     788            $this->Sendmail = '/usr/sbin/sendmail';
     789        } else {
     790            $this->Sendmail = $ini_sendmail_path;
    675791        }
    676792        $this->Mailer = 'sendmail';
     
    683799    public function isQmail()
    684800    {
    685         if (stristr(ini_get('sendmail_path'), 'qmail')) {
    686             $this->Sendmail = '/var/qmail/bin/sendmail';
    687         }
    688         $this->Mailer = 'sendmail';
     801        $ini_sendmail_path = ini_get('sendmail_path');
     802
     803        if (!stristr($ini_sendmail_path, 'qmail')) {
     804            $this->Sendmail = '/var/qmail/bin/qmail-inject';
     805        } else {
     806            $this->Sendmail = $ini_sendmail_path;
     807        }
     808        $this->Mailer = 'qmail';
    689809    }
    690810
    691811    /**
    692812     * Add a "To" address.
    693      * @param string $address
     813     * @param string $address The email address to send to
    694814     * @param string $name
    695      * @return bool true on success, false if address already used
     815     * @return boolean true on success, false if address already used or invalid in some way
    696816     */
    697817    public function addAddress($address, $name = '')
    698818    {
    699         return $this->addAnAddress('to', $address, $name);
     819        return $this->addOrEnqueueAnAddress('to', $address, $name);
    700820    }
    701821
     
    703823     * Add a "CC" address.
    704824     * @note: This function works with the SMTP mailer on win32, not with the "mail" mailer.
    705      * @param string $address
     825     * @param string $address The email address to send to
    706826     * @param string $name
    707      * @return bool true on success, false if address already used
     827     * @return boolean true on success, false if address already used or invalid in some way
    708828     */
    709829    public function addCC($address, $name = '')
    710830    {
    711         return $this->addAnAddress('cc', $address, $name);
     831        return $this->addOrEnqueueAnAddress('cc', $address, $name);
    712832    }
    713833
     
    715835     * Add a "BCC" address.
    716836     * @note: This function works with the SMTP mailer on win32, not with the "mail" mailer.
    717      * @param string $address
    718      * @param string $name
    719      * @return bool true on success, false if address already used
    720      */
    721     public function addBCC($address, $name = '')
    722     {
    723         return $this->addAnAddress('bcc', $address, $name);
    724     }
    725 
    726     /**
    727      * Add a "Reply-to" address.
    728      * @param string $address
    729      * @param string $name
    730      * @return bool
    731      */
    732     public function addReplyTo($address, $name = '')
    733     {
    734         return $this->addAnAddress('Reply-To', $address, $name);
    735     }
    736 
    737     /**
    738      * Add an address to one of the recipient arrays.
    739      * Addresses that have been added already return false, but do not throw exceptions
    740      * @param string $kind One of 'to', 'cc', 'bcc', 'ReplyTo'
    741837     * @param string $address The email address to send to
    742838     * @param string $name
     839     * @return boolean true on success, false if address already used or invalid in some way
     840     */
     841    public function addBCC($address, $name = '')
     842    {
     843        return $this->addOrEnqueueAnAddress('bcc', $address, $name);
     844    }
     845
     846    /**
     847     * Add a "Reply-To" address.
     848     * @param string $address The email address to reply to
     849     * @param string $name
     850     * @return boolean true on success, false if address already used or invalid in some way
     851     */
     852    public function addReplyTo($address, $name = '')
     853    {
     854        return $this->addOrEnqueueAnAddress('Reply-To', $address, $name);
     855    }
     856
     857    /**
     858     * Add an address to one of the recipient arrays or to the ReplyTo array. Because PHPMailer
     859     * can't validate addresses with an IDN without knowing the PHPMailer::$CharSet (that can still
     860     * be modified after calling this function), addition of such addresses is delayed until send().
     861     * Addresses that have been added already return false, but do not throw exceptions.
     862     * @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo'
     863     * @param string $address The email address to send, resp. to reply to
     864     * @param string $name
    743865     * @throws phpmailerException
    744      * @return bool true on success, false if address already used or invalid in some way
     866     * @return boolean true on success, false if address already used or invalid in some way
    745867     * @access protected
    746868     */
    747     protected function addAnAddress($kind, $address, $name = '')
    748     {
    749         if (!preg_match('/^(to|cc|bcc|Reply-To)$/', $kind)) {
    750             $this->setError($this->lang('Invalid recipient array') . ': ' . $kind);
    751             if ($this->exceptions) {
    752                 throw new phpmailerException('Invalid recipient array: ' . $kind);
    753             }
    754             $this->edebug($this->lang('Invalid recipient array') . ': ' . $kind);
    755             return false;
    756         }
     869    protected function addOrEnqueueAnAddress($kind, $address, $name)
     870    {
    757871        $address = trim($address);
    758872        $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim
     873        if (($pos = strrpos($address, '@')) === false) {
     874            // At-sign is misssing.
     875            $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";
     876            $this->setError($error_message);
     877            $this->edebug($error_message);
     878            if ($this->exceptions) {
     879                throw new phpmailerException($error_message);
     880            }
     881            return false;
     882        }
     883        $params = array($kind, $address, $name);
     884        // Enqueue addresses with IDN until we know the PHPMailer::$CharSet.
     885        if ($this->has8bitChars(substr($address, ++$pos)) and $this->idnSupported()) {
     886            if ($kind != 'Reply-To') {
     887                if (!array_key_exists($address, $this->RecipientsQueue)) {
     888                    $this->RecipientsQueue[$address] = $params;
     889                    return true;
     890                }
     891            } else {
     892                if (!array_key_exists($address, $this->ReplyToQueue)) {
     893                    $this->ReplyToQueue[$address] = $params;
     894                    return true;
     895                }
     896            }
     897            return false;
     898        }
     899        // Immediately add standard addresses without IDN.
     900        return call_user_func_array(array($this, 'addAnAddress'), $params);
     901    }
     902
     903    /**
     904     * Add an address to one of the recipient arrays or to the ReplyTo array.
     905     * Addresses that have been added already return false, but do not throw exceptions.
     906     * @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo'
     907     * @param string $address The email address to send, resp. to reply to
     908     * @param string $name
     909     * @throws phpmailerException
     910     * @return boolean true on success, false if address already used or invalid in some way
     911     * @access protected
     912     */
     913    protected function addAnAddress($kind, $address, $name = '')
     914    {
     915        if (!in_array($kind, array('to', 'cc', 'bcc', 'Reply-To'))) {
     916            $error_message = $this->lang('Invalid recipient kind: ') . $kind;
     917            $this->setError($error_message);
     918            $this->edebug($error_message);
     919            if ($this->exceptions) {
     920                throw new phpmailerException($error_message);
     921            }
     922            return false;
     923        }
    759924        if (!$this->validateAddress($address)) {
    760             $this->setError($this->lang('invalid_address') . ': ' . $address);
     925            $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";
     926            $this->setError($error_message);
     927            $this->edebug($error_message);
    761928            if ($this->exceptions) {
    762                 throw new phpmailerException($this->lang('invalid_address') . ': ' . $address);
    763             }
    764             $this->edebug($this->lang('invalid_address') . ': ' . $address);
     929                throw new phpmailerException($error_message);
     930            }
    765931            return false;
    766932        }
    767933        if ($kind != 'Reply-To') {
    768             if (!isset($this->all_recipients[strtolower($address)])) {
     934            if (!array_key_exists(strtolower($address), $this->all_recipients)) {
    769935                array_push($this->$kind, array($address, $name));
    770936                $this->all_recipients[strtolower($address)] = true;
     
    781947
    782948    /**
     949     * Parse and validate a string containing one or more RFC822-style comma-separated email addresses
     950     * of the form "display name <address>" into an array of name/address pairs.
     951     * Uses the imap_rfc822_parse_adrlist function if the IMAP extension is available.
     952     * Note that quotes in the name part are removed.
     953     * @param string $addrstr The address list string
     954     * @param bool $useimap Whether to use the IMAP extension to parse the list
     955     * @return array
     956     * @link http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation
     957     */
     958    public function parseAddresses($addrstr, $useimap = true)
     959    {
     960        $addresses = array();
     961        if ($useimap and function_exists('imap_rfc822_parse_adrlist')) {
     962            //Use this built-in parser if it's available
     963            $list = imap_rfc822_parse_adrlist($addrstr, '');
     964            foreach ($list as $address) {
     965                if ($address->host != '.SYNTAX-ERROR.') {
     966                    if ($this->validateAddress($address->mailbox . '@' . $address->host)) {
     967                        $addresses[] = array(
     968                            'name' => (property_exists($address, 'personal') ? $address->personal : ''),
     969                            'address' => $address->mailbox . '@' . $address->host
     970                        );
     971                    }
     972                }
     973            }
     974        } else {
     975            //Use this simpler parser
     976            $list = explode(',', $addrstr);
     977            foreach ($list as $address) {
     978                $address = trim($address);
     979                //Is there a separate name part?
     980                if (strpos($address, '<') === false) {
     981                    //No separate name, just use the whole thing
     982                    if ($this->validateAddress($address)) {
     983                        $addresses[] = array(
     984                            'name' => '',
     985                            'address' => $address
     986                        );
     987                    }
     988                } else {
     989                    list($name, $email) = explode('<', $address);
     990                    $email = trim(str_replace('>', '', $email));
     991                    if ($this->validateAddress($email)) {
     992                        $addresses[] = array(
     993                            'name' => trim(str_replace(array('"', "'"), '', $name)),
     994                            'address' => $email
     995                        );
     996                    }
     997                }
     998            }
     999        }
     1000        return $addresses;
     1001    }
     1002
     1003    /**
    7831004     * Set the From and FromName properties.
    7841005     * @param string $address
    7851006     * @param string $name
    786      * @param bool $auto Whether to also set the Sender address, defaults to true
     1007     * @param boolean $auto Whether to also set the Sender address, defaults to true
    7871008     * @throws phpmailerException
    788      * @return bool
     1009     * @return boolean
    7891010     */
    7901011    public function setFrom($address, $name = '', $auto = true)
     
    7921013        $address = trim($address);
    7931014        $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim
    794         if (!$this->validateAddress($address)) {
    795             $this->setError($this->lang('invalid_address') . ': ' . $address);
     1015        // Don't validate now addresses with IDN. Will be done in send().
     1016        if (($pos = strrpos($address, '@')) === false or
     1017            (!$this->has8bitChars(substr($address, ++$pos)) or !$this->idnSupported()) and
     1018            !$this->validateAddress($address)) {
     1019            $error_message = $this->lang('invalid_address') . " (setFrom) $address";
     1020            $this->setError($error_message);
     1021            $this->edebug($error_message);
    7961022            if ($this->exceptions) {
    797                 throw new phpmailerException($this->lang('invalid_address') . ': ' . $address);
    798             }
    799             $this->edebug($this->lang('invalid_address') . ': ' . $address);
     1023                throw new phpmailerException($error_message);
     1024            }
    8001025            return false;
    8011026        }
     
    8251050     * Check that a string looks like an email address.
    8261051     * @param string $address The email address to check
    827      * @param string $patternselect A selector for the validation pattern to use :
    828      *   'auto' - pick best one automatically;
    829      *   'pcre8' - use the squiloople.com pattern, requires PCRE > 8.0, PHP >= 5.3.2, 5.2.14;
    830      *   'pcre' - use old PCRE implementation;
    831      *   'php' - use PHP built-in FILTER_VALIDATE_EMAIL; faster, less thorough;
    832      *   'noregex' - super fast, really dumb.
    833      * @return bool
     1052     * @param string|callable $patternselect A selector for the validation pattern to use :
     1053     * * `auto` Pick best pattern automatically;
     1054     * * `pcre8` Use the squiloople.com pattern, requires PCRE > 8.0, PHP >= 5.3.2, 5.2.14;
     1055     * * `pcre` Use old PCRE implementation;
     1056     * * `php` Use PHP built-in FILTER_VALIDATE_EMAIL;
     1057     * * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements.
     1058     * * `noregex` Don't use a regex: super fast, really dumb.
     1059     * Alternatively you may pass in a callable to inject your own validator, for example:
     1060     * PHPMailer::validateAddress('user@example.com', function($address) {
     1061     *     return (strpos($address, '@') !== false);
     1062     * });
     1063     * You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator.
     1064     * @return boolean
    8341065     * @static
    8351066     * @access public
    8361067     */
    837     public static function validateAddress($address, $patternselect = 'auto')
    838     {
    839         if ($patternselect == 'auto') {
    840             if (defined(
    841                 'PCRE_VERSION'
    842             )
    843             ) { //Check this instead of extension_loaded so it works when that function is disabled
    844                 if (version_compare(PCRE_VERSION, '8.0') >= 0) {
     1068    public static function validateAddress($address, $patternselect = null)
     1069    {
     1070        if (is_null($patternselect)) {
     1071            $patternselect = self::$validator;
     1072        }
     1073        if (is_callable($patternselect)) {
     1074            return call_user_func($patternselect, $address);
     1075        }
     1076        //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321
     1077        if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) {
     1078            return false;
     1079        }
     1080        if (!$patternselect or $patternselect == 'auto') {
     1081            //Check this constant first so it works when extension_loaded() is disabled by safe mode
     1082            //Constant was added in PHP 5.2.4
     1083            if (defined('PCRE_VERSION')) {
     1084                //This pattern can get stuck in a recursive loop in PCRE <= 8.0.2
     1085                if (version_compare(PCRE_VERSION, '8.0.3') >= 0) {
    8451086                    $patternselect = 'pcre8';
    8461087                } else {
    8471088                    $patternselect = 'pcre';
    8481089                }
     1090            } elseif (function_exists('extension_loaded') and extension_loaded('pcre')) {
     1091                //Fall back to older PCRE
     1092                $patternselect = 'pcre';
    8491093            } else {
    8501094                //Filter_var appeared in PHP 5.2.0 and does not require the PCRE extension
     
    8591103            case 'pcre8':
    8601104                /**
    861                  * Conforms to RFC5322: Uses *correct* regex on which FILTER_VALIDATE_EMAIL is
    862                  * based; So why not use FILTER_VALIDATE_EMAIL? Because it was broken to
    863                  * not allow a@b type valid addresses :(
     1105                 * Uses the same RFC5322 regex on which FILTER_VALIDATE_EMAIL is based, but allows dotless domains.
    8641106                 * @link http://squiloople.com/2009/12/20/email-address-validation/
    8651107                 * @copyright 2009-2010 Michael Rushton
    8661108                 * Feel free to use and redistribute this code. But please keep this copyright notice.
    8671109                 */
    868                 return (bool)preg_match(
     1110                return (boolean)preg_match(
    8691111                    '/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)' .
    8701112                    '((?>(?>(?>((?>(?>(?>\x0D\x0A)?[\t ])+|(?>[\t ]*\x0D\x0A)?[\t ]+)?)(\((?>(?2)' .
     
    8781120                    $address
    8791121                );
    880                 break;
    8811122            case 'pcre':
    8821123                //An older regex that doesn't need a recent PCRE
    883                 return (bool)preg_match(
     1124                return (boolean)preg_match(
    8841125                    '/^(?!(?>"?(?>\\\[ -~]|[^"])"?){255,})(?!(?>"?(?>\\\[ -~]|[^"])"?){65,}@)(?>' .
    8851126                    '[!#-\'*+\/-9=?^-~-]+|"(?>(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\xFF]))*")' .
     
    8941135                    $address
    8951136                );
    896                 break;
    897             case 'php':
    898             default:
    899                 return (bool)filter_var($address, FILTER_VALIDATE_EMAIL);
    900                 break;
     1137            case 'html5':
     1138                /**
     1139                 * This is the pattern used in the HTML5 spec for validation of 'email' type form input elements.
     1140                 * @link http://www.whatwg.org/specs/web-apps/current-work/#e-mail-state-(type=email)
     1141                 */
     1142                return (boolean)preg_match(
     1143                    '/^[a-zA-Z0-9.!#$%&\'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}' .
     1144                    '[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/sD',
     1145                    $address
     1146                );
    9011147            case 'noregex':
    9021148                //No PCRE! Do something _very_ approximate!
     
    9051151                    and strpos($address, '@') >= 1
    9061152                    and strpos($address, '@') != strlen($address) - 1);
    907                 break;
    908         }
     1153            case 'php':
     1154            default:
     1155                return (boolean)filter_var($address, FILTER_VALIDATE_EMAIL);
     1156        }
     1157    }
     1158
     1159    /**
     1160     * Tells whether IDNs (Internationalized Domain Names) are supported or not. This requires the
     1161     * "intl" and "mbstring" PHP extensions.
     1162     * @return bool "true" if required functions for IDN support are present
     1163     */
     1164    public function idnSupported()
     1165    {
     1166        // @TODO: Write our own "idn_to_ascii" function for PHP <= 5.2.
     1167        return function_exists('idn_to_ascii') and function_exists('mb_convert_encoding');
     1168    }
     1169
     1170    /**
     1171     * Converts IDN in given email address to its ASCII form, also known as punycode, if possible.
     1172     * Important: Address must be passed in same encoding as currently set in PHPMailer::$CharSet.
     1173     * This function silently returns unmodified address if:
     1174     * - No conversion is necessary (i.e. domain name is not an IDN, or is already in ASCII form)
     1175     * - Conversion to punycode is impossible (e.g. required PHP functions are not available)
     1176     *   or fails for any reason (e.g. domain has characters not allowed in an IDN)
     1177     * @see PHPMailer::$CharSet
     1178     * @param string $address The email address to convert
     1179     * @return string The encoded address in ASCII form
     1180     */
     1181    public function punyencodeAddress($address)
     1182    {
     1183        // Verify we have required functions, CharSet, and at-sign.
     1184        if ($this->idnSupported() and
     1185            !empty($this->CharSet) and
     1186            ($pos = strrpos($address, '@')) !== false) {
     1187            $domain = substr($address, ++$pos);
     1188            // Verify CharSet string is a valid one, and domain properly encoded in this CharSet.
     1189            if ($this->has8bitChars($domain) and @mb_check_encoding($domain, $this->CharSet)) {
     1190                $domain = mb_convert_encoding($domain, 'UTF-8', $this->CharSet);
     1191                if (($punycode = defined('INTL_IDNA_VARIANT_UTS46') ?
     1192                    idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) :
     1193                    idn_to_ascii($domain)) !== false) {
     1194                    return substr($address, 0, $pos) . $punycode;
     1195                }
     1196            }
     1197        }
     1198        return $address;
    9091199    }
    9101200
     
    9121202     * Create a message and send it.
    9131203     * Uses the sending method specified by $Mailer.
    914      * Returns false on error - Use the ErrorInfo variable to view description of the error.
    9151204     * @throws phpmailerException
    916      * @return bool
     1205     * @return boolean false on error - See the ErrorInfo property for details of the error.
    9171206     */
    9181207    public function send()
     
