Changeset 51634
- Timestamp:
- 08/18/2021 01:52:16 PM (4 years ago)
- Location:
- trunk/src/wp-includes/PHPMailer
- Files:
-
- 3 edited
-
Exception.php (modified) (1 diff)
-
PHPMailer.php (modified) (24 diffs)
-
SMTP.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/PHPMailer/Exception.php
r49713 r51634 36 36 public function errorMessage() 37 37 { 38 return '<strong>' . htmlspecialchars($this->getMessage() ) . "</strong><br />\n";38 return '<strong>' . htmlspecialchars($this->getMessage(), ENT_COMPAT | ENT_HTML401) . "</strong><br />\n"; 39 39 } 40 40 } -
trunk/src/wp-includes/PHPMailer/PHPMailer.php
r51169 r51634 104 104 * @var string 105 105 */ 106 public $From = ' root@localhost';106 public $From = ''; 107 107 108 108 /** … … 111 111 * @var string 112 112 */ 113 public $FromName = ' Root User';113 public $FromName = ''; 114 114 115 115 /** … … 690 690 691 691 /** 692 * The array of available languages.692 * The array of available text strings for the current language. 693 693 * 694 694 * @var array … … 751 751 * @var string 752 752 */ 753 const VERSION = '6.5. 0';753 const VERSION = '6.5.1'; 754 754 755 755 /** … … 859 859 { 860 860 //Check overloading of mail function to avoid double-encoding 861 if (ini_get('mbstring.func_overload') & 1) { // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated861 if (ini_get('mbstring.func_overload') & 1) { 862 862 $subject = $this->secureHeader($subject); 863 863 } else { … … 1189 1189 * @return array 1190 1190 */ 1191 public static function parseAddresses($addrstr, $useimap = true )1191 public static function parseAddresses($addrstr, $useimap = true, $charset = self::CHARSET_ISO88591) 1192 1192 { 1193 1193 $addresses = []; … … 1195 1195 //Use this built-in parser if it's available 1196 1196 $list = imap_rfc822_parse_adrlist($addrstr, ''); 1197 // Clear any potential IMAP errors to get rid of notices being thrown at end of script. 1198 imap_errors(); 1197 1199 foreach ($list as $address) { 1198 1200 if ( 1199 ('.SYNTAX-ERROR.' !== $address->host) && static::validateAddress( 1200 $address->mailbox . '@' . $address->host 1201 ) 1201 '.SYNTAX-ERROR.' !== $address->host && 1202 static::validateAddress($address->mailbox . '@' . $address->host) 1202 1203 ) { 1203 1204 //Decode the name part if it's present and encoded 1204 1205 if ( 1205 1206 property_exists($address, 'personal') && 1206 extension_loaded('mbstring') && 1207 preg_match('/^=\?.*\?=$/', $address->personal) 1207 //Check for a Mbstring constant rather than using extension_loaded, which is sometimes disabled 1208 defined('MB_CASE_UPPER') && 1209 preg_match('/^=\?.*\?=$/s', $address->personal) 1208 1210 ) { 1211 $origCharset = mb_internal_encoding(); 1212 mb_internal_encoding($charset); 1213 //Undo any RFC2047-encoded spaces-as-underscores 1214 $address->personal = str_replace('_', '=20', $address->personal); 1215 //Decode the name 1209 1216 $address->personal = mb_decode_mimeheader($address->personal); 1217 mb_internal_encoding($origCharset); 1210 1218 } 1211 1219 … … 1235 1243 $name = trim($name); 1236 1244 if (static::validateAddress($email)) { 1245 //Check for a Mbstring constant rather than using extension_loaded, which is sometimes disabled 1237 1246 //If this name is encoded, decode it 1238 if (preg_match('/^=\?.*\?=$/', $name)) { 1247 if (defined('MB_CASE_UPPER') && preg_match('/^=\?.*\?=$/s', $name)) { 1248 $origCharset = mb_internal_encoding(); 1249 mb_internal_encoding($charset); 1250 //Undo any RFC2047-encoded spaces-as-underscores 1251 $name = str_replace('_', '=20', $name); 1252 //Decode the name 1239 1253 $name = mb_decode_mimeheader($name); 1254 mb_internal_encoding($origCharset); 1240 1255 } 1241 1256 $addresses[] = [ … … 1440 1455 } elseif (defined('INTL_IDNA_VARIANT_2003')) { 1441 1456 //Fall back to this old, deprecated/removed encoding 1442 // phpcs:ignore PHPCompatibility.Constants.RemovedConstants.intl_idna_variant_2003Deprecated1443 1457 $punycode = idn_to_ascii($domain, $errorcode, \INTL_IDNA_VARIANT_2003); 1444 1458 } else { 1445 1459 //Fall back to a default we don't know about 1446 // phpcs:ignore PHPCompatibility.ParameterValues.NewIDNVariantDefault.NotSet1447 1460 $punycode = idn_to_ascii($domain, $errorcode); 1448 1461 } … … 1511 1524 && stripos(PHP_OS, 'WIN') === 0 1512 1525 ) { 1513 trigger_error( 1514 'Your version of PHP is affected by a bug that may result in corrupted messages.' . 1515 ' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' . 1516 ' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.', 1517 E_USER_WARNING 1518 ); 1526 trigger_error($this->lang('buggy_php'), E_USER_WARNING); 1519 1527 } 1520 1528 … … 1727 1735 fwrite($mail, $body); 1728 1736 $result = pclose($mail); 1729 $addrinfo = static::parseAddresses($toAddr );1737 $addrinfo = static::parseAddresses($toAddr, true, $this->charSet); 1730 1738 $this->doCallback( 1731 1739 ($result === 0), … … 1887 1895 foreach ($toArr as $toAddr) { 1888 1896 $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params); 1889 $addrinfo = static::parseAddresses($toAddr );1897 $addrinfo = static::parseAddresses($toAddr, true, $this->charSet); 1890 1898 $this->doCallback( 1891 1899 $result, … … 2184 2192 /** 2185 2193 * Set the language for error messages. 