WordPress.org

Make WordPress Core

Changeset 50848


Ignore:
Timestamp:
05/12/2021 10:24:16 PM (8 months ago)
Author:
peterwilsoncc
Message:

External libraries: Improve attachment handling in PHPMailer

Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown.
Partially merges [50799] to the 5.6 branch.

Location:
branches/5.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.6

  • branches/5.6/src/wp-includes/PHPMailer/PHPMailer.php

    r49714 r50848  
    17621762    protected static function isPermittedPath($path)
    17631763    {
    1764         return !preg_match('#^[a-z]+://#i', $path);
     1764        //Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1
     1765        return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path);
    17651766    }
    17661767
     
    17741775    protected static function fileIsAccessible($path)
    17751776    {
     1777        if (!static::isPermittedPath($path)) {
     1778            return false;
     1779        }
    17761780        $readable = file_exists($path);
    17771781        //If not a UNC path (expected to start with \\), check read permission, see #2069
     
    17791783            $readable = $readable && is_readable($path);
    17801784        }
    1781         return static::isPermittedPath($path) && $readable;
     1785        return $readable;
    17821786    }
    17831787
Note: See TracChangeset for help on using the changeset viewer.