    9231212            }
    9241213            return $this->postSend();
    925         } catch (phpmailerException $e) {
     1214        } catch (phpmailerException $exc) {
    9261215            $this->mailHeader = '';
    927             $this->setError($e->getMessage());
     1216            $this->setError($exc->getMessage());
    9281217            if ($this->exceptions) {
    929                 throw $e;
     1218                throw $exc;
    9301219            }
    9311220            return false;
     
    9361225     * Prepare a message for sending.
    9371226     * @throws phpmailerException
    938      * @return bool
     1227     * @return boolean
    9391228     */
    9401229    public function preSend()
    9411230    {
    9421231        try {
    943             $this->mailHeader = "";
     1232            $this->error_count = 0; // Reset errors
     1233            $this->mailHeader = '';
     1234
     1235            // Dequeue recipient and Reply-To addresses with IDN
     1236            foreach (array_merge($this->RecipientsQueue, $this->ReplyToQueue) as $params) {
     1237                $params[1] = $this->punyencodeAddress($params[1]);
     1238                call_user_func_array(array($this, 'addAnAddress'), $params);
     1239            }
    9441240            if ((count($this->to) + count($this->cc) + count($this->bcc)) < 1) {
    9451241                throw new phpmailerException($this->lang('provide_address'), self::STOP_CRITICAL);
    9461242            }
    9471243
     1244            // Validate From, Sender, and ConfirmReadingTo addresses
     1245            foreach (array('From', 'Sender', 'ConfirmReadingTo') as $address_kind) {
     1246                $this->$address_kind = trim($this->$address_kind);
     1247                if (empty($this->$address_kind)) {
     1248                    continue;
     1249                }
     1250                $this->$address_kind = $this->punyencodeAddress($this->$address_kind);
     1251                if (!$this->validateAddress($this->$address_kind)) {
     1252                    $error_message = $this->lang('invalid_address') . ' (punyEncode) ' . $this->$address_kind;
     1253                    $this->setError($error_message);
     1254                    $this->edebug($error_message);
     1255                    if ($this->exceptions) {
     1256                        throw new phpmailerException($error_message);
     1257                    }
     1258                    return false;
     1259                }
     1260            }
     1261
    9481262            // Set whether the message is multipart/alternative
    949             if (!empty($this->AltBody)) {
     1263            if ($this->alternativeExists()) {
    9501264                $this->ContentType = 'multipart/alternative';
    9511265            }
    9521266
    953             $this->error_count = 0; // reset errors
    9541267            $this->setMessageType();
    9551268            // Refuse to send an empty message unless we are specifically allowing it
     
    9581271            }
    9591272
     1273            // Create body before headers in case body makes changes to headers (e.g. altering transfer encoding)
     1274            $this->MIMEHeader = '';
     1275            $this->MIMEBody = $this->createBody();
     1276            // createBody may have added some headers, so retain them
     1277            $tempheaders = $this->MIMEHeader;
    9601278            $this->MIMEHeader = $this->createHeader();
    961             $this->MIMEBody = $this->createBody();
     1279            $this->MIMEHeader .= $tempheaders;
    9621280
    9631281            // To capture the complete message when using mail(), create
     
    9651283            if ($this->Mailer == 'mail') {
    9661284                if (count($this->to) > 0) {
    967                     $this->mailHeader .= $this->addrAppend("To", $this->to);
     1285                    $this->mailHeader .= $this->addrAppend('To', $this->to);
    9681286                } else {
    969                     $this->mailHeader .= $this->headerLine("To", "undisclosed-recipients:;");
     1287                    $this->mailHeader .= $this->headerLine('To', 'undisclosed-recipients:;');
    9701288                }
    9711289                $this->mailHeader .= $this->headerLine(
     
    9771295            // Sign with DKIM if enabled
    9781296            if (!empty($this->DKIM_domain)
    979                 && !empty($this->DKIM_private)
    9801297                && !empty($this->DKIM_selector)
    981                 && !empty($this->DKIM_domain)
    982                 && file_exists($this->DKIM_private)) {
     1298                && (!empty($this->DKIM_private_string)
     1299                   || (!empty($this->DKIM_private) && file_exists($this->DKIM_private))
     1300                )
     1301            ) {
    9831302                $header_dkim = $this->DKIM_Add(
    9841303                    $this->MIMEHeader . $this->mailHeader,
     
    9901309            }
    9911310            return true;
    992 
    993         } catch (phpmailerException $e) {
    994             $this->setError($e->getMessage());
     1311        } catch (phpmailerException $exc) {
     1312            $this->setError($exc->getMessage());
    9951313            if ($this->exceptions) {
    996                 throw $e;
     1314                throw $exc;
    9971315            }
    9981316            return false;
     
    10041322     * Send the email via the selected mechanism
    10051323     * @throws phpmailerException
    1006      * @return bool
     1324     * @return boolean
    10071325     */
    10081326    public function postSend()
     
    10121330            switch ($this->Mailer) {
    10131331                case 'sendmail':
     1332                case 'qmail':
    10141333                    return $this->sendmailSend($this->MIMEHeader, $this->MIMEBody);
    10151334                case 'smtp':
     
    10181337                    return $this->mailSend($this->MIMEHeader, $this->MIMEBody);
    10191338                default:
     1339                    $sendMethod = $this->Mailer.'Send';
     1340                    if (method_exists($this, $sendMethod)) {
     1341                        return $this->$sendMethod($this->MIMEHeader, $this->MIMEBody);
     1342                    }
     1343
    10201344                    return $this->mailSend($this->MIMEHeader, $this->MIMEBody);
    10211345            }
    1022         } catch (phpmailerException $e) {
    1023             $this->setError($e->getMessage());
     1346        } catch (phpmailerException $exc) {
     1347            $this->setError($exc->getMessage());
     1348            $this->edebug($exc->getMessage());
    10241349            if ($this->exceptions) {
    1025                 throw $e;
    1026             }
    1027             $this->edebug($e->getMessage() . "\n");
     1350                throw $exc;
     1351            }
    10281352        }
    10291353        return false;
     
    10371361     * @throws phpmailerException
    10381362     * @access protected
    1039      * @return bool
     1363     * @return boolean
    10401364     */
    10411365    protected function sendmailSend($header, $body)
    10421366    {
    1043         if ($this->Sender != '') {
    1044             $sendmail = sprintf("%s -oi -f%s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
     1367        // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
     1368        if (!empty($this->Sender) and self::isShellSafe($this->Sender)) {
     1369            if ($this->Mailer == 'qmail') {
     1370                $sendmailFmt = '%s -f%s';
     1371            } else {
     1372                $sendmailFmt = '%s -oi -f%s -t';
     1373            }
    10451374        } else {
    1046             $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
    1047         }
    1048         if ($this->SingleTo === true) {
    1049             foreach ($this->SingleToArray as $val) {
     1375            if ($this->Mailer == 'qmail') {
     1376                $sendmailFmt = '%s';
     1377            } else {
     1378                $sendmailFmt = '%s -oi -t';
     1379            }
     1380        }
     1381
     1382        // TODO: If possible, this should be changed to escapeshellarg.  Needs thorough testing.
     1383        $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
     1384
     1385        if ($this->SingleTo) {
     1386            foreach ($this->SingleToArray as $toAddr) {
    10501387                if (!@$mail = popen($sendmail, 'w')) {
    10511388                    throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);
    10521389                }
    1053                 fputs($mail, "To: " . $val . "\n");
     1390                fputs($mail, 'To: ' . $toAddr . "\n");
    10541391                fputs($mail, $header);
    10551392                fputs($mail, $body);
    10561393                $result = pclose($mail);
    1057                 // implement call back function if it exists
    1058                 $isSent = ($result == 0) ? 1 : 0;
    1059                 $this->doCallback($isSent, $val, $this->cc, $this->bcc, $this->Subject, $body, $this->From);
     1394                $this->doCallback(
     1395                    ($result == 0),
     1396                    array($toAddr),
     1397                    $this->cc,
     1398                    $this->bcc,
     1399                    $this->Subject,
     1400                    $body,
     1401                    $this->From
     1402                );
    10601403                if ($result != 0) {
    10611404                    throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);
     
    10691412            fputs($mail, $body);
    10701413            $result = pclose($mail);
    1071             // implement call back function if it exists
    1072             $isSent = ($result == 0) ? 1 : 0;
    1073             $this->doCallback($isSent, $this->to, $this->cc, $this->bcc, $this->Subject, $body, $this->From);
     1414            $this->doCallback(
     1415                ($result == 0),
     1416                $this->to,
     1417                $this->cc,
     1418                $this->bcc,
     1419                $this->Subject,
     1420                $body,
     1421                $this->From
     1422            );
    10741423            if ($result != 0) {
    10751424                throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);
    10761425            }
    10771426        }
     1427        return true;
     1428    }
     1429
     1430    /**
     1431     * Fix CVE-2016-10033 and CVE-2016-10045 by disallowing potentially unsafe shell characters.
     1432     *
     1433     * Note that escapeshellarg and escapeshellcmd are inadequate for our purposes, especially on Windows.
     1434     * @param string $string The string to be validated
     1435     * @see https://github.com/PHPMailer/PHPMailer/issues/924 CVE-2016-10045 bug report
     1436     * @access protected
     1437     * @return boolean
     1438     */
     1439    protected static function isShellSafe($string)
     1440    {
     1441        // Future-proof
     1442        if (escapeshellcmd($string) !== $string
     1443            or !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))
     1444        ) {
     1445            return false;
     1446        }
     1447
     1448        $length = strlen($string);
     1449
     1450        for ($i = 0; $i < $length; $i++) {
     1451            $c = $string[$i];
     1452
     1453            // All other characters have a special meaning in at least one common shell, including = and +.
     1454            // Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here.
     1455            // Note that this does permit non-Latin alphanumeric characters based on the current locale.
     1456            if (!ctype_alnum($c) && strpos('@_-.', $c) === false) {
     1457                return false;
     1458            }
     1459        }
     1460
    10781461        return true;
    10791462    }
     
    10861469     * @throws phpmailerException
    10871470     * @access protected
    1088      * @return bool
     1471     * @return boolean
    10891472     */
    10901473    protected function mailSend($header, $body)
    10911474    {
    10921475        $toArr = array();
    1093         foreach ($this->to as $t) {
    1094             $toArr[] = $this->addrFormat($t);
     1476        foreach ($this->to as $toaddr) {
     1477            $toArr[] = $this->addrFormat($toaddr);
    10951478        }
    10961479        $to = implode(', ', $toArr);
    10971480
    1098         if (empty($this->Sender)) {
    1099             $params = " ";
    1100         } else {
    1101             $params = sprintf("-f%s", $this->Sender);
    1102         }
    1103         if ($this->Sender != '' and !ini_get('safe_mode')) {
     1481        $params = null;
     1482        //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver
     1483        if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
     1484            // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
     1485            if (self::isShellSafe($this->Sender)) {
     1486                $params = sprintf('-f%s', $this->Sender);
     1487            }
     1488        }
     1489        if (!empty($this->Sender) and !ini_get('safe_mode') and $this->validateAddress($this->Sender)) {
    11041490            $old_from = ini_get('sendmail_from');
    11051491            ini_set('sendmail_from', $this->Sender);
    11061492        }
    1107         $rt = false;
    1108         if ($this->SingleTo === true && count($toArr) > 1) {
    1109             foreach ($toArr as $val) {
    1110                 $rt = $this->mailPassthru($val, $this->Subject, $body, $header, $params);
    1111                 // implement call back function if it exists
    1112                 $isSent = ($rt == 1) ? 1 : 0;
    1113                 $this->doCallback($isSent, $val, $this->cc, $this->bcc, $this->Subject, $body, $this->From);
     1493        $result = false;
     1494        if ($this->SingleTo and count($toArr) > 1) {
     1495            foreach ($toArr as $toAddr) {
     1496                $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
     1497                $this->doCallback($result, array($toAddr), $this->cc, $this->bcc, $this->Subject, $body, $this->From);
    11141498            }
    11151499        } else {
    1116             $rt = $this->mailPassthru($to, $this->Subject, $body, $header, $params);
    1117             // implement call back function if it exists
    1118             $isSent = ($rt == 1) ? 1 : 0;
    1119             $this->doCallback($isSent, $to, $this->cc, $this->bcc, $this->Subject, $body, $this->From);
     1500            $result = $this->mailPassthru($to, $this->Subject, $body, $header, $params);
     1501            $this->doCallback($result, $this->to, $this->cc, $this->bcc, $this->Subject, $body, $this->From);
    11201502        }
    11211503        if (isset($old_from)) {
    11221504            ini_set('sendmail_from', $old_from);
    11231505        }
    1124         if (!$rt) {
     1506        if (!$result) {
    11251507            throw new phpmailerException($this->lang('instantiate'), self::STOP_CRITICAL);
    11261508        }
     
    11361518    {
    11371519        if (!is_object($this->smtp)) {
    1138             require_once 'class-smtp.php';
     1520            require_once( 'class-smtp.php' );
    11391521            $this->smtp = new SMTP;
    11401522        }
     
    11521534     * @uses SMTP
    11531535     * @access protected
    1154      * @return bool
     1536     * @return boolean
    11551537     */
    11561538    protected function smtpSend($header, $body)
    11571539    {
    11581540        $bad_rcpt = array();
    1159 
    1160         if (!$this->smtpConnect()) {
     1541        if (!$this->smtpConnect($this->SMTPOptions)) {
    11611542            throw new phpmailerException($this->lang('smtp_connect_failed'), self::STOP_CRITICAL);
    11621543        }
    1163         $smtp_from = ($this->Sender == '') ? $this->From : $this->Sender;
     1544        if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
     1545            $smtp_from = $this->Sender;
     1546        } else {
     1547            $smtp_from = $this->From;
     1548        }
    11641549        if (!$this->smtp->mail($smtp_from)) {
    11651550            $this->setError($this->lang('from_failed') . $smtp_from . ' : ' . implode(',', $this->smtp->getError()));
     
    11671552        }
    11681553
    1169         // Attempt to send attach all recipients
    1170         foreach ($this->to as $to) {
    1171             if (!$this->smtp->recipient($to[0])) {
    1172                 $bad_rcpt[] = $to[0];
    1173                 $isSent = 0;
    1174             } else {
    1175                 $isSent = 1;
    1176             }
    1177             $this->doCallback($isSent, $to[0], '', '', $this->Subject, $body, $this->From);
    1178         }
    1179         foreach ($this->cc as $cc) {
    1180             if (!$this->smtp->recipient($cc[0])) {
    1181                 $bad_rcpt[] = $cc[0];
    1182                 $isSent = 0;
    1183             } else {
    1184                 $isSent = 1;
    1185             }
    1186             $this->doCallback($isSent, '', $cc[0], '', $this->Subject, $body, $this->From);
    1187         }
    1188         foreach ($this->bcc as $bcc) {
    1189             if (!$this->smtp->recipient($bcc[0])) {
    1190                 $bad_rcpt[] = $bcc[0];
    1191                 $isSent = 0;
    1192             } else {
    1193                 $isSent = 1;
    1194             }
    1195             $this->doCallback($isSent, '', '', $bcc[0], $this->Subject, $body, $this->From);
    1196         }
    1197 
    1198         if (count($bad_rcpt) > 0) { //Create error message for any bad addresses
    1199             throw new phpmailerException($this->lang('recipients_failed') . implode(', ', $bad_rcpt));
    1200         }
    1201         if (!$this->smtp->data($header . $body)) {
     1554        // Attempt to send to all recipients
     1555        foreach (array($this->to, $this->cc, $this->bcc) as $togroup) {
     1556            foreach ($togroup as $to) {
     1557                if (!$this->smtp->recipient($to[0])) {
     1558                    $error = $this->smtp->getError();
     1559                    $bad_rcpt[] = array('to' => $to[0], 'error' => $error['detail']);
     1560                    $isSent = false;
     1561                } else {
     1562                    $isSent = true;
     1563                }
     1564                $this->doCallback($isSent, array($to[0]), array(), array(), $this->Subject, $body, $this->From);
     1565            }
     1566        }
     1567
     1568        // Only send the DATA command if we have viable recipients
     1569        if ((count($this->all_recipients) > count($bad_rcpt)) and !$this->smtp->data($header . $body)) {
    12021570            throw new phpmailerException($this->lang('data_not_accepted'), self::STOP_CRITICAL);
    12031571        }
    1204         if ($this->SMTPKeepAlive == true) {
     1572        if ($this->SMTPKeepAlive) {
    12051573            $this->smtp->reset();
    12061574        } else {
     
    12081576            $this->smtp->close();
    12091577        }
     1578        //Create error message for any bad addresses
     1579        if (count($bad_rcpt) > 0) {
     1580            $errstr = '';
     1581            foreach ($bad_rcpt as $bad) {
     1582                $errstr .= $bad['to'] . ': ' . $bad['error'];
     1583            }
     1584            throw new phpmailerException(
     1585                $this->lang('recipients_failed') . $errstr,
     1586                self::STOP_CONTINUE
     1587            );
     1588        }
    12101589        return true;
    12111590    }
     
    12181597     * @access public
    12191598     * @throws phpmailerException
    1220      * @return bool
    1221      */
    1222     public function smtpConnect($options = array())
     1599     * @return boolean
     1600     */
     1601    public function smtpConnect($options = null)
    12231602    {
    12241603        if (is_null($this->smtp)) {
     
    12261605        }
    12271606
    1228         //Already connected?
     1607        //If no options are provided, use whatever is set in the instance
     1608        if (is_null($options)) {
     1609            $options = $this->SMTPOptions;
     1610        }
     1611
     1612        // Already connected?
    12291613        if ($this->smtp->connected()) {
    12301614            return true;
     
    12351619        $this->smtp->setDebugOutput($this->Debugoutput);
    12361620        $this->smtp->setVerp($this->do_verp);
    1237         $tls = ($this->SMTPSecure == 'tls');
    1238         $ssl = ($this->SMTPSecure == 'ssl');
    12391621        $hosts = explode(';', $this->Host);
    12401622        $lastexception = null;
     
