Changeset 50867
- Timestamp:
- 05/12/2021 10:40:48 PM (4 years ago)
- Location:
- branches/3.7
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.7
-
branches/3.7/src
- Property svn:mergeinfo changed
/trunk/src merged: 50799
- Property svn:mergeinfo changed
-
branches/3.7/src/wp-includes/class-phpmailer.php
r39794 r50867 1295 1295 // Sign with DKIM if enabled 1296 1296 if (!empty($this->DKIM_domain) 1297 && !empty($this->DKIM_selector) 1298 && (!empty($this->DKIM_private_string) 1299 || (!empty($this->DKIM_private) && file_exists($this->DKIM_private)) 1297 and !empty($this->DKIM_selector) 1298 and (!empty($this->DKIM_private_string) 1299 or (!empty($this->DKIM_private) 1300 and self::isPermittedPath($this->DKIM_private) 1301 and file_exists($this->DKIM_private) 1302 ) 1300 1303 ) 1301 1304 ) { … … 1463 1466 1464 1467 /** 1468 * Check whether a file path is of a permitted type. 1469 * Used to reject URLs and phar files from functions that access local file paths, 1470 * such as addAttachment. 1471 * @param string $path A relative or absolute path to a file. 1472 * @return bool 1473 */ 1474 protected static function isPermittedPath($path) 1475 { 1476 //Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1 1477 return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path); 1478 } 1479 1480 /** 1481 * Check whether a file path is safe, accessible, and readable. 1482 * 1483 * @param string $path A relative or absolute path to a file 1484 * 1485 * @return bool 1486 */ 1487 protected static function fileIsAccessible($path) 1488 { 1489 if (!self::isPermittedPath($path)) { 1490 return false; 1491 } 1492 $readable = file_exists($path); 1493 //If not a UNC path (expected to start with \\), check read permission, see #2069 1494 if (strpos($path, '\\\\') !== 0) { 1495 $readable = $readable && is_readable($path); 1496 } 1497 return $readable; 1498 } 1499 1500 /** 1465 1501 * Send mail using the PHP mail() function. 1466 1502 * @param string $header The message headers … … 1518 1554 { 1519 1555 if (!is_object($this->smtp)) { 1520 1556 require_once( 'class-smtp.php' ); 1521 1557 $this->smtp = new SMTP; 1522 1558 } … … 1785 1821 if ($langcode != 'en') { 1786 1822 // Make sure language file path is readable 1787 if (! is_readable($lang_file)) {1823 if (!self::fileIsAccessible($lang_file)) { 1788 1824 $foundlang = false; 1789 1825 } else { … … 2496 2532 * Never use a user-supplied path to a file! 2497 2533 * Returns false if the file could not be found or read. 2534 * Explicitly *does not* support passing URLs; PHPMailer is not an HTTP client. 2535 * If you need to do that, fetch the resource yourself and pass it in via a local file or string. 2498 2536 * @param string $path Path to the attachment. 2499 2537 * @param string $name Overrides the attachment name. … … 2507 2545 { 2508 2546 try { 2509 if (! @is_file($path)) {2547 if (!self::fileIsAccessible($path)) { 2510 2548 throw new phpmailerException($this->lang('file_access') . $path, self::STOP_CONTINUE); 2511 2549 } … … 2688 2726 { 2689 2727 try { 2690 if (! is_readable($path)) {2728 if (!self::fileIsAccessible($path)) { 2691 2729 throw new phpmailerException($this->lang('file_open') . $path, self::STOP_CONTINUE); 2692 2730 } … … 3032 3070 public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline') 3033 3071 { 3034 if (! @is_file($path)) {3072 if (!self::fileIsAccessible($path)) { 3035 3073 $this->setError($this->lang('file_access') . $path); 3036 3074 return false;
Note: See TracChangeset
for help on using the changeset viewer.