Changeset 51169
- Timestamp:
- 06/16/2021 05:01:39 PM (3 years ago)
- Location:
- trunk/src/wp-includes/PHPMailer
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/PHPMailer/PHPMailer.php
r50799 r51169 429 429 430 430 /** 431 * Whether to keep SMTP connection open after each message. 432 * If this is set to true then to close the connection 433 * requires an explicit call to smtpClose(). 431 * Whether to keep the SMTP connection open after each message. 432 * If this is set to true then the connection will remain open after a send, 433 * and closing the connection will require an explicit call to smtpClose(). 434 * It's a good idea to use this if you are sending multiple messages as it reduces overhead. 435 * See the mailing list example for how to use it. 434 436 * 435 437 * @var bool … … 749 751 * @var string 750 752 */ 751 const VERSION = '6. 4.1';753 const VERSION = '6.5.0'; 752 754 753 755 /** … … 1336 1338 $patternselect = static::$validator; 1337 1339 } 1338 if (is_callable($patternselect)) { 1340 //Don't allow strings as callables, see SECURITY.md and CVE-2021-3603 1341 if (is_callable($patternselect) && !is_string($patternselect)) { 1339 1342 return call_user_func($patternselect, $address); 1340 1343 } … … 2185 2188 * 2186 2189 * @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr") 2187 * @param string $lang_path Path to the language file directory, with trailing separator (slash) 2190 * @param string $lang_path Path to the language file directory, with trailing separator (slash).D 2191 * Do not set this from user input! 2188 2192 * 2189 2193 * @return bool … … 2247 2251 $foundlang = false; 2248 2252 } else { 2249 //Overwrite language-specific strings. 2250 //This way we'll never have missing translation keys. 2251 $foundlang = include $lang_file; 2253 //$foundlang = include $lang_file; 2254 $lines = file($lang_file); 2255 foreach ($lines as $line) { 2256 //Translation file lines look like this: 2257 //$PHPMAILER_LANG['authenticate'] = 'SMTP-Fehler: Authentifizierung fehlgeschlagen.'; 2258 //These files are parsed as text and not PHP so as to avoid the possibility of code injection 2259 //See https://blog.stevenlevithan.com/archives/match-quoted-string 2260 $matches = []; 2261 if ( 2262 preg_match( 2263 '/^\$PHPMAILER_LANG\[\'([a-z\d_]+)\'\]\s*=\s*(["\'])(.+)*?\2;/', 2264 $line, 2265 $matches 2266 ) && 2267 //Ignore unknown translation keys 2268 array_key_exists($matches[1], $PHPMAILER_LANG) 2269 ) { 2270 //Overwrite language-specific strings so we'll never have missing translation keys. 2271 $PHPMAILER_LANG[$matches[1]] = (string)$matches[3]; 2272 } 2273 } 2252 2274 } 2253 2275 } 2254 2276 $this->language = $PHPMAILER_LANG; 2255 2277 2256 return (bool)$foundlang; //Returns false if language not found2278 return $foundlang; //Returns false if language not found 2257 2279 } 2258 2280 -
trunk/src/wp-includes/PHPMailer/SMTP.php
r50799 r51169 36 36 * @var string 37 37 */ 38 const VERSION = '6. 4.1';38 const VERSION = '6.5.0'; 39 39 40 40 /** … … 187 187 'SendGrid' => '/[\d]{3} Ok: queued as (.*)/', 188 188 'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/', 189 'Haraka' => '/[\d]{3} Message Queued \((.*)\)/', 189 190 ]; 190 191
Note: See TracChangeset
for help on using the changeset viewer.