    12421624        foreach ($hosts as $hostentry) {
    12431625            $hostinfo = array();
    1244             $host = $hostentry;
     1626            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
     1627                // Not a valid host entry
     1628                continue;
     1629            }
     1630            // $hostinfo[2]: optional ssl or tls prefix
     1631            // $hostinfo[3]: the hostname
     1632            // $hostinfo[4]: optional port number
     1633            // The host string prefix can temporarily override the current setting for SMTPSecure
     1634            // If it's not specified, the default value is used
     1635            $prefix = '';
     1636            $secure = $this->SMTPSecure;
     1637            $tls = ($this->SMTPSecure == 'tls');
     1638            if ('ssl' == $hostinfo[2] or ('' == $hostinfo[2] and 'ssl' == $this->SMTPSecure)) {
     1639                $prefix = 'ssl://';
     1640                $tls = false; // Can't have SSL and TLS at the same time
     1641                $secure = 'ssl';
     1642            } elseif ($hostinfo[2] == 'tls') {
     1643                $tls = true;
     1644                // tls doesn't use a prefix
     1645                $secure = 'tls';
     1646            }
     1647            //Do we need the OpenSSL extension?
     1648            $sslext = defined('OPENSSL_ALGO_SHA1');
     1649            if ('tls' === $secure or 'ssl' === $secure) {
     1650                //Check for an OpenSSL constant rather than using extension_loaded, which is sometimes disabled
     1651                if (!$sslext) {
     1652                    throw new phpmailerException($this->lang('extension_missing').'openssl', self::STOP_CRITICAL);
     1653                }
     1654            }
     1655            $host = $hostinfo[3];
    12451656            $port = $this->Port;
    1246             if (preg_match(
    1247                 '/^(.+):([0-9]+)$/',
    1248                 $hostentry,
    1249                 $hostinfo
    1250             )
    1251             ) { //If $hostentry contains 'address:port', override default
    1252                 $host = $hostinfo[1];
    1253                 $port = $hostinfo[2];
    1254             }
    1255             if ($this->smtp->connect(($ssl ? 'ssl://' : '') . $host, $port, $this->Timeout, $options)) {
     1657            $tport = (integer)$hostinfo[4];
     1658            if ($tport > 0 and $tport < 65536) {
     1659                $port = $tport;
     1660            }
     1661            if ($this->smtp->connect($prefix . $host, $port, $this->Timeout, $options)) {
    12561662                try {
    12571663                    if ($this->Helo) {
     
    12611667                    }
    12621668                    $this->smtp->hello($hello);
    1263 
     1669                    //Automatically enable TLS encryption if:
     1670                    // * it's not disabled
     1671                    // * we have openssl extension
     1672                    // * we are not already using SSL
     1673                    // * the server offers STARTTLS
     1674                    if ($this->SMTPAutoTLS and $sslext and $secure != 'ssl' and $this->smtp->getServerExt('STARTTLS')) {
     1675                        $tls = true;
     1676                    }
    12641677                    if ($tls) {
    12651678                        if (!$this->smtp->startTLS()) {
    12661679                            throw new phpmailerException($this->lang('connect_host'));
    12671680                        }
    1268                         //We must resend HELO after tls negotiation
     1681                        // We must resend EHLO after TLS negotiation
    12691682                        $this->smtp->hello($hello);
    12701683                    }
     
    12821695                    }
    12831696                    return true;
    1284                 } catch (phpmailerException $e) {
    1285                     $lastexception = $e;
    1286                     //We must have connected, but then failed TLS or Auth, so close connection nicely
     1697                } catch (phpmailerException $exc) {
     1698                    $lastexception = $exc;
     1699                    $this->edebug($exc->getMessage());
     1700                    // We must have connected, but then failed TLS or Auth, so close connection nicely
    12871701                    $this->smtp->quit();
    12881702                }
    12891703            }
    12901704        }
    1291         //If we get here, all connection attempts have failed, so close connection hard
     1705        // If we get here, all connection attempts have failed, so close connection hard
    12921706        $this->smtp->close();
    1293         //As we've caught all exceptions, just report whatever the last one was
     1707        // As we've caught all exceptions, just report whatever the last one was
    12941708        if ($this->exceptions and !is_null($lastexception)) {
    12951709            throw $lastexception;
     
    13041718    public function smtpClose()
    13051719    {
    1306         if ($this->smtp !== null) {
     1720        if (is_a($this->smtp, 'SMTP')) {
    13071721            if ($this->smtp->connected()) {
    13081722                $this->smtp->quit();
     
    13181732     * @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr")
    13191733     * @param string $lang_path Path to the language file directory, with trailing separator (slash)
    1320      * @return bool
    1321      * @access public
    1322      */
    1323     public function setLanguage($langcode = 'en', $lang_path = 'language/')
    1324     {
    1325         //Define full set of translatable strings
     1734     * @return boolean
     1735     * @access public
     1736     */
     1737    public function setLanguage($langcode = 'en', $lang_path = '')
     1738    {
     1739        // Backwards compatibility for renamed language codes
     1740        $renamed_langcodes = array(
     1741            'br' => 'pt_br',
     1742            'cz' => 'cs',
     1743            'dk' => 'da',
     1744            'no' => 'nb',
     1745            'se' => 'sv',
     1746        );
     1747
     1748        if (isset($renamed_langcodes[$langcode])) {
     1749            $langcode = $renamed_langcodes[$langcode];
     1750        }
     1751
     1752        // Define full set of translatable strings in English
    13261753        $PHPMAILER_LANG = array(
    13271754            'authenticate' => 'SMTP Error: Could not authenticate.',
     
    13351762            'from_failed' => 'The following From address failed: ',
    13361763            'instantiate' => 'Could not instantiate mail function.',
    1337             'invalid_address' => 'Invalid address',
     1764            'invalid_address' => 'Invalid address: ',
    13381765            'mailer_not_supported' => ' mailer is not supported.',
    13391766            'provide_address' => 'You must provide at least one recipient email address.',
     
    13421769            'smtp_connect_failed' => 'SMTP connect() failed.',
    13431770            'smtp_error' => 'SMTP server error: ',
    1344             'variable_set' => 'Cannot set or reset variable: '
     1771            'variable_set' => 'Cannot set or reset variable: ',
     1772            'extension_missing' => 'Extension missing: '
    13451773        );
    1346         //Overwrite language-specific strings.
    1347         //This way we'll never have missing translations - no more "language string failed to load"!
    1348         $l = true;
    1349         if ($langcode != 'en') { //There is no English translation file
    1350             $l = @include $lang_path . 'phpmailer.lang-' . $langcode . '.php';
     1774        if (empty($lang_path)) {
     1775            // Calculate an absolute path so it can work if CWD is not here
     1776            $lang_path = dirname(__FILE__). DIRECTORY_SEPARATOR . 'language'. DIRECTORY_SEPARATOR;
     1777        }
     1778        //Validate $langcode
     1779        if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) {
     1780            $langcode = 'en';
     1781        }
     1782        $foundlang = true;
     1783        $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php';
     1784        // There is no English translation file
     1785        if ($langcode != 'en') {
     1786            // Make sure language file path is readable
     1787            if (!is_readable($lang_file)) {
     1788                $foundlang = false;
     1789            } else {
     1790                // Overwrite language-specific strings.
     1791                // This way we'll never have missing translation keys.
     1792                $foundlang = include $lang_file;
     1793            }
    13511794        }
    13521795        $this->language = $PHPMAILER_LANG;
    1353         return ($l == true); //Returns false if language not found
     1796        return (boolean)$foundlang; // Returns false if language not found
    13541797    }
    13551798
     
    13761819    {
    13771820        $addresses = array();
    1378         foreach ($addr as $a) {
    1379             $addresses[] = $this->addrFormat($a);
     1821        foreach ($addr as $address) {
     1822            $addresses[] = $this->addrFormat($address);
    13801823        }
    13811824        return $type . ': ' . implode(', ', $addresses) . $this->LE;
     
    13941837            return $this->secureHeader($addr[0]);
    13951838        } else {
    1396             return $this->encodeHeader($this->secureHeader($addr[1]), 'phrase') . " <" . $this->secureHeader(
     1839            return $this->encodeHeader($this->secureHeader($addr[1]), 'phrase') . ' <' . $this->secureHeader(
    13971840                $addr[0]
    1398             ) . ">";
     1841            ) . '>';
    13991842        }
    14001843    }
     
    14071850     * @param string $message The message to wrap
    14081851     * @param integer $length The line length to wrap to
    1409      * @param bool $qp_mode Whether to run in Quoted-Printable mode
     1852     * @param boolean $qp_mode Whether to run in Quoted-Printable mode
    14101853     * @access public
    14111854     * @return string
     
    14131856    public function wrapText($message, $length, $qp_mode = false)
    14141857    {
    1415         $soft_break = ($qp_mode) ? sprintf(" =%s", $this->LE) : $this->LE;
     1858        if ($qp_mode) {
     1859            $soft_break = sprintf(' =%s', $this->LE);
     1860        } else {
     1861            $soft_break = $this->LE;
     1862        }
    14161863        // If utf-8 encoding is used, we will need to make sure we don't
    14171864        // split multibyte characters when we wrap
    1418         $is_utf8 = (strtolower($this->CharSet) == "utf-8");
     1865        $is_utf8 = (strtolower($this->CharSet) == 'utf-8');
    14191866        $lelen = strlen($this->LE);
    14201867        $crlflen = strlen(self::CRLF);
    14211868
    14221869        $message = $this->fixEOL($message);
     1870        //Remove a trailing line break
    14231871        if (substr($message, -$lelen) == $this->LE) {
    14241872            $message = substr($message, 0, -$lelen);
    14251873        }
    14261874
    1427         $line = explode($this->LE, $message); // Magic. We know fixEOL uses $LE
     1875        //Split message into lines
     1876        $lines = explode($this->LE, $message);
     1877        //Message will be rebuilt in here
    14281878        $message = '';
    1429         for ($i = 0; $i < count($line); $i++) {
    1430             $line_part = explode(' ', $line[$i]);
     1879        foreach ($lines as $line) {
     1880            $words = explode(' ', $line);
    14311881            $buf = '';
    1432             for ($e = 0; $e < count($line_part); $e++) {
    1433                 $word = $line_part[$e];
     1882            $firstword = true;
     1883            foreach ($words as $word) {
    14341884                if ($qp_mode and (strlen($word) > $length)) {
    14351885                    $space_left = $length - strlen($buf) - $crlflen;
    1436                     if ($e != 0) {
     1886                    if (!$firstword) {
    14371887                        if ($space_left > 20) {
    14381888                            $len = $space_left;
    14391889                            if ($is_utf8) {
    14401890                                $len = $this->utf8CharBoundary($word, $len);
    1441                             } elseif (substr($word, $len - 1, 1) == "=") {
     1891                            } elseif (substr($word, $len - 1, 1) == '=') {
    14421892                                $len--;
    1443                             } elseif (substr($word, $len - 2, 1) == "=") {
     1893                            } elseif (substr($word, $len - 2, 1) == '=') {
    14441894                                $len -= 2;
    14451895                            }
     
    14471897                            $word = substr($word, $len);
    14481898                            $buf .= ' ' . $part;
    1449                             $message .= $buf . sprintf("=%s", self::CRLF);
     1899                            $message .= $buf . sprintf('=%s', self::CRLF);
    14501900                        } else {
    14511901                            $message .= $buf . $soft_break;
     
    14601910                        if ($is_utf8) {
    14611911                            $len = $this->utf8CharBoundary($word, $len);
    1462                         } elseif (substr($word, $len - 1, 1) == "=") {
     1912                        } elseif (substr($word, $len - 1, 1) == '=') {
    14631913                            $len--;
    1464                         } elseif (substr($word, $len - 2, 1) == "=") {
     1914                        } elseif (substr($word, $len - 2, 1) == '=') {
    14651915                            $len -= 2;
    14661916                        }
     
    14691919
    14701920                        if (strlen($word) > 0) {
    1471                             $message .= $part . sprintf("=%s", self::CRLF);
     1921                            $message .= $part . sprintf('=%s', self::CRLF);
    14721922                        } else {
    14731923                            $buf = $part;
     
    14761926                } else {
    14771927                    $buf_o = $buf;
    1478                     $buf .= ($e == 0) ? $word : (' ' . $word);
     1928                    if (!$firstword) {
     1929                        $buf .= ' ';
     1930                    }
     1931                    $buf .= $word;
    14791932
    14801933                    if (strlen($buf) > $length and $buf_o != '') {
     
    14831936                    }
    14841937                }
     1938                $firstword = false;
    14851939            }
    14861940            $message .= $buf . self::CRLF;
     
    14921946    /**
    14931947     * Find the last character boundary prior to $maxLength in a utf-8
    1494      * quoted (printable) encoded string.
     1948     * quoted-printable encoded string.
    14951949     * Original written by Colin Brown.
    14961950     * @access public
    14971951     * @param string $encodedText utf-8 QP text
    1498      * @param int $maxLength   find last character boundary prior to this length
    1499      * @return int
     1952     * @param integer $maxLength Find the last character boundary prior to this length
     1953     * @return integer
    15001954     */
    15011955    public function utf8CharBoundary($encodedText, $maxLength)
     
    15051959        while (!$foundSplitPos) {
    15061960            $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack);
    1507             $encodedCharPos = strpos($lastChunk, "=");
    1508             if ($encodedCharPos !== false) {
     1961            $encodedCharPos = strpos($lastChunk, '=');
     1962            if (false !== $encodedCharPos) {
    15091963                // Found start of encoded character byte within $lookBack block.
    15101964                // Check the encoded byte value (the 2 chars after the '=')
    15111965                $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2);
    15121966                $dec = hexdec($hex);
    1513                 if ($dec < 128) { // Single byte character.
     1967                if ($dec < 128) {
     1968                    // Single byte character.
    15141969                    // If the encoded char was found at pos 0, it will fit
    15151970                    // otherwise reduce maxLength to start of the encoded char
    1516                     $maxLength = ($encodedCharPos == 0) ? $maxLength :
    1517                         $maxLength - ($lookBack - $encodedCharPos);
     1971                    if ($encodedCharPos > 0) {
     1972                        $maxLength = $maxLength - ($lookBack - $encodedCharPos);
     1973                    }
    15181974                    $foundSplitPos = true;
    1519                 } elseif ($dec >= 192) { // First byte of a multi byte character
     1975                } elseif ($dec >= 192) {
     1976                    // First byte of a multi byte character
    15201977                    // Reduce maxLength to split at start of character
    15211978                    $maxLength = $maxLength - ($lookBack - $encodedCharPos);
    15221979                    $foundSplitPos = true;
    1523                 } elseif ($dec < 192) { // Middle byte of a multi byte character, look further back
     1980                } elseif ($dec < 192) {
     1981                    // Middle byte of a multi byte character, look further back
    15241982                    $lookBack += 3;
    15251983                }
     
    15321990    }
    15331991
    1534 
    1535     /**
    1536      * Set the body wrapping.
     1992    /**
     1993     * Apply word wrapping to the message body.
     1994     * Wraps the message body to the number of chars set in the WordWrap property.
     1995     * You should only do this to plain-text bodies as wrapping HTML tags may break them.
     1996     * This is called automatically by createBody(), so you don't need to call it yourself.
    15371997     * @access public
    15381998     * @return void
     
    15662026        $result = '';
    15672027
    1568         // Set the boundaries
    1569         $uniq_id = md5(uniqid(time()));
    1570         $this->boundary[1] = 'b1_' . $uniq_id;
    1571         $this->boundary[2] = 'b2_' . $uniq_id;
    1572         $this->boundary[3] = 'b3_' . $uniq_id;
    1573 
    15742028        if ($this->MessageDate == '') {
    1575             $result .= $this->headerLine('Date', self::rfcDate());
     2029            $this->MessageDate = self::rfcDate();
     2030        }
     2031        $result .= $this->headerLine('Date', $this->MessageDate);
     2032
     2033        // To be created automatically by mail()
     2034        if ($this->SingleTo) {
     2035            if ($this->Mailer != 'mail') {
     2036                foreach ($this->to as $toaddr) {
     2037                    $this->SingleToArray[] = $this->addrFormat($toaddr);
     2038                }
     2039            }
    15762040        } else {
    1577             $result .= $this->headerLine('Date', $this->MessageDate);
    1578         }
    1579 
    1580         if ($this->ReturnPath) {
    1581             $result .= $this->headerLine('Return-Path', '<' . trim($this->ReturnPath) . '>');
    1582         } elseif ($this->Sender == '') {
    1583             $result .= $this->headerLine('Return-Path', '<' . trim($this->From) . '>');
    1584         } else {
    1585             $result .= $this->headerLine('Return-Path', '<' . trim($this->Sender) . '>');
    1586         }
    1587 
    1588         // To be created automatically by mail()
    1589         if ($this->Mailer != 'mail') {
    1590             if ($this->SingleTo === true) {
    1591                 foreach ($this->to as $t) {
    1592                     $this->SingleToArray[] = $this->addrFormat($t);
    1593                 }
    1594             } else {
    1595                 if (count($this->to) > 0) {
     2041            if (count($this->to) > 0) {
     2042                if ($this->Mailer != 'mail') {
    15962043                    $result .= $this->addrAppend('To', $this->to);
    1597                 } elseif (count($this->cc) == 0) {
    1598                     $result .= $this->headerLine('To', 'undisclosed-recipients:;');
    1599                 }
     2044                }
     2045            } elseif (count($this->cc) == 0) {
     2046                $result .= $this->headerLine('To', 'undisclosed-recipients:;');
    16002047            }
    16012048        }
     
    16092056
    16102057        // sendmail and mail() extract Bcc from the header before sending
    1611         if ((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->bcc) > 0)) {
     2058        if ((
     2059                $this->Mailer == 'sendmail' or $this->Mailer == 'qmail' or $this->Mailer == 'mail'
     2060            )
     2061            and count($this->bcc) > 0
     2062        ) {
    16122063            $result .= $this->addrAppend('Bcc', $this->bcc);
    16132064        }
     
    16222073        }
    16232074
    1624         if ($this->MessageID != '') {
     2075        // Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4
     2076        // https://tools.ietf.org/html/rfc5322#section-3.6.4
     2077        if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) {
    16252078            $this->lastMessageID = $this->MessageID;
    16262079        } else {
    1627             $this->lastMessageID = sprintf("<%s@%s>", $uniq_id, $this->ServerHostname());
    1628         }
    1629         $result .= $this->HeaderLine('Message-ID', $this->lastMessageID);
    1630         $result .= $this->headerLine('X-Priority', $this->Priority);
     2080            $this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname());
     2081        }
     2082        $result .= $this->headerLine('Message-ID', $this->lastMessageID);
     2083        if (!is_null($this->Priority)) {
     2084            $result .= $this->headerLine('X-Priority', $this->Priority);
     2085        }
    16312086        if ($this->XMailer == '') {
    16322087            $result .= $this->headerLine(
    16332088                'X-Mailer',
    1634                 'PHPMailer ' . $this->Version . ' (https://github.com/PHPMailer/PHPMailer/)'
     2089                'PHPMailer ' . $this->Version . ' (https://github.com/PHPMailer/PHPMailer)'
    16352090            );
    16362091        } else {
     
    16422097
    16432098        if ($this->ConfirmReadingTo != '') {
    1644             $result .= $this->headerLine('Disposition-Notification-To', '<' . trim($this->ConfirmReadingTo) . '>');
     2099            $result .= $this->headerLine('Disposition-Notification-To', '<' . $this->ConfirmReadingTo . '>');
    16452100        }
    16462101
    16472102        // Add custom headers
    1648         for ($index = 0; $index < count($this->CustomHeader); $index++) {
     2103        foreach ($this->CustomHeader as $header) {
    16492104            $result .= $this->headerLine(
    1650                 trim($this->CustomHeader[$index][0]),
    1651                 $this->encodeHeader(trim($this->CustomHeader[$index][1]))
     2105                trim($header[0]),
     2106                $this->encodeHeader(trim($header[1]))
    16522107            );
    16532108        }
     
