WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/16/2021 05:25:59 PM (3 months ago)
Author:
SergeyBiryukov
Message:

External Libraries: Upgrade PHPMailer to version 6.5.0.

Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0

For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.4.1...v6.5.0

Props ayeshrajans, Synchro.
Merges [51169] to the 5.7 branch.
Fixes #53430.

Location:
branches/5.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.7

  • branches/5.7/src/wp-includes/PHPMailer/PHPMailer.php

    r50800 r51170  
    429429
    430430    /**
    431      * Whether to keep SMTP connection open after each message.
    432      * If this is set to true then to close the connection
    433      * requires an explicit call to smtpClose().
     431     * Whether to keep the SMTP connection open after each message.
     432     * If this is set to true then the connection will remain open after a send,
     433     * and closing the connection will require an explicit call to smtpClose().
     434     * It's a good idea to use this if you are sending multiple messages as it reduces overhead.
     435     * See the mailing list example for how to use it.
    434436     *
    435437     * @var bool
     
    749751     * @var string
    750752     */
    751     const VERSION = '6.4.1';
     753    const VERSION = '6.5.0';
    752754
    753755    /**
     
    13361338            $patternselect = static::$validator;
    13371339        }
    1338         if (is_callable($patternselect)) {
     1340        //Don't allow strings as callables, see SECURITY.md and CVE-2021-3603
     1341        if (is_callable($patternselect) && !is_string($patternselect)) {
    13391342            return call_user_func($patternselect, $address);
    13401343        }
     
    21852188     *
    21862189     * @param string $langcode  ISO 639-1 2-character language code (e.g. French is "fr")
    2187      * @param string $lang_path Path to the language file directory, with trailing separator (slash)
     2190     * @param string $lang_path Path to the language file directory, with trailing separator (slash).D
     2191     *                          Do not set this from user input!
    21882192     *
    21892193     * @return bool
     
    22472251                $foundlang = false;
    22482252            } else {
    2249                 //Overwrite language-specific strings.
    2250                 //This way we'll never have missing translation keys.
    2251                 $foundlang = include $lang_file;
     2253                //$foundlang = include $lang_file;
     2254                $lines = file($lang_file);
     2255                foreach ($lines as $line) {
     2256                    //Translation file lines look like this:
     2257                    //$PHPMAILER_LANG['authenticate'] = 'SMTP-Fehler: Authentifizierung fehlgeschlagen.';
     2258                    //These files are parsed as text and not PHP so as to avoid the possibility of code injection
     2259                    //See https://blog.stevenlevithan.com/archives/match-quoted-string
     2260                    $matches = [];
     2261                    if (
     2262                        preg_match(
     2263                            '/^\$PHPMAILER_LANG\[\'([a-z\d_]+)\'\]\s*=\s*(["\'])(.+)*?\2;/',
     2264                            $line,
     2265                            $matches
     2266                        ) &&
     2267                        //Ignore unknown translation keys
     2268                        array_key_exists($matches[1], $PHPMAILER_LANG)
     2269                    ) {
     2270                        //Overwrite language-specific strings so we'll never have missing translation keys.
     2271                        $PHPMAILER_LANG[$matches[1]] = (string)$matches[3];
     2272                    }
     2273                }
    22522274            }
    22532275        }
    22542276        $this->language = $PHPMAILER_LANG;
    22552277
    2256         return (bool) $foundlang; //Returns false if language not found
     2278        return $foundlang; //Returns false if language not found
    22572279    }
    22582280
Note: See TracChangeset for help on using the changeset viewer.