Make WordPress Core


Ignore:
Timestamp:
01/11/2017 05:23:13 AM (8 years ago)
Author:
dd32
Message:

Update PHPMailer to 5.2.22.

The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.3 branch.
Fixes #37210 for 4.3.

Location:
branches/4.3
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.3

  • branches/4.3/src/wp-includes/class-phpmailer.php

    r39725 r39788  
    3232     * @var string
    3333     */
    34     public $Version = '5.2.21';
     34    public $Version = '5.2.22';
    3535
    3636    /**
     
    24942494    /**
    24952495     * Add an attachment from a path on the filesystem.
     2496     * Never use a user-supplied path to a file!
    24962497     * Returns false if the file could not be found or read.
    24972498     * @param string $path Path to the attachment.
     
    30193020     * This is used in HTML messages that embed the images
    30203021     * the HTML refers to using the $cid value.
     3022     * Never use a user-supplied path to a file!
    30213023     * @param string $path Path to the attachment.
    30223024     * @param string $cid Content ID of the attachment; Use this to reference
     
    33823384     * Automatically inlines images and creates a plain-text version by converting the HTML,
    33833385     * overwriting any existing values in Body and AltBody.
    3384      * $basedir is used when handling relative image paths, e.g. <img src="images/a.png">
     3386     * Do not source $message content from user input!
     3387     * $basedir is prepended when handling relative URLs, e.g. <img src="/images/a.png"> and must not be empty
    33853388     * will look for an image file in $basedir/images/a.png and convert it to inline.
    3386      * If you don't want to apply these transformations to your HTML, just set Body and AltBody yourself.
     3389     * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email)
     3390     * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly.
    33873391     * @access public
    33883392     * @param string $message HTML message string
    3389      * @param string $basedir base directory for relative paths to images
     3393     * @param string $basedir Absolute path to a base directory to prepend to relative paths to images
    33903394     * @param boolean|callable $advanced Whether to use the internal HTML to text converter
    33913395     *    or your own custom converter @see PHPMailer::html2text()
     
    33963400        preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images);
    33973401        if (array_key_exists(2, $images)) {
     3402            if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
     3403                // Ensure $basedir has a trailing /
     3404                $basedir .= '/';
     3405            }
    33983406            foreach ($images[2] as $imgindex => $url) {
    33993407                // Convert data URIs into embedded images
     
    34133421                        );
    34143422                    }
    3415                 } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) {
    3416                     // Do not change urls for absolute images (thanks to corvuscorax)
     3423                    continue;
     3424                }
     3425                if (
     3426                    // Only process relative URLs if a basedir is provided (i.e. no absolute local paths)
     3427                    !empty($basedir)
     3428                    // Ignore URLs containing parent dir traversal (..)
     3429                    && (strpos($url, '..') === false)
    34173430                    // Do not change urls that are already inline images
     3431                    && substr($url, 0, 4) !== 'cid:'
     3432                    // Do not change absolute URLs, including anonymous protocol
     3433                    && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url)
     3434                ) {
    34183435                    $filename = basename($url);
    34193436                    $directory = dirname($url);
     
    34223439                    }
    34233440                    $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
    3424                     if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
    3425                         $basedir .= '/';
    3426                     }
    34273441                    if (strlen($directory) > 1 && substr($directory, -1) != '/') {
    34283442                        $directory .= '/';
Note: See TracChangeset for help on using the changeset viewer.