    16682123    {
    16692124        $result = '';
     2125        $ismultipart = true;
    16702126        switch ($this->message_type) {
    16712127            case 'inline':
     
    16882144                // Catches case 'plain': and case '':
    16892145                $result .= $this->textLine('Content-Type: ' . $this->ContentType . '; charset=' . $this->CharSet);
     2146                $ismultipart = false;
    16902147                break;
    16912148        }
    1692         //RFC1341 part 5 says 7bit is assumed if not specified
     2149        // RFC1341 part 5 says 7bit is assumed if not specified
    16932150        if ($this->Encoding != '7bit') {
    1694             $result .= $this->headerLine('Content-Transfer-Encoding', $this->Encoding);
     2151            // RFC 2045 section 6.4 says multipart MIME parts may only use 7bit, 8bit or binary CTE
     2152            if ($ismultipart) {
     2153                if ($this->Encoding == '8bit') {
     2154                    $result .= $this->headerLine('Content-Transfer-Encoding', '8bit');
     2155                }
     2156                // The only remaining alternatives are quoted-printable and base64, which are both 7bit compatible
     2157            } else {
     2158                $result .= $this->headerLine('Content-Transfer-Encoding', $this->Encoding);
     2159            }
    16952160        }
    16962161
     
    17052170     * Returns the whole MIME message.
    17062171     * Includes complete headers and body.
    1707      * Only valid post PreSend().
    1708      * @see PHPMailer::PreSend()
     2172     * Only valid post preSend().
     2173     * @see PHPMailer::preSend()
    17092174     * @access public
    17102175     * @return string
     
    17122177    public function getSentMIMEMessage()
    17132178    {
    1714         return $this->MIMEHeader . $this->mailHeader . self::CRLF . $this->MIMEBody;
    1715     }
    1716 
     2179        return rtrim($this->MIMEHeader . $this->mailHeader, "\n\r") . self::CRLF . self::CRLF . $this->MIMEBody;
     2180    }
     2181
     2182    /**
     2183     * Create unique ID
     2184     * @return string
     2185     */
     2186    protected function generateId() {
     2187        return md5(uniqid(time()));
     2188    }
    17172189
    17182190    /**
     
    17262198    {
    17272199        $body = '';
     2200        //Create unique IDs and preset boundaries
     2201        $this->uniqueid = $this->generateId();
     2202        $this->boundary[1] = 'b1_' . $this->uniqueid;
     2203        $this->boundary[2] = 'b2_' . $this->uniqueid;
     2204        $this->boundary[3] = 'b3_' . $this->uniqueid;
    17282205
    17292206        if ($this->sign_key_file) {
     
    17332210        $this->setWordWrap();
    17342211
     2212        $bodyEncoding = $this->Encoding;
     2213        $bodyCharSet = $this->CharSet;
     2214        //Can we do a 7-bit downgrade?
     2215        if ($bodyEncoding == '8bit' and !$this->has8bitChars($this->Body)) {
     2216            $bodyEncoding = '7bit';
     2217            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
     2218            $bodyCharSet = 'us-ascii';
     2219        }
     2220        //If lines are too long, and we're not already using an encoding that will shorten them,
     2221        //change to quoted-printable transfer encoding for the body part only
     2222        if ('base64' != $this->Encoding and self::hasLineLongerThanMax($this->Body)) {
     2223            $bodyEncoding = 'quoted-printable';
     2224        }
     2225
     2226        $altBodyEncoding = $this->Encoding;
     2227        $altBodyCharSet = $this->CharSet;
     2228        //Can we do a 7-bit downgrade?
     2229        if ($altBodyEncoding == '8bit' and !$this->has8bitChars($this->AltBody)) {
     2230            $altBodyEncoding = '7bit';
     2231            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
     2232            $altBodyCharSet = 'us-ascii';
     2233        }
     2234        //If lines are too long, and we're not already using an encoding that will shorten them,
     2235        //change to quoted-printable transfer encoding for the alt body part only
     2236        if ('base64' != $altBodyEncoding and self::hasLineLongerThanMax($this->AltBody)) {
     2237            $altBodyEncoding = 'quoted-printable';
     2238        }
     2239        //Use this as a preamble in all multipart message types
     2240        $mimepre = "This is a multi-part message in MIME format." . $this->LE . $this->LE;
    17352241        switch ($this->message_type) {
    17362242            case 'inline':
    1737                 $body .= $this->getBoundary($this->boundary[1], '', '', '');
    1738                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2243                $body .= $mimepre;
     2244                $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, '', $bodyEncoding);
     2245                $body .= $this->encodeString($this->Body, $bodyEncoding);
    17392246                $body .= $this->LE . $this->LE;
    17402247                $body .= $this->attachAll('inline', $this->boundary[1]);
    17412248                break;
    17422249            case 'attach':
    1743                 $body .= $this->getBoundary($this->boundary[1], '', '', '');
    1744                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2250                $body .= $mimepre;
     2251                $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, '', $bodyEncoding);
     2252                $body .= $this->encodeString($this->Body, $bodyEncoding);
    17452253                $body .= $this->LE . $this->LE;
    17462254                $body .= $this->attachAll('attachment', $this->boundary[1]);
    17472255                break;
    17482256            case 'inline_attach':
     2257                $body .= $mimepre;
    17492258                $body .= $this->textLine('--' . $this->boundary[1]);
    17502259                $body .= $this->headerLine('Content-Type', 'multipart/related;');
    17512260                $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"');
    17522261                $body .= $this->LE;
    1753                 $body .= $this->getBoundary($this->boundary[2], '', '', '');
    1754                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2262                $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, '', $bodyEncoding);
     2263                $body .= $this->encodeString($this->Body, $bodyEncoding);
    17552264                $body .= $this->LE . $this->LE;
    17562265                $body .= $this->attachAll('inline', $this->boundary[2]);
     
    17592268                break;
    17602269            case 'alt':
    1761                 $body .= $this->getBoundary($this->boundary[1], '', 'text/plain', '');
    1762                 $body .= $this->encodeString($this->AltBody, $this->Encoding);
     2270                $body .= $mimepre;
     2271                $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, 'text/plain', $altBodyEncoding);
     2272                $body .= $this->encodeString($this->AltBody, $altBodyEncoding);
    17632273                $body .= $this->LE . $this->LE;
    1764                 $body .= $this->getBoundary($this->boundary[1], '', 'text/html', '');
    1765                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2274                $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, 'text/html', $bodyEncoding);
     2275                $body .= $this->encodeString($this->Body, $bodyEncoding);
    17662276                $body .= $this->LE . $this->LE;
    17672277                if (!empty($this->Ical)) {
     
    17732283                break;
    17742284            case 'alt_inline':
    1775                 $body .= $this->getBoundary($this->boundary[1], '', 'text/plain', '');
    1776                 $body .= $this->encodeString($this->AltBody, $this->Encoding);
     2285                $body .= $mimepre;
     2286                $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, 'text/plain', $altBodyEncoding);
     2287                $body .= $this->encodeString($this->AltBody, $altBodyEncoding);
    17772288                $body .= $this->LE . $this->LE;
    17782289                $body .= $this->textLine('--' . $this->boundary[1]);
     
    17802291                $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"');
    17812292                $body .= $this->LE;
    1782                 $body .= $this->getBoundary($this->boundary[2], '', 'text/html', '');
    1783                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2293                $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, 'text/html', $bodyEncoding);
     2294                $body .= $this->encodeString($this->Body, $bodyEncoding);
    17842295                $body .= $this->LE . $this->LE;
    17852296                $body .= $this->attachAll('inline', $this->boundary[2]);
     
    17882299                break;
    17892300            case 'alt_attach':
     2301                $body .= $mimepre;
    17902302                $body .= $this->textLine('--' . $this->boundary[1]);
    17912303                $body .= $this->headerLine('Content-Type', 'multipart/alternative;');
    17922304                $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"');
    17932305                $body .= $this->LE;
    1794                 $body .= $this->getBoundary($this->boundary[2], '', 'text/plain', '');
    1795                 $body .= $this->encodeString($this->AltBody, $this->Encoding);
     2306                $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, 'text/plain', $altBodyEncoding);
     2307                $body .= $this->encodeString($this->AltBody, $altBodyEncoding);
    17962308                $body .= $this->LE . $this->LE;
    1797                 $body .= $this->getBoundary($this->boundary[2], '', 'text/html', '');
    1798                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2309                $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, 'text/html', $bodyEncoding);
     2310                $body .= $this->encodeString($this->Body, $bodyEncoding);
    17992311                $body .= $this->LE . $this->LE;
    18002312                $body .= $this->endBoundary($this->boundary[2]);
     
    18032315                break;
    18042316            case 'alt_inline_attach':
     2317                $body .= $mimepre;
    18052318                $body .= $this->textLine('--' . $this->boundary[1]);
    18062319                $body .= $this->headerLine('Content-Type', 'multipart/alternative;');
    18072320                $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"');
    18082321                $body .= $this->LE;
    1809                 $body .= $this->getBoundary($this->boundary[2], '', 'text/plain', '');
    1810                 $body .= $this->encodeString($this->AltBody, $this->Encoding);
     2322                $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, 'text/plain', $altBodyEncoding);
     2323                $body .= $this->encodeString($this->AltBody, $altBodyEncoding);
    18112324                $body .= $this->LE . $this->LE;
    18122325                $body .= $this->textLine('--' . $this->boundary[2]);
     
    18142327                $body .= $this->textLine("\tboundary=\"" . $this->boundary[3] . '"');
    18152328                $body .= $this->LE;
    1816                 $body .= $this->getBoundary($this->boundary[3], '', 'text/html', '');
    1817                 $body .= $this->encodeString($this->Body, $this->Encoding);
     2329                $body .= $this->getBoundary($this->boundary[3], $bodyCharSet, 'text/html', $bodyEncoding);
     2330                $body .= $this->encodeString($this->Body, $bodyEncoding);
    18182331                $body .= $this->LE . $this->LE;
    18192332                $body .= $this->attachAll('inline', $this->boundary[3]);
     
    18242337                break;
    18252338            default:
    1826                 // catch case 'plain' and case ''
     2339                // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types
     2340                //Reset the `Encoding` property in case we changed it for line length reasons
     2341                $this->Encoding = $bodyEncoding;
    18272342                $body .= $this->encodeString($this->Body, $this->Encoding);
    18282343                break;
     
    18342349            try {
    18352350                if (!defined('PKCS7_TEXT')) {
    1836                     throw new phpmailerException($this->lang('signing') . ' OpenSSL extension missing.');
    1837                 }
     2351                    throw new phpmailerException($this->lang('extension_missing') . 'openssl');
     2352                }
     2353                // @TODO would be nice to use php://temp streams here, but need to wrap for PHP < 5.1
    18382354                $file = tempnam(sys_get_temp_dir(), 'mail');
    1839                 file_put_contents($file, $body); //TODO check this worked
     2355                if (false === file_put_contents($file, $body)) {
     2356                    throw new phpmailerException($this->lang('signing') . ' Could not write temp file');
     2357                }
    18402358                $signed = tempnam(sys_get_temp_dir(), 'signed');
    1841                 if (@openssl_pkcs7_sign(
    1842                     $file,
    1843                     $signed,
    1844                     'file://' . realpath($this->sign_cert_file),
    1845                     array('file://' . realpath($this->sign_key_file), $this->sign_key_pass),
    1846                     null
    1847                 )
    1848                 ) {
     2359                //Workaround for PHP bug https://bugs.php.net/bug.php?id=69197
     2360                if (empty($this->sign_extracerts_file)) {
     2361                    $sign = @openssl_pkcs7_sign(
     2362                        $file,
     2363                        $signed,
     2364                        'file://' . realpath($this->sign_cert_file),
     2365                        array('file://' . realpath($this->sign_key_file), $this->sign_key_pass),
     2366                        null
     2367                    );
     2368                } else {
     2369                    $sign = @openssl_pkcs7_sign(
     2370                        $file,
     2371                        $signed,
     2372                        'file://' . realpath($this->sign_cert_file),
     2373                        array('file://' . realpath($this->sign_key_file), $this->sign_key_pass),
     2374                        null,
     2375                        PKCS7_DETACHED,
     2376                        $this->sign_extracerts_file
     2377                    );
     2378                }
     2379                if ($sign) {
    18492380                    @unlink($file);
    18502381                    $body = file_get_contents($signed);
    18512382                    @unlink($signed);
     2383                    //The message returned by openssl contains both headers and body, so need to split them up
     2384                    $parts = explode("\n\n", $body, 2);
     2385                    $this->MIMEHeader .= $parts[0] . $this->LE . $this->LE;
     2386                    $body = $parts[1];
    18522387                } else {
    18532388                    @unlink($file);
     
    18552390                    throw new phpmailerException($this->lang('signing') . openssl_error_string());
    18562391                }
    1857             } catch (phpmailerException $e) {
     2392            } catch (phpmailerException $exc) {
    18582393                $body = '';
    18592394                if ($this->exceptions) {
    1860                     throw $e;
     2395                    throw $exc;
    18612396                }
    18622397            }
     
    18872422        }
    18882423        $result .= $this->textLine('--' . $boundary);
    1889         $result .= sprintf("Content-Type: %s; charset=%s", $contentType, $charSet);
     2424        $result .= sprintf('Content-Type: %s; charset=%s', $contentType, $charSet);
    18902425        $result .= $this->LE;
    1891         $result .= $this->headerLine('Content-Transfer-Encoding', $encoding);
     2426        // RFC1341 part 5 says 7bit is assumed if not specified
     2427        if ($encoding != '7bit') {
     2428            $result .= $this->headerLine('Content-Transfer-Encoding', $encoding);
     2429        }
    18922430        $result .= $this->LE;
    18932431
     
    19082446    /**
    19092447     * Set the message type.
    1910      * PHPMailer only supports some preset message types,
    1911      * not arbitrary MIME structures.
     2448     * PHPMailer only supports some preset message types, not arbitrary MIME structures.
    19122449     * @access protected
    19132450     * @return void
     
    19152452    protected function setMessageType()
    19162453    {
    1917         $this->message_type = array();
     2454        $type = array();
    19182455        if ($this->alternativeExists()) {
    1919             $this->message_type[] = "alt";
     2456            $type[] = 'alt';
    19202457        }
    19212458        if ($this->inlineImageExists()) {
    1922             $this->message_type[] = "inline";
     2459            $type[] = 'inline';
    19232460        }
    19242461        if ($this->attachmentExists()) {
    1925             $this->message_type[] = "attach";
    1926         }
    1927         $this->message_type = implode("_", $this->message_type);
    1928         if ($this->message_type == "") {
    1929             $this->message_type = "plain";
     2462            $type[] = 'attach';
     2463        }
     2464        $this->message_type = implode('_', $type);
     2465        if ($this->message_type == '') {
     2466            //The 'plain' message_type refers to the message having a single body element, not that it is plain-text
     2467            $this->message_type = 'plain';
    19302468        }
    19312469    }
     
    19632501     * @param string $disposition Disposition to use
    19642502     * @throws phpmailerException
    1965      * @return bool
     2503     * @return boolean
    19662504     */
    19672505    public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment')
     
    19722510            }
    19732511
    1974             //If a MIME type is not specified, try to work it out from the file name
     2512            // If a MIME type is not specified, try to work it out from the file name
    19752513            if ($type == '') {
    19762514                $type = self::filenameToType($path);
     
    19932531            );
    19942532
    1995         } catch (phpmailerException $e) {
    1996             $this->setError($e->getMessage());
     2533        } catch (phpmailerException $exc) {
     2534            $this->setError($exc->getMessage());
     2535            $this->edebug($exc->getMessage());
    19972536            if ($this->exceptions) {
    1998                 throw $e;
    1999             }
    2000             $this->edebug($e->getMessage() . "\n");
     2537                throw $exc;
     2538            }
    20012539            return false;
    20022540        }
     
    20522590                $disposition = $attachment[6];
    20532591                $cid = $attachment[7];
    2054                 if ($disposition == 'inline' && isset($cidUniq[$cid])) {
     2592                if ($disposition == 'inline' && array_key_exists($cid, $cidUniq)) {
    20552593                    continue;
    20562594                }
    20572595                $cidUniq[$cid] = true;
    20582596
    2059                 $mime[] = sprintf("--%s%s", $boundary, $this->LE);
    2060                 $mime[] = sprintf(
    2061                     "Content-Type: %s; name=\"%s\"%s",
    2062                     $type,
    2063                     $this->encodeHeader($this->secureHeader($name)),
    2064                     $this->LE
    2065                 );
    2066                 $mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE);
     2597                $mime[] = sprintf('--%s%s', $boundary, $this->LE);
     2598                //Only include a filename property if we have one
     2599                if (!empty($name)) {
     2600                    $mime[] = sprintf(
     2601                        'Content-Type: %s; name="%s"%s',
     2602                        $type,
     2603                        $this->encodeHeader($this->secureHeader($name)),
     2604                        $this->LE
     2605                    );
     2606                } else {
     2607                    $mime[] = sprintf(
     2608                        'Content-Type: %s%s',
     2609                        $type,
     2610                        $this->LE
     2611                    );
     2612                }
     2613                // RFC1341 part 5 says 7bit is assumed if not specified
     2614                if ($encoding != '7bit') {
     2615                    $mime[] = sprintf('Content-Transfer-Encoding: %s%s', $encoding, $this->LE);
     2616                }
    20672617
    20682618                if ($disposition == 'inline') {
    2069                     $mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE);
     2619                    $mime[] = sprintf('Content-ID: <%s>%s', $cid, $this->LE);
    20702620                }
    20712621
     
    20752625                // Allow for bypassing the Content-Disposition header totally
    20762626                if (!(empty($disposition))) {
    2077                     if (preg_match('/[ \(\)<>@,;:\\"\/\[\]\?=]/', $name)) {
     2627                    $encoded_name = $this->encodeHeader($this->secureHeader($name));
     2628                    if (preg_match('/[ \(\)<>@,;:\\"\/\[\]\?=]/', $encoded_name)) {
    20782629                        $mime[] = sprintf(
    2079                             "Content-Disposition: %s; filename=\"%s\"%s",
     2630                            'Content-Disposition: %s; filename="%s"%s',
    20802631                            $disposition,
    2081                             $this->encodeHeader($this->secureHeader($name)),
     2632                            $encoded_name,
    20822633                            $this->LE . $this->LE
    20832634                        );
    20842635                    } else {
    2085                         $mime[] = sprintf(
    2086                             "Content-Disposition: %s; filename=%s%s",
    2087                             $disposition,
    2088                             $this->encodeHeader($this->secureHeader($name)),
    2089                             $this->LE . $this->LE
    2090                         );
     2636                        if (!empty($encoded_name)) {
     2637                            $mime[] = sprintf(
     2638                                'Content-Disposition: %s; filename=%s%s',
     2639                                $disposition,
     2640                                $encoded_name,
     2641                                $this->LE . $this->LE
     2642                            );
     2643                        } else {
     2644                            $mime[] = sprintf(
     2645                                'Content-Disposition: %s%s',
     2646                                $disposition,
     2647                                $this->LE . $this->LE
     2648                            );
     2649                        }
    20912650                    }
    20922651                } else {
     
