- Timestamp:
- 03/31/2021 09:28:10 PM (4 years ago)
- Location:
- trunk/src/wp-includes/PHPMailer
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/PHPMailer/PHPMailer.php
r50397 r50628 749 749 * @var string 750 750 */ 751 const VERSION = '6. 3.0';751 const VERSION = '6.4.0'; 752 752 753 753 /** … … 1200 1200 ) { 1201 1201 //Decode the name part if it's present and encoded 1202 if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) { 1202 if ( 1203 property_exists($address, 'personal') && 1204 extension_loaded('mbstring') && 1205 preg_match('/^=\?.*\?=$/', $address->personal) 1206 ) { 1203 1207 $address->personal = mb_decode_mimeheader($address->personal); 1204 1208 } … … 1683 1687 //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html 1684 1688 //Example problem: https://www.drupal.org/node/1057954 1685 //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.1686 if ('' === $this->Sender) {1687 $this->Sender = $this->From;1688 }1689 1689 if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) { 1690 1690 //PHP config has a sender address we can use … … 1692 1692 } 1693 1693 //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. 1694 //But sendmail requires this param, so fail without it1695 1694 if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) { 1696 1695 if ($this->Mailer === 'qmail') { … … 1700 1699 } 1701 1700 } else { 1702 $this->edebug('Sender address unusable or missing: ' . $this->Sender); 1703 return false; 1701 //allow sendmail to choose a default envelope sender. It may 1702 //seem preferable to force it to use the From header as with 1703 //SMTP, but that introduces new problems (see 1704 //<https://github.com/PHPMailer/PHPMailer/issues/2298>), and 1705 //it has historically worked this way. 1706 $sendmailFmt = '%s -oi -t'; 1704 1707 } 1705 1708 … … 1861 1864 //Example problem: https://www.drupal.org/node/1057954 1862 1865 //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. 1863 if ('' === $this->Sender) {1864 $this->Sender = $this->From;1865 }1866 1866 if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) { 1867 1867 //PHP config has a sender address we can use -
trunk/src/wp-includes/PHPMailer/SMTP.php
r50397 r50628 36 36 * @var string 37 37 */ 38 const VERSION = '6. 3.0';38 const VERSION = '6.4.0'; 39 39 40 40 /** … … 554 554 //Send encoded username and password 555 555 if ( 556 //Format from https://tools.ietf.org/html/rfc4616#section-2 557 //We skip the first field (it's forgery), so the string starts with a null byte 556 558 !$this->sendCommand( 557 559 'User & Password',
Note: See TracChangeset
for help on using the changeset viewer.