    21112670        }
    21122671
    2113         $mime[] = sprintf("--%s--%s", $boundary, $this->LE);
    2114 
    2115         return implode("", $mime);
     2672        $mime[] = sprintf('--%s--%s', $boundary, $this->LE);
     2673
     2674        return implode('', $mime);
    21162675    }
    21172676
     
    21222681     * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable'
    21232682     * @throws phpmailerException
    2124      * @see EncodeFile(encodeFile
    21252683     * @access protected
    21262684     * @return string
     
    21352693            if ($magic_quotes) {
    21362694                if (version_compare(PHP_VERSION, '5.3.0', '<')) {
    2137                     set_magic_quotes_runtime(0);
     2695                    set_magic_quotes_runtime(false);
    21382696                } else {
    2139                     ini_set('magic_quotes_runtime', 0);
     2697                    //Doesn't exist in PHP 5.4, but we don't need to check because
     2698                    //get_magic_quotes_runtime always returns false in 5.4+
     2699                    //so it will never get here
     2700                    ini_set('magic_quotes_runtime', false);
    21402701                }
    21412702            }
     
    21502711            }
    21512712            return $file_buffer;
    2152         } catch (Exception $e) {
    2153             $this->setError($e->getMessage());
     2713        } catch (Exception $exc) {
     2714            $this->setError($exc->getMessage());
    21542715            return '';
    21552716        }
     
    21742735            case '8bit':
    21752736                $encoded = $this->fixEOL($str);
    2176                 //Make sure it ends with a line break
     2737                // Make sure it ends with a line break
    21772738                if (substr($encoded, -(strlen($this->LE))) != $this->LE) {
    21782739                    $encoded .= $this->LE;
     
    22022763    public function encodeHeader($str, $position = 'text')
    22032764    {
    2204         $x = 0;
     2765        $matchcount = 0;
    22052766        switch (strtolower($position)) {
    22062767            case 'phrase':
    22072768                if (!preg_match('/[\200-\377]/', $str)) {
    2208                     // Can't use addslashes as we don't know what value has magic_quotes_sybase
     2769                    // Can't use addslashes as we don't know the value of magic_quotes_sybase
    22092770                    $encoded = addcslashes($str, "\0..\37\177\\\"");
    22102771                    if (($str == $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) {
     
    22142775                    }
    22152776                }
    2216                 $x = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches);
     2777                $matchcount = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches);
    22172778                break;
    22182779            /** @noinspection PhpMissingBreakStatementInspection */
    22192780            case 'comment':
    2220                 $x = preg_match_all('/[()"]/', $str, $matches);
     2781                $matchcount = preg_match_all('/[()"]/', $str, $matches);
    22212782                // Intentional fall-through
    22222783            case 'text':
    22232784            default:
    2224                 $x += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches);
     2785                $matchcount += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches);
    22252786                break;
    22262787        }
    22272788
    2228         if ($x == 0) { //There are no chars that need encoding
     2789        //There are no chars that need encoding
     2790        if ($matchcount == 0) {
    22292791            return ($str);
    22302792        }
     
    22322794        $maxlen = 75 - 7 - strlen($this->CharSet);
    22332795        // Try to select the encoding which should produce the shortest output
    2234         if ($x > strlen($str) / 3) {
    2235             //More than a third of the content will need encoding, so B encoding will be most efficient
     2796        if ($matchcount > strlen($str) / 3) {
     2797            // More than a third of the content will need encoding, so B encoding will be most efficient
    22362798            $encoding = 'B';
    22372799            if (function_exists('mb_strlen') && $this->hasMultiBytes($str)) {
     
    22512813        }
    22522814
    2253         $encoded = preg_replace('/^(.*)$/m', " =?" . $this->CharSet . "?$encoding?\\1?=", $encoded);
     2815        $encoded = preg_replace('/^(.*)$/m', ' =?' . $this->CharSet . "?$encoding?\\1?=", $encoded);
    22542816        $encoded = trim(str_replace("\n", $this->LE, $encoded));
    22552817
     
    22612823     * @access public
    22622824     * @param string $str multi-byte text to wrap encode
    2263      * @return bool
     2825     * @return boolean
    22642826     */
    22652827    public function hasMultiBytes($str)
     
    22732835
    22742836    /**
     2837     * Does a string contain any 8-bit chars (in any charset)?
     2838     * @param string $text
     2839     * @return boolean
     2840     */
     2841    public function has8bitChars($text)
     2842    {
     2843        return (boolean)preg_match('/[\x80-\xFF]/', $text);
     2844    }
     2845
     2846    /**
    22752847     * Encode and wrap long multibyte strings for mail headers
    22762848     * without breaking lines within a character.
    2277      * Adapted from a function by paravoid at http://uk.php.net/manual/en/function.mb-encode-mimeheader.php
     2849     * Adapted from a function by paravoid
     2850     * @link http://www.php.net/manual/en/function.mb-encode-mimeheader.php#60283
    22782851     * @access public
    22792852     * @param string $str multi-byte text to wrap encode
    2280      * @param string $lf string to use as linefeed/end-of-line
     2853     * @param string $linebreak string to use as linefeed/end-of-line
    22812854     * @return string
    22822855     */
    2283     public function base64EncodeWrapMB($str, $lf = null)
    2284     {
    2285         $start = "=?" . $this->CharSet . "?B?";
    2286         $end = "?=";
    2287         $encoded = "";
    2288         if ($lf === null) {
    2289             $lf = $this->LE;
     2856    public function base64EncodeWrapMB($str, $linebreak = null)
     2857    {
     2858        $start = '=?' . $this->CharSet . '?B?';
     2859        $end = '?=';
     2860        $encoded = '';
     2861        if ($linebreak === null) {
     2862            $linebreak = $this->LE;
    22902863        }
    22912864
     
    23062879                $lookBack++;
    23072880            } while (strlen($chunk) > $length);
    2308             $encoded .= $chunk . $lf;
     2881            $encoded .= $chunk . $linebreak;
    23092882        }
    23102883
    23112884        // Chomp the last linefeed
    2312         $encoded = substr($encoded, 0, -strlen($lf));
     2885        $encoded = substr($encoded, 0, -strlen($linebreak));
    23132886        return $encoded;
    23142887    }
     
    23212894     * @param integer $line_max Number of chars allowed on a line before wrapping
    23222895     * @return string
    2323      * @link PHP version adapted from http://www.php.net/manual/en/function.quoted-printable-decode.php#89417
     2896     * @link http://www.php.net/manual/en/function.quoted-printable-decode.php#89417 Adapted from this comment
    23242897     */
    23252898    public function encodeQP($string, $line_max = 76)
    23262899    {
    2327         if (function_exists('quoted_printable_encode')) { //Use native function if it's available (>= PHP5.3)
     2900        // Use native function if it's available (>= PHP5.3)
     2901        if (function_exists('quoted_printable_encode')) {
    23282902            return quoted_printable_encode($string);
    23292903        }
    2330         //Fall back to a pure PHP implementation
     2904        // Fall back to a pure PHP implementation
    23312905        $string = str_replace(
    23322906            array('%20', '%0D%0A.', '%0D%0A', '%'),
     
    23342908            rawurlencode($string)
    23352909        );
    2336         $string = preg_replace('/[^\r\n]{' . ($line_max - 3) . '}[^=\r\n]{2}/', "$0=\r\n", $string);
    2337         return $string;
     2910        return preg_replace('/[^\r\n]{' . ($line_max - 3) . '}[^=\r\n]{2}/', "$0=\r\n", $string);
    23382911    }
    23392912
     
    23442917     * @param string $string
    23452918     * @param integer $line_max
    2346      * @param bool $space_conv
     2919     * @param boolean $space_conv
    23472920     * @return string
    23482921     * @deprecated Use encodeQP instead.
     
    23662939    public function encodeQ($str, $position = 'text')
    23672940    {
    2368         //There should not be any EOL in the string
     2941        // There should not be any EOL in the string
    23692942        $pattern = '';
    23702943        $encoded = str_replace(array("\r", "\n"), '', $str);
    23712944        switch (strtolower($position)) {
    23722945            case 'phrase':
    2373                 //RFC 2047 section 5.3
     2946                // RFC 2047 section 5.3
    23742947                $pattern = '^A-Za-z0-9!*+\/ -';
    23752948                break;
    23762949            /** @noinspection PhpMissingBreakStatementInspection */
    23772950            case 'comment':
    2378                 //RFC 2047 section 5.2
     2951                // RFC 2047 section 5.2
    23792952                $pattern = '\(\)"';
    2380                 //intentional fall-through
    2381                 //for this reason we build the $pattern without including delimiters and []
     2953                // intentional fall-through
     2954                // for this reason we build the $pattern without including delimiters and []
    23822955            case 'text':
    23832956            default:
    2384                 //RFC 2047 section 5.1
    2385                 //Replace every high ascii, control, =, ? and _ characters
     2957                // RFC 2047 section 5.1
     2958                // Replace every high ascii, control, =, ? and _ characters
    23862959                $pattern = '\000-\011\013\014\016-\037\075\077\137\177-\377' . $pattern;
    23872960                break;
     
    23892962        $matches = array();
    23902963        if (preg_match_all("/[{$pattern}]/", $encoded, $matches)) {
    2391             //If the string contains an '=', make sure it's the first thing we replace
    2392             //so as to avoid double-encoding
    2393             $s = array_search('=', $matches[0]);
    2394             if ($s !== false) {
    2395                 unset($matches[0][$s]);
     2964            // If the string contains an '=', make sure it's the first thing we replace
     2965            // so as to avoid double-encoding
     2966            $eqkey = array_search('=', $matches[0]);
     2967            if (false !== $eqkey) {
     2968                unset($matches[0][$eqkey]);
    23962969                array_unshift($matches[0], '=');
    23972970            }
     
    24002973            }
    24012974        }
    2402         //Replace every spaces to _ (more readable than =20)
     2975        // Replace every spaces to _ (more readable than =20)
    24032976        return str_replace(' ', '_', $encoded);
    24042977    }
    2405 
    24062978
    24072979    /**
     
    24232995        $disposition = 'attachment'
    24242996    ) {
    2425         //If a MIME type is not specified, try to work it out from the file name
     2997        // If a MIME type is not specified, try to work it out from the file name
    24262998        if ($type == '') {
    24272999            $type = self::filenameToType($filename);
     
    24433015     * Add an embedded (inline) attachment from a file.
    24443016     * This can include images, sounds, and just about any other document type.
    2445      * These differ from 'regular' attachmants in that they are intended to be
     3017     * These differ from 'regular' attachments in that they are intended to be
    24463018     * displayed inline with the message, not just attached for download.
    24473019     * This is used in HTML messages that embed the images
     
    24543026     * @param string $type File MIME type.
    24553027     * @param string $disposition Disposition to use
    2456      * @return bool True on successfully adding an attachment
     3028     * @return boolean True on successfully adding an attachment
    24573029     */
    24583030    public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline')
     
    24633035        }
    24643036
    2465         //If a MIME type is not specified, try to work it out from the file name
     3037        // If a MIME type is not specified, try to work it out from the file name
    24663038        if ($type == '') {
    24673039            $type = self::filenameToType($path);
     
    24993071     * @param string $type MIME type.
    25003072     * @param string $disposition Disposition to use
    2501      * @return bool True on successfully adding an attachment
     3073     * @return boolean True on successfully adding an attachment
    25023074     */
    25033075    public function addStringEmbeddedImage(
     
    25093081        $disposition = 'inline'
    25103082    ) {
    2511         //If a MIME type is not specified, try to work it out from the name
    2512         if ($type == '') {
     3083        // If a MIME type is not specified, try to work it out from the name
     3084        if ($type == '' and !empty($name)) {
    25133085            $type = self::filenameToType($name);
    25143086        }
     
    25313103     * Check if an inline attachment is present.
    25323104     * @access public
    2533      * @return bool
     3105     * @return boolean
    25343106     */
    25353107    public function inlineImageExists()
     
    25453117    /**
    25463118     * Check if an attachment (non-inline) is present.
    2547      * @return bool
     3119     * @return boolean
    25483120     */
    25493121    public function attachmentExists()
     
    25593131    /**
    25603132     * Check if this message has an alternative body set.
    2561      * @return bool
     3133     * @return boolean
    25623134     */
    25633135    public function alternativeExists()
    25643136    {
    25653137        return !empty($this->AltBody);
     3138    }
     3139
     3140    /**
     3141     * Clear queued addresses of given kind.
     3142     * @access protected
     3143     * @param string $kind 'to', 'cc', or 'bcc'
     3144     * @return void
     3145     */
     3146    public function clearQueuedAddresses($kind)
     3147    {
     3148        $RecipientsQueue = $this->RecipientsQueue;
     3149        foreach ($RecipientsQueue as $address => $params) {
     3150            if ($params[0] == $kind) {
     3151                unset($this->RecipientsQueue[$address]);
     3152            }
     3153        }
    25663154    }
    25673155
     
    25763164        }
    25773165        $this->to = array();
     3166        $this->clearQueuedAddresses('to');
    25783167    }
    25793168
     
    25883177        }
    25893178        $this->cc = array();
     3179        $this->clearQueuedAddresses('cc');
    25903180    }
    25913181
     
    26003190        }
    26013191        $this->bcc = array();
     3192        $this->clearQueuedAddresses('bcc');
    26023193    }
    26033194
     
    26093200    {
    26103201        $this->ReplyTo = array();
     3202        $this->ReplyToQueue = array();
    26113203    }
    26123204
     
    26213213        $this->bcc = array();
    26223214        $this->all_recipients = array();
     3215        $this->RecipientsQueue = array();
    26233216    }
    26243217
     
    26523245        if ($this->Mailer == 'smtp' and !is_null($this->smtp)) {
    26533246            $lasterror = $this->smtp->getError();
    2654             if (!empty($lasterror) and array_key_exists('smtp_msg', $lasterror)) {
    2655                 $msg .= '<p>' . $this->lang('smtp_error') . $lasterror['smtp_msg'] . "</p>\n";
     3247            if (!empty($lasterror['error'])) {
     3248                $msg .= $this->lang('smtp_error') . $lasterror['error'];
     3249                if (!empty($lasterror['detail'])) {
     3250                    $msg .= ' Detail: '. $lasterror['detail'];
     3251                }
     3252                if (!empty($lasterror['smtp_code'])) {
     3253                    $msg .= ' SMTP code: ' . $lasterror['smtp_code'];
     3254                }
     3255                if (!empty($lasterror['smtp_code_ex'])) {
     3256                    $msg .= ' Additional SMTP info: ' . $lasterror['smtp_code_ex'];
     3257                }
    26563258            }
    26573259        }
     
    26673269    public static function rfcDate()
    26683270    {
    2669         //Set the time zone to whatever the default is to avoid 500 errors
    2670         //Will default to UTC if it's not set properly in php.ini
     3271        // Set the time zone to whatever the default is to avoid 500 errors
     3272        // Will default to UTC if it's not set properly in php.ini
    26713273        date_default_timezone_set(@date_default_timezone_get());
    26723274        return date('D, j M Y H:i:s O');
     
    26813283    protected function serverHostname()
    26823284    {
     3285        $result = 'localhost.localdomain';
    26833286        if (!empty($this->Hostname)) {
    26843287            $result = $this->Hostname;
    2685         } elseif (isset($_SERVER['SERVER_NAME'])) {
     3288        } elseif (isset($_SERVER) and array_key_exists('SERVER_NAME', $_SERVER) and !empty($_SERVER['SERVER_NAME'])) {
    26863289            $result = $_SERVER['SERVER_NAME'];
    2687         } else {
    2688             $result = 'localhost.localdomain';
    2689         }
    2690 
     3290        } elseif (function_exists('gethostname') && gethostname() !== false) {
     3291            $result = gethostname();
     3292        } elseif (php_uname('n') !== false) {
     3293            $result = php_uname('n');
     3294        }
    26913295        return $result;
    26923296    }
     
    27043308        }
    27053309
    2706         if (isset($this->language[$key])) {
     3310        if (array_key_exists($key, $this->language)) {
     3311            if ($key == 'smtp_connect_failed') {
     3312                //Include a link to troubleshooting docs on SMTP connection failure
     3313                //this is by far the biggest cause of support questions
     3314                //but it's usually not PHPMailer's fault.
     3315                return $this->language[$key] . ' https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting';
     3316            }
    27073317            return $this->language[$key];
    27083318        } else {
    2709             return 'Language string failed to load: ' . $key;
     3319            //Return the key as a fallback
     3320            return $key;
    27103321        }
    27113322    }
     
    27143325     * Check if an error occurred.
    27153326     * @access public
    2716      * @return bool True if an error did occur.
     3327     * @return boolean True if an error did occur.
    27173328     */
    27183329    public function isError()
     
    27593370
    27603371    /**
    2761      * Create a message from an HTML string.
    2762      * Automatically makes modifications for inline images and backgrounds
    2763      * and creates a plain-text version by converting the HTML.
    2764      * Overwrites any existing values in $this->Body and $this->AltBody
     3372     * Returns all custom headers.
     3373     * @return array
     3374     */
     3375    public function getCustomHeaders()
     3376    {
     3377        return $this->CustomHeader;
     3378    }
     3379
     3380    /**
     3381     * Create a message body from an HTML string.
     3382     * Automatically inlines images and creates a plain-text version by converting the HTML,
     3383     * overwriting any existing values in Body and AltBody.
     3384     * $basedir is used when handling relative image paths, e.g. <img src="images/a.png">
     3385     * will look for an image file in $basedir/images/a.png and convert it to inline.
     3386     * If you don't want to apply these transformations to your HTML, just set Body and AltBody yourself.
    27653387     * @access public
    27663388     * @param string $message HTML message string
    2767      * @param string $basedir baseline directory for path
    2768      * @param bool $advanced Whether to use the advanced HTML to text converter
    2769      * @return string $message
     3389     * @param string $basedir base directory for relative paths to images
     3390     * @param boolean|callable $advanced Whether to use the internal HTML to text converter
     3391     *    or your own custom converter @see PHPMailer::html2text()
     3392     * @return string $message The transformed message Body
    27703393     */
    27713394    public function msgHTML($message, $basedir = '', $advanced = false)
    27723395    {
    2773         preg_match_all("/(src|background)=[\"'](.*)[\"']/Ui", $message, $images);
    2774         if (isset($images[2])) {
    2775             foreach ($images[2] as $i => $url) {
    2776                 // do not change urls for absolute images (thanks to corvuscorax)
    2777                 if (!preg_match('#^[A-z]+://#', $url)) {
     3396        preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images);
     3397        if (array_key_exists(2, $images)) {
     3398            foreach ($images[2] as $imgindex => $url) {
     3399                // Convert data URIs into embedded images
     3400                if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) {
     3401                    $data = substr($url, strpos($url, ','));
     3402                    if ($match[2]) {
     3403                        $data = base64_decode($data);
     3404                    } else {
     3405                        $data = rawurldecode($data);
     3406                    }
     3407                    $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
     3408                    if ($this->addStringEmbeddedImage($data, $cid, 'embed' . $imgindex, 'base64', $match[1])) {
     3409                        $message = str_replace(
     3410                            $images[0][$imgindex],
     3411                            $images[1][$imgindex] . '="cid:' . $cid . '"',
     3412                            $message
     3413                        );
     3414                    }
     3415                } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) {
     3416                    // Do not change urls for absolute images (thanks to corvuscorax)
     3417                    // Do not change urls that are already inline images
    27783418                    $filename = basename($url);
    27793419                    $directory = dirname($url);
     
    27813421                        $directory = '';
    27823422                    }
    2783                     $cid = md5($url) . '@phpmailer.0'; //RFC2392 S 2
     3423                    $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
    27843424                    if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
    27853425                        $basedir .= '/';
     
    27933433                        $filename,
    27943434                        'base64',
    2795                         self::_mime_types(self::mb_pathinfo($filename, PATHINFO_EXTENSION))
     3435                        self::_mime_types((string)self::mb_pathinfo($filename, PATHINFO_EXTENSION))
    27963436                    )
    27973437                    ) {
    27983438                        $message = preg_replace(
    2799                             "/" . $images[1][$i] . "=[\"']" . preg_quote($url, '/') . "[\"']/Ui",
    2800                             $images[1][$i] . "=\"cid:" . $cid . "\"",
     3439                            '/' . $images[1][$imgindex] . '=["\']' . preg_quote($url, '/') . '["\']/Ui',
     3440                            $images[1][$imgindex] . '="cid:' . $cid . '"',
    28013441                            $message
    28023442                        );
     
    28063446        }
    28073447        $this->isHTML(true);
    2808         if (empty($this->AltBody)) {
    2809             $this->AltBody = 'To view this email message, open it in a program that understands HTML!' . "\n\n";
    2810         }
    2811         //Convert all message body line breaks to CRLF, makes quoted-printable encoding work much better
     3448        // Convert all message body line breaks to CRLF, makes quoted-printable encoding work much better
    28123449        $this->Body = $this->normalizeBreaks($message);
    28133450        $this->AltBody = $this->normalizeBreaks($this->html2text($message, $advanced));
     3451        if (!$this->alternativeExists()) {
     3452            $this->AltBody = 'To view this email message, open it in a program that understands HTML!' .
     3453                self::CRLF . self::CRLF;
     3454        }
    28143455        return $this->Body;
    28153456    }
     
    28173458    /**
    28183459     * Convert an HTML string into plain text.
     3460     * This is used by msgHTML().
     3461     * Note - older versions of this function used a bundled advanced converter
     3462     * which was been removed for license reasons in #232.
     3463     * Example usage:
     3464     * <code>
     3465     * // Use default conversion
     3466     * $plain = $mail->html2text($html);
     3467     * // Use your own custom converter
     3468     * $plain = $mail->html2text($html, function($html) {
     3469     *     $converter = new MyHtml2text($html);
     3470     *     return $converter->get_text();
     3471     * });
     3472     * </code>
    28193473     * @param string $html The HTML text to convert
    2820      * @param bool $advanced Should this use the more complex html2text converter or just a simple one?
     3474     * @param boolean|callable $advanced Any boolean value to use the internal converter,
     3475     *   or provide your own callable for custom conversion.
    28213476     * @return string
    28223477     */
    28233478    public function html2text($html, $advanced = false)
    28243479    {
    2825         if ($advanced) {
    2826             require_once 'extras/class.html2text.php';
    2827             $h = new html2text($html);
    2828             return $h->get_text();
     3480        if (is_callable($advanced)) {
     3481            return call_user_func($advanced, $html);
    28293482        }
    28303483        return html_entity_decode(
     
    28453498    {
    28463499        $mimes = array(
    2847             'xl' => 'application/excel',
    2848             'hqx' => 'application/mac-binhex40',
    2849             'cpt' => 'application/mac-compactpro',
    2850             'bin' => 'application/macbinary',
    2851             'doc' => 'application/msword',
    2852             'word' => 'application/msword',
     3500            'xl'    => 'application/excel',
     3501            'js'    => 'application/javascript',
     3502            'hqx'   => 'application/mac-binhex40',
     3503            'cpt'   => 'application/mac-compactpro',
     3504            'bin'   => 'application/macbinary',
     3505            'doc'   => 'application/msword',
     3506            'word'  => 'application/msword',
     3507            'xlsx'  => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
     3508            'xltx'  => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
     3509            'potx'  => 'application/vnd.openxmlformats-officedocument.presentationml.template',
     3510            'ppsx'  => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
     3511            'pptx'  => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
     3512            'sldx'  => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
     3513            'docx'  => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
     3514            'dotx'  => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
     3515            'xlam'  => 'application/vnd.ms-excel.addin.macroEnabled.12',
     3516            'xlsb'  => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
    28533517            'class' => 'application/octet-stream',
    2854             'dll' => 'application/octet-stream',
    2855             'dms' => 'application/octet-stream',
    2856             'exe' => 'application/octet-stream',
    2857             'lha' => 'application/octet-stream',
    2858             'lzh' => 'application/octet-stream',
    2859             'psd' => 'application/octet-stream',
    2860             'sea' => 'application/octet-stream',
    2861             'so' => 'application/octet-stream',
    2862             'oda' => 'application/oda',
    2863             'pdf' => 'application/pdf',
    2864             'ai' => 'application/postscript',
    2865             'eps' => 'application/postscript',
    2866             'ps' => 'application/postscript',
    2867             'smi' => 'application/smil',
    2868             'smil' => 'application/smil',
    2869             'mif' => 'application/vnd.mif',
    2870             'xls' => 'application/vnd.ms-excel',
    2871             'ppt' => 'application/vnd.ms-powerpoint',
     3518            'dll'   => 'application/octet-stream',
     3519            'dms'   => 'application/octet-stream',
     3520            'exe'   => 'application/octet-stream',
     3521            'lha'   => 'application/octet-stream',
     3522            'lzh'   => 'application/octet-stream',
     3523            'psd'   => 'application/octet-stream',
     3524            'sea'   => 'application/octet-stream',
     3525            'so'    => 'application/octet-stream',
     3526            'oda'   => 'application/oda',
     3527            'pdf'   => 'application/pdf',
     3528            'ai'    => 'application/postscript',
     3529            'eps'   => 'application/postscript',
     3530            'ps'    => 'application/postscript',
     3531            'smi'   => 'application/smil',
     3532            'smil'  => 'application/smil',
     3533            'mif'   => 'application/vnd.mif',
     3534            'xls'   => 'application/vnd.ms-excel',
     3535            'ppt'   => 'application/vnd.ms-powerpoint',
    28723536            'wbxml' => 'application/vnd.wap.wbxml',
    2873             'wmlc' => 'application/vnd.wap.wmlc',
    2874             'dcr' => 'application/x-director',
    2875             'dir' => 'application/x-director',
    2876             'dxr' => 'application/x-director',
    2877             'dvi' => 'application/x-dvi',
    2878             'gtar' => 'application/x-gtar',
    2879             'php3' => 'application/x-httpd-php',
    2880             'php4' => 'application/x-httpd-php',
    2881             'php' => 'application/x-httpd-php',
     3537            'wmlc'  => 'application/vnd.wap.wmlc',
     3538            'dcr'   => 'application/x-director',
     3539            'dir'   => 'application/x-director',
     3540            'dxr'   => 'application/x-director',
     3541            'dvi'   => 'application/x-dvi',
     3542            'gtar'  => 'application/x-gtar',
     3543            'php3'  => 'application/x-httpd-php',
     3544            'php4'  => 'application/x-httpd-php',
     3545            'php'   => 'application/x-httpd-php',
    28823546            'phtml' => 'application/x-httpd-php',
    2883             'phps' => 'application/x-httpd-php-source',
    2884             'js' => 'application/x-javascript',
    2885             'swf' => 'application/x-shockwave-flash',
    2886             'sit' => 'application/x-stuffit',
    2887             'tar' => 'application/x-tar',
    2888             'tgz' => 'application/x-tar',
    2889             'xht' => 'application/xhtml+xml',
     3547            'phps'  => 'application/x-httpd-php-source',
     3548            'swf'   => 'application/x-shockwave-flash',
     3549            'sit'   => 'application/x-stuffit',
     3550            'tar'   => 'application/x-tar',
     3551            'tgz'   => 'application/x-tar',
     3552            'xht'   => 'application/xhtml+xml',
    28903553            'xhtml' => 'application/xhtml+xml',
    2891             'zip' => 'application/zip',
    2892             'mid' => 'audio/midi',
    2893             'midi' => 'audio/midi',
    2894             'mp2' => 'audio/mpeg',
    2895             'mp3' => 'audio/mpeg',
    2896             'mpga' => 'audio/mpeg',
    2897             'aif' => 'audio/x-aiff',
    2898             'aifc' => 'audio/x-aiff',
    2899             'aiff' => 'audio/x-aiff',
    2900             'ram' => 'audio/x-pn-realaudio',
    2901             'rm' => 'audio/x-pn-realaudio',
    2902             'rpm' => 'audio/x-pn-realaudio-plugin',
    2903             'ra' => 'audio/x-realaudio',
    2904             'wav' => 'audio/x-wav',
    2905             'bmp' => 'image/bmp',
    2906             'gif' => 'image/gif',
    2907             'jpeg' => 'image/jpeg',
    2908             'jpe' => 'image/jpeg',
    2909             'jpg' => 'image/jpeg',
    2910             'png' => 'image/png',
    2911             'tiff' => 'image/tiff',
    2912             'tif' => 'image/tiff',
    2913             'eml' => 'message/rfc822',
    2914             'css' => 'text/css',
    2915             'html' => 'text/html',
    2916             'htm' => 'text/html',
     3554            'zip'   => 'application/zip',
     3555            'mid'   => 'audio/midi',
     3556            'midi'  => 'audio/midi',
     3557            'mp2'   => 'audio/mpeg',
     3558            'mp3'   => 'audio/mpeg',
     3559            'mpga'  => 'audio/mpeg',
     3560            'aif'   => 'audio/x-aiff',
     3561            'aifc'  => 'audio/x-aiff',
     3562            'aiff'  => 'audio/x-aiff',
     3563            'ram'   => 'audio/x-pn-realaudio',
     3564            'rm'    => 'audio/x-pn-realaudio',
     3565            'rpm'   => 'audio/x-pn-realaudio-plugin',
     3566            'ra'    => 'audio/x-realaudio',
     3567            'wav'   => 'audio/x-wav',
     3568            'bmp'   => 'image/bmp',
     3569            'gif'   => 'image/gif',
     3570            'jpeg'  => 'image/jpeg',
     3571            'jpe'   => 'image/jpeg',
     3572            'jpg'   => 'image/jpeg',
     3573            'png'   => 'image/png',
     3574            'tiff'  => 'image/tiff',
     3575            'tif'   => 'image/tiff',
     3576            'eml'   => 'message/rfc822',
     3577            'css'   => 'text/css',
     3578            'html'  => 'text/html',
     3579            'htm'   => 'text/html',
    29173580            'shtml' => 'text/html',
    2918             'log' => 'text/plain',
    2919             'text' => 'text/plain',
    2920             'txt' => 'text/plain',
    2921             'rtx' => 'text/richtext',
    2922             'rtf' => 'text/rtf',
    2923             'xml' => 'text/xml',
    2924             'xsl' => 'text/xml',
    2925             'mpeg' => 'video/mpeg',
    2926             'mpe' => 'video/mpeg',
    2927             'mpg' => 'video/mpeg',
    2928             'mov' => 'video/quicktime',
    2929             'qt' => 'video/quicktime',
    2930             'rv' => 'video/vnd.rn-realvideo',
    2931             'avi' => 'video/x-msvideo',
     3581            'log'   => 'text/plain',
     3582            'text'  => 'text/plain',
     3583            'txt'   => 'text/plain',
     3584            'rtx'   => 'text/richtext',
     3585            'rtf'   => 'text/rtf',
     3586            'vcf'   => 'text/vcard',
     3587            'vcard' => 'text/vcard',
     3588            'xml'   => 'text/xml',
     3589            'xsl'   => 'text/xml',
     3590            'mpeg'  => 'video/mpeg',
     3591            'mpe'   => 'video/mpeg',
     3592            'mpg'   => 'video/mpeg',
     3593            'mov'   => 'video/quicktime',
     3594            'qt'    => 'video/quicktime',
     3595            'rv'    => 'video/vnd.rn-realvideo',
     3596            'avi'   => 'video/x-msvideo',
    29323597            'movie' => 'video/x-sgi-movie'
    29333598        );
    2934         return (array_key_exists(strtolower($ext), $mimes) ? $mimes[strtolower($ext)]: 'application/octet-stream');
     3599        if (array_key_exists(strtolower($ext), $mimes)) {
     3600            return $mimes[strtolower($ext)];
     3601        }
     3602        return 'application/octet-stream';
    29353603    }
    29363604
     
    29443612    public static function filenameToType($filename)
    29453613    {
    2946         //In case the path is a URL, strip any query string before getting extension
     3614        // In case the path is a URL, strip any query string before getting extension
    29473615        $qpos = strpos($filename, '?');
    2948         if ($qpos !== false) {
     3616        if (false !== $qpos) {
    29493617            $filename = substr($filename, 0, $qpos);
    29503618        }
     
    29673635    {
    29683636        $ret = array('dirname' => '', 'basename' => '', 'extension' => '', 'filename' => '');
    2969         $m = array();
    2970         preg_match('%^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^\.\\\\/]+?)|))[\\\\/\.]*$%im', $path, $m);
    2971         if (array_key_exists(1, $m)) {
    2972             $ret['dirname'] = $m[1];
    2973         }
    2974         if (array_key_exists(2, $m)) {
    2975             $ret['basename'] = $m[2];
    2976         }
    2977         if (array_key_exists(5, $m)) {
    2978             $ret['extension'] = $m[5];
    2979         }
    2980         if (array_key_exists(3, $m)) {
    2981             $ret['filename'] = $m[3];
     3637        $pathinfo = array();
     3638        if (preg_match('%^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^\.\\\\/]+?)|))[\\\\/\.]*$%im', $path, $pathinfo)) {
     3639            if (array_key_exists(1, $pathinfo)) {
     3640                $ret['dirname'] = $pathinfo[1];
     3641            }
     3642            if (array_key_exists(2, $pathinfo)) {
     3643                $ret['basename'] = $pathinfo[2];
     3644            }
     3645            if (array_key_exists(5, $pathinfo)) {
     3646                $ret['extension'] = $pathinfo[5];
     3647            }
     3648            if (array_key_exists(3, $pathinfo)) {
     3649                $ret['filename'] = $pathinfo[3];
     3650            }
    29823651        }
    29833652        switch ($options) {
     
    29853654            case 'dirname':
    29863655                return $ret['dirname'];
    2987                 break;
    29883656            case PATHINFO_BASENAME:
    29893657            case 'basename':
    29903658                return $ret['basename'];
    2991                 break;
    29923659            case PATHINFO_EXTENSION:
    29933660            case 'extension':
    29943661                return $ret['extension'];
    2995                 break;
    29963662            case PATHINFO_FILENAME:
    29973663            case 'filename':
    29983664                return $ret['filename'];
    2999                 break;
    30003665            default:
    30013666                return $ret;
     
    30053670    /**
    30063671     * Set or reset instance properties.
    3007      *
     3672     * You should avoid this function - it's more verbose, less efficient, more error-prone and
     3673     * harder to debug than setting properties directly.
    30083674     * Usage Example:
    3009      * $page->set('X-Priority', '3');
    3010      *
    3011      * @access public
    3012      * @param string $name
    3013      * @param mixed $value
    3014      * NOTE: will not work with arrays, there are no arrays to set/reset
    3015      * @throws phpmailerException
    3016      * @return bool
    3017      * @todo Should this not be using __set() magic function?
     3675     * `$mail->set('SMTPSecure', 'tls');`
     3676     *   is the same as:
     3677     * `$mail->SMTPSecure = 'tls';`
     3678     * @access public
     3679     * @param string $name The property name to set
     3680     * @param mixed $value The value to set the property to
     3681     * @return boolean
     3682     * @TODO Should this not be using the __set() magic function?
    30183683     */
    30193684    public function set($name, $value = '')
    30203685    {
    3021         try {
    3022             if (isset($this->$name)) {
    3023                 $this->$name = $value;
    3024             } else {
    3025                 throw new phpmailerException($this->lang('variable_set') . $name, self::STOP_CRITICAL);
    3026             }
    3027         } catch (Exception $e) {
    3028             $this->setError($e->getMessage());
    3029             if ($e->getCode() == self::STOP_CRITICAL) {
    3030                 return false;
    3031             }
    3032         }
    3033         return true;
     3686        if (property_exists($this, $name)) {
     3687            $this->$name = $value;
     3688            return true;
     3689        } else {
     3690            $this->setError($this->lang('variable_set') . $name);
     3691            return false;
     3692        }
    30343693    }
    30353694
     
    30603719    }
    30613720
    3062 
    3063     /**
    3064      * Set the private key file and password for S/MIME signing.
     3721    /**
     3722     * Set the public and private key files and password for S/MIME signing.
    30653723     * @access public
    30663724     * @param string $cert_filename
    30673725     * @param string $key_filename
    30683726     * @param string $key_pass Password for private key
    3069      */
    3070     public function sign($cert_filename, $key_filename, $key_pass)
     3727     * @param string $extracerts_filename Optional path to chain certificate
     3728     */
     3729    public function sign($cert_filename, $key_filename, $key_pass, $extracerts_filename = '')
    30713730    {
    30723731        $this->sign_cert_file = $cert_filename;
    30733732        $this->sign_key_file = $key_filename;
    30743733        $this->sign_key_pass = $key_pass;
     3734        $this->sign_extracerts_file = $extracerts_filename;
    30753735    }
    30763736
     
    30893749                $line .= $txt[$i];
    30903750            } else {
    3091                 $line .= "=" . sprintf("%02X", $ord);
     3751                $line .= '=' . sprintf('%02X', $ord);
    30923752            }
    30933753        }
     
    30983758     * Generate a DKIM signature.
    30993759     * @access public
    3100      * @param string $s Header
     3760     * @param string $signHeader
    31013761     * @throws phpmailerException
    3102      * @return string
    3103      */
    3104     public function DKIM_Sign($s)
     3762     * @return string The DKIM signature value
     3763     */
     3764    public function DKIM_Sign($signHeader)
    31053765    {
    31063766        if (!defined('PKCS7_TEXT')) {
    31073767            if ($this->exceptions) {
    3108                 throw new phpmailerException($this->lang("signing") . ' OpenSSL extension missing.');
     3768                throw new phpmailerException($this->lang('extension_missing') . 'openssl');
    31093769            }
    31103770            return '';
    31113771        }
    3112         $privKeyStr = file_get_contents($this->DKIM_private);
    3113         if ($this->DKIM_passphrase != '') {
     3772        $privKeyStr = !empty($this->DKIM_private_string) ? $this->DKIM_private_string : file_get_contents($this->DKIM_private);
     3773        if ('' != $this->DKIM_passphrase) {
    31143774            $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
    31153775        } else {
    3116             $privKey = $privKeyStr;
    3117         }
    3118         if (openssl_sign($s, $signature, $privKey)) {
    3119             return base64_encode($signature);
    3120         }
     3776            $privKey = openssl_pkey_get_private($privKeyStr);
     3777        }
     3778        //Workaround for missing digest algorithms in old PHP & OpenSSL versions
     3779        //@link http://stackoverflow.com/a/11117338/333340
     3780        if (version_compare(PHP_VERSION, '5.3.0') >= 0 and
     3781            in_array('sha256WithRSAEncryption', openssl_get_md_methods(true))) {
     3782            if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
     3783                openssl_pkey_free($privKey);
     3784                return base64_encode($signature);
     3785            }
     3786        } else {
     3787            $pinfo = openssl_pkey_get_details($privKey);
     3788            $hash = hash('sha256', $signHeader);
     3789            //'Magic' constant for SHA256 from RFC3447
     3790            //@link https://tools.ietf.org/html/rfc3447#page-43
     3791            $t = '3031300d060960864801650304020105000420' . $hash;
     3792            $pslen = $pinfo['bits'] / 8 - (strlen($t) / 2 + 3);
     3793            $eb = pack('H*', '0001' . str_repeat('FF', $pslen) . '00' . $t);
     3794
     3795            if (openssl_private_encrypt($eb, $signature, $privKey, OPENSSL_NO_PADDING)) {
     3796                openssl_pkey_free($privKey);
     3797                return base64_encode($signature);
     3798            }
     3799        }
     3800        openssl_pkey_free($privKey);
    31213801        return '';
    31223802    }
     
    31253805     * Generate a DKIM canonicalization header.
    31263806     * @access public
    3127      * @param string $s Header
     3807     * @param string $signHeader Header
    31283808     * @return string
    31293809     */
    3130     public function DKIM_HeaderC($s)
    3131     {
    3132         $s = preg_replace("/\r\n\s+/", " ", $s);
    3133         $lines = explode("\r\n", $s);
     3810    public function DKIM_HeaderC($signHeader)
     3811    {
     3812        $signHeader = preg_replace('/\r\n\s+/', ' ', $signHeader);
     3813        $lines = explode("\r\n", $signHeader);
    31343814        foreach ($lines as $key => $line) {
    3135             list($heading, $value) = explode(":", $line, 2);
     3815            list($heading, $value) = explode(':', $line, 2);
    31363816            $heading = strtolower($heading);
    3137             $value = preg_replace("/\s+/", " ", $value); // Compress useless spaces
    3138             $lines[$key] = $heading . ":" . trim($value); // Don't forget to remove WSP around the value
    3139         }
    3140         $s = implode("\r\n", $lines);
    3141         return $s;
     3817            $value = preg_replace('/\s{2,}/', ' ', $value); // Compress useless spaces
     3818            $lines[$key] = $heading . ':' . trim($value); // Don't forget to remove WSP around the value
     3819        }
     3820        $signHeader = implode("\r\n", $lines);
     3821        return $signHeader;
    31423822    }
    31433823
     
    31733853    public function DKIM_Add($headers_line, $subject, $body)
    31743854    {
    3175         $DKIMsignatureType = 'rsa-sha1'; // Signature & hash algorithms
     3855        $DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms
    31763856        $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization of header/body
    31773857        $DKIMquery = 'dns/txt'; // Query method
     
    31813861        $from_header = '';
    31823862        $to_header = '';
     3863        $date_header = '';
    31833864        $current = '';
    31843865        foreach ($headers as $header) {
     
    31893870                $to_header = $header;
    31903871                $current = 'to_header';
     3872            } elseif (strpos($header, 'Date:') === 0) {
     3873                $date_header = $header;
     3874                $current = 'date_header';
    31913875            } else {
    3192                 if ($current && strpos($header, ' =?') === 0) {
    3193                     $current .= $header;
     3876                if (!empty($$current) && strpos($header, ' =?') === 0) {
     3877                    $$current .= $header;
    31943878                } else {
    31953879                    $current = '';
     
    31993883        $from = str_replace('|', '=7C', $this->DKIM_QP($from_header));
    32003884        $to = str_replace('|', '=7C', $this->DKIM_QP($to_header));
     3885        $date = str_replace('|', '=7C', $this->DKIM_QP($date_header));
    32013886        $subject = str_replace(
    32023887            '|',
     
    32063891        $body = $this->DKIM_BodyC($body);
    32073892        $DKIMlen = strlen($body); // Length of body
    3208         $DKIMb64 = base64_encode(pack("H*", sha1($body))); // Base64 of packed binary SHA-1 hash of body
    3209         $ident = ($this->DKIM_identity == '') ? '' : " i=" . $this->DKIM_identity . ";";
    3210         $dkimhdrs = "DKIM-Signature: v=1; a=" .
    3211             $DKIMsignatureType . "; q=" .
    3212             $DKIMquery . "; l=" .
    3213             $DKIMlen . "; s=" .
     3893        $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body
     3894        if ('' == $this->DKIM_identity) {
     3895            $ident = '';
     3896        } else {
     3897            $ident = ' i=' . $this->DKIM_identity . ';';
     3898        }
     3899        $dkimhdrs = 'DKIM-Signature: v=1; a=' .
     3900            $DKIMsignatureType . '; q=' .
     3901            $DKIMquery . '; l=' .
     3902            $DKIMlen . '; s=' .
    32143903            $this->DKIM_selector .
    32153904            ";\r\n" .
    3216             "\tt=" . $DKIMtime . "; c=" . $DKIMcanonicalization . ";\r\n" .
    3217             "\th=From:To:Subject;\r\n" .
    3218             "\td=" . $this->DKIM_domain . ";" . $ident . "\r\n" .
     3905            "\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" .
     3906            "\th=From:To:Date:Subject;\r\n" .
     3907            "\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" .
    32193908            "\tz=$from\r\n" .
    32203909            "\t|$to\r\n" .
     3910            "\t|$date\r\n" .
    32213911            "\t|$subject;\r\n" .
    32223912            "\tbh=" . $DKIMb64 . ";\r\n" .
    32233913            "\tb=";
    32243914        $toSign = $this->DKIM_HeaderC(
    3225             $from_header . "\r\n" . $to_header . "\r\n" . $subject_header . "\r\n" . $dkimhdrs
     3915            $from_header . "\r\n" .
     3916            $to_header . "\r\n" .
     3917            $date_header . "\r\n" .
     3918            $subject_header . "\r\n" .
     3919            $dkimhdrs
    32263920        );
    32273921        $signed = $this->DKIM_Sign($toSign);
     
    32303924
    32313925    /**
     3926     * Detect if a string contains a line longer than the maximum line length allowed.
     3927     * @param string $str
     3928     * @return boolean
     3929     * @static
     3930     */
     3931    public static function hasLineLongerThanMax($str)
     3932    {
     3933        //+2 to include CRLF line break for a 1000 total
     3934        return (boolean)preg_match('/^(.{'.(self::MAX_LINE_LENGTH + 2).',})/m', $str);
     3935    }
     3936
     3937    /**
     3938     * Allows for public read access to 'to' property.
     3939     * @note: Before the send() call, queued addresses (i.e. with IDN) are not yet included.
     3940     * @access public
     3941     * @return array
     3942     */
     3943    public function getToAddresses()
     3944    {
     3945        return $this->to;
     3946    }
     3947
     3948    /**
     3949     * Allows for public read access to 'cc' property.
     3950     * @note: Before the send() call, queued addresses (i.e. with IDN) are not yet included.
     3951     * @access public
     3952     * @return array
     3953     */
     3954    public function getCcAddresses()
     3955    {
     3956        return $this->cc;
     3957    }
     3958
     3959    /**
     3960     * Allows for public read access to 'bcc' property.
     3961     * @note: Before the send() call, queued addresses (i.e. with IDN) are not yet included.
     3962     * @access public
     3963     * @return array
     3964     */
     3965    public function getBccAddresses()
     3966    {
     3967        return $this->bcc;
     3968    }
     3969
     3970    /**
     3971     * Allows for public read access to 'ReplyTo' property.
     3972     * @note: Before the send() call, queued addresses (i.e. with IDN) are not yet included.
     3973     * @access public
     3974     * @return array
     3975     */
     3976    public function getReplyToAddresses()
     3977    {
     3978        return $this->ReplyTo;
     3979    }
     3980
     3981    /**
     3982     * Allows for public read access to 'all_recipients' property.
     3983     * @note: Before the send() call, queued addresses (i.e. with IDN) are not yet included.
     3984     * @access public
     3985     * @return array
     3986     */
     3987    public function getAllRecipientAddresses()
     3988    {
     3989        return $this->all_recipients;
     3990    }
     3991
     3992    /**
    32323993     * Perform a callback.
    3233      * @param bool $isSent
    3234      * @param string $to
    3235      * @param string $cc
    3236      * @param string $bcc
     3994     * @param boolean $isSent
     3995     * @param array $to
     3996     * @param array $cc
     3997     * @param array $bcc
    32373998     * @param string $subject
    32383999     * @param string $body
    32394000     * @param string $from
    32404001     */
    3241     protected function doCallback($isSent, $to, $cc, $bcc, $subject, $body, $from = null)
     4002    protected function doCallback($isSent, $to, $cc, $bcc, $subject, $body, $from)
    32424003    {
    32434004        if (!empty($this->action_function) && is_callable($this->action_function)) {
  • branches/3.9/src/wp-includes/class-smtp.php

    r27385 r39729  
    22/**
    33 * PHPMailer RFC821 SMTP email transport class.
    4  * Version 5.2.7
    5  * PHP version 5.0.0
    6  * @category  PHP
    7  * @package   PHPMailer
    8  * @link      https://github.com/PHPMailer/PHPMailer/
    9  * @author Marcus Bointon (coolbru) <phpmailer@synchromedia.co.uk>
     4 * PHP Version 5
     5 * @package PHPMailer
     6 * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
     7 * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
    108 * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
    119 * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
    12  * @copyright 2013 Marcus Bointon
    13  * @copyright 2004 - 2008 Andy Prevost
     10 * @author Brent R. Matzelle (original founder)
     11 * @copyright 2014 Marcus Bointon
    1412 * @copyright 2010 - 2012 Jim Jagielski
    15  * @license   http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL)
     13 * @copyright 2004 - 2009 Andy Prevost
     14 * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
     15 * @note This program is distributed in the hope that it will be useful - WITHOUT
     16 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     17 * FITNESS FOR A PARTICULAR PURPOSE.
    1618 */
    1719
    1820/**
    1921 * PHPMailer RFC821 SMTP email transport class.
    20  *
    21  * Implements RFC 821 SMTP commands
    22  * and provides some utility methods for sending mail to an SMTP server.
    23  *
    24  * PHP Version 5.0.0
    25  *
    26  * @category PHP
    27  * @package  PHPMailer
    28  * @link     https://github.com/PHPMailer/PHPMailer/blob/master/class.smtp.php
    29  * @author   Chris Ryan <unknown@example.com>
    30  * @author   Marcus Bointon <phpmailer@synchromedia.co.uk>
    31  * @license  http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL)
     22 * Implements RFC 821 SMTP commands and provides some utility methods for sending mail to an SMTP server.
     23 * @package PHPMailer
     24 * @author Chris Ryan
     25 * @author Marcus Bointon <phpmailer@synchromedia.co.uk>
    3226 */
    33 
    3427class SMTP
    3528{
    3629    /**
     30     * The PHPMailer SMTP version number.
     31     * @var string
     32     */
     33    const VERSION = '5.2.21';
     34
     35    /**
     36     * SMTP line break constant.
     37     * @var string
     38     */
     39    const CRLF = "\r\n";
     40
     41    /**
     42     * The SMTP port to use if one is not specified.
     43     * @var integer
     44     */
     45    const DEFAULT_SMTP_PORT = 25;
     46
     47    /**
     48     * The maximum line length allowed by RFC 2822 section 2.1.1
     49     * @var integer
     50     */
     51    const MAX_LINE_LENGTH = 998;
     52
     53    /**
     54     * Debug level for no output
     55     */
     56    const DEBUG_OFF = 0;
     57
     58    /**
     59     * Debug level to show client -> server messages
     60     */
     61    const DEBUG_CLIENT = 1;
     62
     63    /**
     64     * Debug level to show client -> server and server -> client messages
     65     */
     66    const DEBUG_SERVER = 2;
     67
     68    /**
     69     * Debug level to show connection status, client -> server and server -> client messages
     70     */
     71    const DEBUG_CONNECTION = 3;
     72
     73    /**
     74     * Debug level to show all messages
     75     */
     76    const DEBUG_LOWLEVEL = 4;
     77
     78    /**
    3779     * The PHPMailer SMTP Version number.
    38      */
    39     const VERSION = '5.2.7';
    40 
    41     /**
    42      * SMTP line break constant.
    43      */
    44     const CRLF = "\r\n";
    45 
    46     /**
    47      * The SMTP port to use if one is not specified.
    48      */
    49     const DEFAULT_SMTP_PORT = 25;
    50 
    51     /**
    52      * The PHPMailer SMTP Version number.
    53      * @type string
    54      * @deprecated This should be a constant
     80     * @var string
     81     * @deprecated Use the `VERSION` constant instead
    5582     * @see SMTP::VERSION
    5683     */
    57     public $Version = '5.2.7';
     84    public $Version = '5.2.21';
    5885
    5986    /**
    6087     * SMTP server port number.
    61      * @type int
    62      * @deprecated This is only ever ued as default value, so should be a constant
     88     * @var integer
     89     * @deprecated This is only ever used as a default value, so use the `DEFAULT_SMTP_PORT` constant instead
    6390     * @see SMTP::DEFAULT_SMTP_PORT
    6491     */
     
    6693
    6794    /**
    68      * SMTP reply line ending
    69      * @type string
    70      * @deprecated Use the class constant instead
     95     * SMTP reply line ending.
     96     * @var string
     97     * @deprecated Use the `CRLF` constant instead
    7198     * @see SMTP::CRLF
    7299     */
     
    75102    /**
    76103     * Debug output level.
    77      * Options: 0 for no output, 1 for commands, 2 for data and commands
    78      * @type int
    79      */
    80     public $do_debug = 0;
    81 
    82     /**
    83      * The function/method to use for debugging output.
    84      * Options: 'echo', 'html' or 'error_log'
    85      * @type string
     104     * Options:
     105     * * self::DEBUG_OFF (`0`) No debug output, default
     106     * * self::DEBUG_CLIENT (`1`) Client commands
     107     * * self::DEBUG_SERVER (`2`) Client commands and server responses
     108     * * self::DEBUG_CONNECTION (`3`) As DEBUG_SERVER plus connection status
     109     * * self::DEBUG_LOWLEVEL (`4`) Low-level data output, all messages
     110     * @var integer
     111     */
     112    public $do_debug = self::DEBUG_OFF;
     113
     114    /**
     115     * How to handle debug output.
     116     * Options:
     117     * * `echo` Output plain-text as-is, appropriate for CLI
     118     * * `html` Output escaped, line breaks converted to `<br>`, appropriate for browser output
     119     * * `error_log` Output to error log as configured in php.ini
     120     *
     121     * Alternatively, you can provide a callable expecting two params: a message string and the debug level:
     122     * <code>
     123     * $smtp->Debugoutput = function($str, $level) {echo "debug level $level; message: $str";};
     124     * </code>
     125     * @var string|callable
    86126     */
    87127    public $Debugoutput = 'echo';
     
    89129    /**
    90130     * Whether to use VERP.
    91      * @type bool
     131     * @link http://en.wikipedia.org/wiki/Variable_envelope_return_path
     132     * @link http://www.postfix.org/VERP_README.html Info on VERP
     133     * @var boolean
    92134     */
    93135    public $do_verp = false;
    94136
    95137    /**
    96      * The SMTP timeout value for reads, in seconds.
    97      * @type int
    98      */
    99     public $Timeout = 15;
    100 
    101     /**
    102      * The SMTP timelimit value for reads, in seconds.
    103      * @type int
    104      */
    105     public $Timelimit = 30;
     138     * The timeout value for connection, in seconds.
     139     * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
     140     * This needs to be quite high to function correctly with hosts using greetdelay as an anti-spam measure.
     141     * @link http://tools.ietf.org/html/rfc2821#section-4.5.3.2
     142     * @var integer
     143     */
     144    public $Timeout = 300;
     145
     146    /**
     147     * How long to wait for commands to complete, in seconds.
     148     * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
     149     * @var integer
     150     */
     151    public $Timelimit = 300;
     152
     153    /**
     154     * @var array patterns to extract smtp transaction id from smtp reply
     155     * Only first capture group will be use, use non-capturing group to deal with it
     156     * Extend this class to override this property to fulfil your needs.
     157     */
     158    protected $smtp_transaction_id_patterns = array(
     159        'exim' => '/[0-9]{3} OK id=(.*)/',
     160        'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/',
     161        'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
     162    );
    106163
    107164    /**
    108165     * The socket for the server connection.
    109      * @type resource
     166     * @var resource
    110167     */
    111168    protected $smtp_conn;
    112169
    113170    /**
    114      * Error message, if any, for the last call.
    115      * @type string
    116      */
    117     protected $error = '';
     171     * Error information, if any, for the last SMTP command.
     172     * @var array
     173     */
     174    protected $error = array(
     175        'error' => '',
     176        'detail' => '',
     177        'smtp_code' => '',
     178        'smtp_code_ex' => ''
     179    );
    118180
    119181    /**
    120182     * The reply the server sent to us for HELO.
    121      * @type string
    122      */
    123     protected $helo_rply = '';
     183     * If null, no HELO string has yet been received.
     184     * @var string|null
     185     */
     186    protected $helo_rply = null;
     187
     188    /**
     189     * The set of SMTP extensions sent in reply to EHLO command.
     190     * Indexes of the array are extension names.
     191     * Value at index 'HELO' or 'EHLO' (according to command that was sent)
     192     * represents the server name. In case of HELO it is the only element of the array.
     193     * Other values can be boolean TRUE or an array containing extension options.
     194     * If null, no HELO/EHLO string has yet been received.
     195     * @var array|null
     196     */
     197    protected $server_caps = null;
    124198
    125199    /**
    126200     * The most recent reply received from the server.
    127      * @type string
     201     * @var string
    128202     */
    129203    protected $last_reply = '';
    130204
    131205    /**
    132      * Constructor.
    133      * @access public
    134      */
    135     public function __construct()
    136     {
    137         $this->smtp_conn = 0;
    138         $this->error = null;
    139         $this->helo_rply = null;
    140 
    141         $this->do_debug = 0;
    142     }
    143 
    144     /**
    145206     * Output debugging info via a user-selected method.
     207     * @see SMTP::$Debugoutput
     208     * @see SMTP::$do_debug
    146209     * @param string $str Debug string to output
     210     * @param integer $level The debug level of this message; see DEBUG_* constants
    147211     * @return void
    148212     */
    149     protected function edebug($str)
    150     {
     213    protected function edebug($str, $level = 0)
     214    {
     215        if ($level > $this->do_debug) {
     216            return;
     217        }
     218        //Avoid clash with built-in function names
     219        if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {
     220            call_user_func($this->Debugoutput, $str, $level);
     221            return;
     222        }
    151223        switch ($this->Debugoutput) {
    152224            case 'error_log':
     
    165237            case 'echo':
    166238            default:
    167                 //Just echoes whatever was received
    168                 echo $str;
     239                //Normalize line breaks
     240                $str = preg_replace('/(\r\n|\r|\n)/ms', "\n", $str);
     241                echo gmdate('Y-m-d H:i:s') . "\t" . str_replace(
     242                    "\n",
     243                    "\n                   \t                  ",
     244                    trim($str)
     245                )."\n";
    169246        }
    170247    }
     
    172249    /**
    173250     * Connect to an SMTP server.
    174      * @param string $host    SMTP server IP or host name
    175      * @param int $port    The port number to connect to
    176      * @param int $timeout How long to wait for the connection to open
     251     * @param string $host SMTP server IP or host name
     252     * @param integer $port The port number to connect to
     253     * @param integer $timeout How long to wait for the connection to open
    177254     * @param array $options An array of options for stream_context_create()
    178255     * @access public
    179      * @return bool
     256     * @return boolean
    180257     */
    181258    public function connect($host, $port = null, $timeout = 30, $options = array())
    182259    {
     260        static $streamok;
     261        //This is enabled by default since 5.0.0 but some providers disable it
     262        //Check this once and cache the result
     263        if (is_null($streamok)) {
     264            $streamok = function_exists('stream_socket_client');
     265        }
    183266        // Clear errors to avoid confusion
    184         $this->error = null;
    185 
     267        $this->setError('');
    186268        // Make sure we are __not__ connected
    187269        if ($this->connected()) {
    188270            // Already connected, generate error
    189             $this->error = array('error' => 'Already connected to a server');
     271            $this->setError('Already connected to a server');
    190272            return false;
    191273        }
    192 
    193274        if (empty($port)) {
    194275            $port = self::DEFAULT_SMTP_PORT;
    195276        }
    196 
    197277        // Connect to the SMTP server
     278        $this->edebug(
     279            "Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true),
     280            self::DEBUG_CONNECTION
     281        );
    198282        $errno = 0;
    199283        $errstr = '';
    200         $socket_context = stream_context_create($options);
    201         //Suppress errors; connection failures are handled at a higher level
    202         $this->smtp_conn = @stream_socket_client(
    203             $host . ":" . $port,
    204             $errno,
    205             $errstr,
    206             $timeout,
    207             STREAM_CLIENT_CONNECT,
    208             $socket_context
    209         );
    210 
     284        if ($streamok) {
     285            $socket_context = stream_context_create($options);
     286            set_error_handler(array($this, 'errorHandler'));
     287            $this->smtp_conn = stream_socket_client(
     288                $host . ":" . $port,
     289                $errno,
     290                $errstr,
     291                $timeout,
     292                STREAM_CLIENT_CONNECT,
     293                $socket_context
     294            );
     295            restore_error_handler();
     296        } else {
     297            //Fall back to fsockopen which should work in more places, but is missing some features
     298            $this->edebug(
     299                "Connection: stream_socket_client not available, falling back to fsockopen",
     300                self::DEBUG_CONNECTION
     301            );
     302            set_error_handler(array($this, 'errorHandler'));
     303            $this->smtp_conn = fsockopen(
     304                $host,
     305                $port,
     306                $errno,
     307                $errstr,
     308                $timeout
     309            );
     310            restore_error_handler();
     311        }
    211312        // Verify we connected properly
    212         if (empty($this->smtp_conn)) {
    213             $this->error = array(
    214                 'error' => 'Failed to connect to server',
    215                 'errno' => $errno,
    216                 'errstr' => $errstr
     313        if (!is_resource($this->smtp_conn)) {
     314            $this->setError(
     315                'Failed to connect to server',
     316                $errno,
     317                $errstr
    217318            );
    218             if ($this->do_debug >= 1) {
    219                 $this->edebug(
    220                     'SMTP -> ERROR: ' . $this->error['error']
    221                     . ": $errstr ($errno)"
    222                 );
    223             }
     319            $this->edebug(
     320                'SMTP ERROR: ' . $this->error['error']
     321                . ": $errstr ($errno)",
     322                self::DEBUG_CLIENT
     323            );
    224324            return false;
    225325        }
    226 
     326        $this->edebug('Connection: opened', self::DEBUG_CONNECTION);
    227327        // SMTP server can take longer to respond, give longer timeout for first read
    228328        // Windows does not have support for this timeout function
    229329        if (substr(PHP_OS, 0, 3) != 'WIN') {
    230330            $max = ini_get('max_execution_time');
    231             if ($max != 0 && $timeout > $max) { // Don't bother if unlimited
     331            // Don't bother if unlimited
     332            if ($max != 0 && $timeout > $max) {
    232333                @set_time_limit($timeout);
    233334            }
    234335            stream_set_timeout($this->smtp_conn, $timeout, 0);
    235336        }
    236 
    237337        // Get any announcement
    238338        $announce = $this->get_lines();
    239 
    240         if ($this->do_debug >= 2) {
    241             $this->edebug('SMTP -> FROM SERVER:' . $announce);
    242         }
    243 
     339        $this->edebug('SERVER -> CLIENT: ' . $announce, self::DEBUG_SERVER);
    244340        return true;
    245341    }
     
    248344     * Initiate a TLS (encrypted) session.
    249345     * @access public
    250      * @return bool
     346     * @return boolean
    251347     */
    252348    public function startTLS()
    253349    {
    254         if (!$this->sendCommand("STARTTLS", "STARTTLS", 220)) {
     350        if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) {
    255351            return false;
    256352        }
     353
     354        //Allow the best TLS version(s) we can
     355        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
     356
     357        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
     358        //so add them back in manually if we can
     359        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
     360            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
     361            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
     362        }
     363
    257364        // Begin encrypted connection
    258365        if (!stream_socket_enable_crypto(
    259366            $this->smtp_conn,
    260367            true,
    261             STREAM_CRYPTO_METHOD_TLS_CLIENT
    262         )
    263         ) {
     368            $crypto_method
     369        )) {
    264370            return false;
    265371        }
     
    271377     * Must be run after hello().
    272378     * @see hello()
    273      * @param string $username    The user name
    274      * @param string $password    The password
    275      * @param string $authtype    The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5)
    276      * @param string $realm       The auth realm for NTLM
     379     * @param string $username The user name
     380     * @param string $password The password
     381     * @param string $authtype The auth type (PLAIN, LOGIN, CRAM-MD5)
     382     * @param string $realm The auth realm for NTLM
    277383     * @param string $workstation The auth workstation for NTLM
    278      * @access public
    279      * @return bool True if successfully authenticated.
     384     * @param null|OAuth $OAuth An optional OAuth instance (@see PHPMailerOAuth)
     385     * @return bool True if successfully authenticated.* @access public
    280386     */
    281387    public function authenticate(
    282388        $username,
    283389        $password,
    284         $authtype = 'LOGIN',
     390        $authtype = null,
    285391        $realm = '',
    286         $workstation = ''
     392        $workstation = '',
     393        $OAuth = null
    287394    ) {
    288         if (empty($authtype)) {
     395        if (!$this->server_caps) {
     396            $this->setError('Authentication is not allowed before HELO/EHLO');
     397            return false;
     398        }
     399
     400        if (array_key_exists('EHLO', $this->server_caps)) {
     401        // SMTP extensions are available. Let's try to find a proper authentication method
     402
     403            if (!array_key_exists('AUTH', $this->server_caps)) {
     404                $this->setError('Authentication is not allowed at this stage');
     405                // 'at this stage' means that auth may be allowed after the stage changes
     406                // e.g. after STARTTLS
     407                return false;
     408            }
     409
     410            self::edebug('Auth method requested: ' . ($authtype ? $authtype : 'UNKNOWN'), self::DEBUG_LOWLEVEL);
     411            self::edebug(
     412                'Auth methods available on the server: ' . implode(',', $this->server_caps['AUTH']),
     413                self::DEBUG_LOWLEVEL
     414            );
     415
     416            if (empty($authtype)) {
     417                foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN') as $method) {
     418                    if (in_array($method, $this->server_caps['AUTH'])) {
     419                        $authtype = $method;
     420                        break;
     421                    }
     422                }
     423                if (empty($authtype)) {
     424                    $this->setError('No supported authentication methods found');
     425                    return false;
     426                }
     427                self::edebug('Auth method selected: '.$authtype, self::DEBUG_LOWLEVEL);
     428            }
     429
     430            if (!in_array($authtype, $this->server_caps['AUTH'])) {
     431                $this->setError("The requested authentication method \"$authtype\" is not supported by the server");
     432                return false;
     433            }
     434        } elseif (empty($authtype)) {
    289435            $authtype = 'LOGIN';
    290436        }
    291 
    292437        switch ($authtype) {
    293438            case 'PLAIN':
     
    318463                }
    319464                break;
    320             case 'NTLM':
    321                 /*
    322                  * ntlm_sasl_client.php
    323                  * Bundled with Permission
    324                  *
    325                  * How to telnet in windows:
    326                  * http://technet.microsoft.com/en-us/library/aa995718%28EXCHG.65%29.aspx
    327                  * PROTOCOL Docs http://curl.haxx.se/rfc/ntlm.html#ntlmSmtpAuthentication
    328                  */
    329                 require_once 'extras/ntlm_sasl_client.php';
    330                 $temp = new stdClass();
    331                 $ntlm_client = new ntlm_sasl_client_class;
    332                 //Check that functions are available
    333                 if (!$ntlm_client->Initialize($temp)) {
    334                     $this->error = array('error' => $temp->error);
    335                     if ($this->do_debug >= 1) {
    336                         $this->edebug(
    337                             'You need to enable some modules in your php.ini file: '
    338                             . $this->error['error']
    339                         );
    340                     }
    341                     return false;
    342                 }
    343                 //msg1
    344                 $msg1 = $ntlm_client->TypeMsg1($realm, $workstation); //msg1
    345 
    346                 if (!$this->sendCommand(
    347                     'AUTH NTLM',
    348                     'AUTH NTLM ' . base64_encode($msg1),
    349                     334
    350                 )
    351                 ) {
    352                     return false;
    353                 }
    354 
    355                 //Though 0 based, there is a white space after the 3 digit number
    356                 //msg2
    357                 $challenge = substr($this->last_reply, 3);
    358                 $challenge = base64_decode($challenge);
    359                 $ntlm_res = $ntlm_client->NTLMResponse(
    360                     substr($challenge, 24, 8),
    361                     $password
    362                 );
    363                 //msg3
    364                 $msg3 = $ntlm_client->TypeMsg3(
    365                     $ntlm_res,
    366                     $username,
    367                     $realm,
    368                     $workstation
    369                 );
    370                 // send encoded username
    371                 return $this->sendCommand('Username', base64_encode($msg3), 235);
    372                 break;
    373465            case 'CRAM-MD5':
    374466                // Start authentication
     
    384476                // send encoded credentials
    385477                return $this->sendCommand('Username', base64_encode($response), 235);
    386                 break;
     478            default:
     479                $this->setError("Authentication method \"$authtype\" is not supported");
     480                return false;
    387481        }
    388482        return true;
     
    410504        // Creates an md5 HMAC.
    411505        // Eliminates the need to install mhash to compute a HMAC
    412         // Hacked by Lance Rushing
    413 
    414         $b = 64; // byte length for md5
    415         if (strlen($key) > $b) {
     506        // by Lance Rushing
     507
     508        $bytelen = 64; // byte length for md5
     509        if (strlen($key) > $bytelen) {
    416510            $key = pack('H*', md5($key));
    417511        }
    418         $key = str_pad($key, $b, chr(0x00));
    419         $ipad = str_pad('', $b, chr(0x36));
    420         $opad = str_pad('', $b, chr(0x5c));
     512        $key = str_pad($key, $bytelen, chr(0x00));
     513        $ipad = str_pad('', $bytelen, chr(0x36));
     514        $opad = str_pad('', $bytelen, chr(0x5c));
    421515        $k_ipad = $key ^ $ipad;
    422516        $k_opad = $key ^ $opad;
     
    428522     * Check connection state.
    429523     * @access public
    430      * @return bool True if connected.
     524     * @return boolean True if connected.
    431525     */
    432526    public function connected()
    433527    {
    434         if (!empty($this->smtp_conn)) {
     528        if (is_resource($this->smtp_conn)) {
    435529            $sock_status = stream_get_meta_data($this->smtp_conn);
    436530            if ($sock_status['eof']) {
    437                 // the socket is valid but we are not connected
    438                 if ($this->do_debug >= 1) {
    439                     $this->edebug(
    440                         'SMTP -> NOTICE: EOF caught while checking if connected'
    441                     );
    442                 }
     531                // The socket is valid but we are not connected
     532                $this->edebug(
     533                    'SMTP NOTICE: EOF caught while checking if connected',
     534                    self::DEBUG_CLIENT
     535                );
    443536                $this->close();
    444537                return false;
     
    458551    public function close()
    459552    {
    460         $this->error = null; // so there is no confusion
     553        $this->setError('');
     554        $this->server_caps = null;
    461555        $this->helo_rply = null;
    462         if (!empty($this->smtp_conn)) {
     556        if (is_resource($this->smtp_conn)) {
    463557            // close the connection and cleanup
    464558            fclose($this->smtp_conn);
    465             $this->smtp_conn = 0;
     559            $this->smtp_conn = null; //Makes for cleaner serialization
     560            $this->edebug('Connection: closed', self::DEBUG_CONNECTION);
    466561        }
    467562    }
     
    477572     * @param string $msg_data Message data to send
    478573     * @access public
    479      * @return bool
     574     * @return boolean
    480575     */
    481576    public function data($msg_data)
    482577    {
     578        //This will use the standard timelimit
    483579        if (!$this->sendCommand('DATA', 'DATA', 354)) {
    484580            return false;
     
    486582
    487583        /* The server is ready to accept data!
    488          * according to rfc821 we should not send more than 1000
    489          * including the CRLF
    490          * characters on a single line so we will break the data up
    491          * into lines by \r and/or \n then if needed we will break
    492          * each of those into smaller lines to fit within the limit.
    493          * in addition we will be looking for lines that start with
    494          * a period '.' and append and additional period '.' to that
    495          * line. NOTE: this does not count towards limit.
     584         * According to rfc821 we should not send more than 1000 characters on a single line (including the CRLF)
     585         * so we will break the data up into lines by \r and/or \n then if needed we will break each of those into
     586         * smaller lines to fit within the limit.
     587         * We will also look for lines that start with a '.' and prepend an additional '.'.
     588         * NOTE: this does not count towards line-length limit.
    496589         */
    497590
    498         // Normalize the line breaks before exploding
    499         $msg_data = str_replace("\r\n", "\n", $msg_data);
    500         $msg_data = str_replace("\r", "\n", $msg_data);
    501         $lines = explode("\n", $msg_data);
    502 
    503         /* We need to find a good way to determine if headers are
    504          * in the msg_data or if it is a straight msg body
    505          * currently I am assuming rfc822 definitions of msg headers
    506          * and if the first field of the first line (':' separated)
    507          * does not contain a space then it _should_ be a header
    508          * and we can process all lines before a blank "" line as
    509          * headers.
     591        // Normalize line breaks before exploding
     592        $lines = explode("\n", str_replace(array("\r\n", "\r"), "\n", $msg_data));
     593
     594        /* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
     595         * of the first line (':' separated) does not contain a space then it _should_ be a header and we will
     596         * process all lines before a blank line as headers.
    510597         */
    511598
    512599        $field = substr($lines[0], 0, strpos($lines[0], ':'));
    513600        $in_headers = false;
    514         if (!empty($field) && !strstr($field, ' ')) {
     601        if (!empty($field) && strpos($field, ' ') === false) {
    515602            $in_headers = true;
    516603        }
    517604
    518         //RFC 2822 section 2.1.1 limit
    519         $max_line_length = 998;
    520 
    521605        foreach ($lines as $line) {
    522             $lines_out = null;
    523             if ($line == '' && $in_headers) {
     606            $lines_out = array();
     607            if ($in_headers and $line == '') {
    524608                $in_headers = false;
    525609            }
    526             // ok we need to break this line up into several smaller lines
    527             while (strlen($line) > $max_line_length) {
    528                 $pos = strrpos(substr($line, 0, $max_line_length), ' ');
    529 
    530                 // Patch to fix DOS attack
     610            //Break this line up into several smaller lines if it's too long
     611            //Micro-optimisation: isset($str[$len]) is faster than (strlen($str) > $len),
     612            while (isset($line[self::MAX_LINE_LENGTH])) {
     613                //Working backwards, try to find a space within the last MAX_LINE_LENGTH chars of the line to break on
     614                //so as to avoid breaking in the middle of a word
     615                $pos = strrpos(substr($line, 0, self::MAX_LINE_LENGTH), ' ');
     616                //Deliberately matches both false and 0
    531617                if (!$pos) {
    532                     $pos = $max_line_length - 1;
     618                    //No nice break found, add a hard break
     619                    $pos = self::MAX_LINE_LENGTH - 1;
    533620                    $lines_out[] = substr($line, 0, $pos);
    534621                    $line = substr($line, $pos);
    535622                } else {
     623                    //Break at the found point
    536624                    $lines_out[] = substr($line, 0, $pos);
     625                    //Move along by the amount we dealt with
    537626                    $line = substr($line, $pos + 1);
    538627                }
    539 
    540                 /* If processing headers add a LWSP-char to the front of new line
    541                  * rfc822 on long msg headers
    542                  */
     628                //If processing headers add a LWSP-char to the front of new line RFC822 section 3.1.1
    543629                if ($in_headers) {
    544630                    $line = "\t" . $line;
     
    547633            $lines_out[] = $line;
    548634
    549             // send the lines to the server
    550             while (list(, $line_out) = @each($lines_out)) {
    551                 if (strlen($line_out) > 0) {
    552                     if (substr($line_out, 0, 1) == '.') {
    553