2186 * Returns false if it cannot load the language file.2187 2194 * The default language is English. 2188 2195 * 2189 2196 * @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr") 2197 * Optionally, the language code can be enhanced with a 4-character 2198 * script annotation and/or a 2-character country annotation. 2190 2199 * @param string $lang_path Path to the language file directory, with trailing separator (slash).D 2191 2200 * Do not set this from user input! 2192 2201 * 2193 * @return bool 2202 * @return bool Returns true if the requested language was loaded, false otherwise. 2194 2203 */ 2195 2204 public function setLanguage($langcode = 'en', $lang_path = '') … … 2214 2223 $PHPMAILER_LANG = [ 2215 2224 'authenticate' => 'SMTP Error: Could not authenticate.', 2225 'buggy_php' => 'Your version of PHP is affected by a bug that may result in corrupted messages.' . 2226 ' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' . 2227 ' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.', 2216 2228 'connect_host' => 'SMTP Error: Could not connect to SMTP host.', 2217 2229 'data_not_accepted' => 'SMTP Error: data not accepted.', … … 2219 2231 'encoding' => 'Unknown encoding: ', 2220 2232 'execute' => 'Could not execute: ', 2233 'extension_missing' => 'Extension missing: ', 2221 2234 'file_access' => 'Could not access file: ', 2222 2235 'file_open' => 'File Error: Could not open file: ', … … 2224 2237 'instantiate' => 'Could not instantiate mail function.', 2225 2238 'invalid_address' => 'Invalid address: ', 2239 'invalid_header' => 'Invalid header name or value', 2226 2240 'invalid_hostentry' => 'Invalid hostentry: ', 2227 2241 'invalid_host' => 'Invalid host: ', … … 2230 2244 'recipients_failed' => 'SMTP Error: The following recipients failed: ', 2231 2245 'signing' => 'Signing Error: ', 2246 'smtp_code' => 'SMTP code: ', 2247 'smtp_code_ex' => 'Additional SMTP info: ', 2232 2248 'smtp_connect_failed' => 'SMTP connect() failed.', 2249 'smtp_detail' => 'Detail: ', 2233 2250 'smtp_error' => 'SMTP server error: ', 2234 2251 'variable_set' => 'Cannot set or reset variable: ', 2235 'extension_missing' => 'Extension missing: ',2236 2252 ]; 2237 2253 if (empty($lang_path)) { … … 2239 2255 $lang_path = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR; 2240 2256 } 2257 2241 2258 //Validate $langcode 2242 if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) { 2259 $foundlang = true; 2260 $langcode = strtolower($langcode); 2261 if ( 2262 !preg_match('/^(?P<lang>[a-z]{2})(?P<script>_[a-z]{4})?(?P<country>_[a-z]{2})?$/', $langcode, $matches) 2263 && $langcode !== 'en' 2264 ) { 2265 $foundlang = false; 2243 2266 $langcode = 'en'; 2244 2267 } 2245 $foundlang = true; 2246 $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php'; 2268 2247 2269 //There is no English translation file 2248 2270 if ('en' !== $langcode) { 2249 //Make sure language file path is readable 2250 if (!static::fileIsAccessible($lang_file)) { 2271 $langcodes = []; 2272 if (!empty($matches['script']) && !empty($matches['country'])) { 2273 $langcodes[] = $matches['lang'] . $matches['script'] . $matches['country']; 2274 } 2275 if (!empty($matches['country'])) { 2276 $langcodes[] = $matches['lang'] . $matches['country']; 2277 } 2278 if (!empty($matches['script'])) { 2279 $langcodes[] = $matches['lang'] . $matches['script']; 2280 } 2281 $langcodes[] = $matches['lang']; 2282 2283 //Try and find a readable language file for the requested language. 2284 $foundFile = false; 2285 foreach ($langcodes as $code) { 2286 $lang_file = $lang_path . 'phpmailer.lang-' . $code . '.php'; 2287 if (static::fileIsAccessible($lang_file)) { 2288 $foundFile = true; 2289 break; 2290 } 2291 } 2292 2293 if ($foundFile === false) { 2251 2294 $foundlang = false; 2252 2295 } else { 2253 //$foundlang = include $lang_file;2254 2296 $lines = file($lang_file); 2255 2297 foreach ($lines as $line) { … … 2286 2328 public function getTranslations() 2287 2329 { 2330 if (empty($this->language)) { 2331 $this->setLanguage(); // Set the default language. 2332 } 2333 2288 2334 return $this->language; 2289 2335 } … … 2554 2600 //Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4 2555 2601 //https://tools.ietf.org/html/rfc5322#section-3.6.4 2556 if ('' !== $this->MessageID && preg_match('/^<.*@.*>$/', $this->MessageID)) { 2602 if ( 2603 '' !== $this->MessageID && 2604 preg_match( 2605 '/^<((([a-z\d!#$%&\'*+\/=?^_`{|}~-]+(\.[a-z\d!#$%&\'*+\/=?^_`{|}~-]+)*)' . 2606 '|("(([\x01-\x08\x0B\x0C\x0E-\x1F\x7F]|[\x21\x23-\x5B\x5D-\x7E])' . 2607 '|(\\[\x01-\x09\x0B\x0C\x0E-\x7F]))*"))@(([a-z\d!#$%&\'*+\/=?^_`{|}~-]+' . 2608 '(\.[a-z\d!#$%&\'*+\/=?^_`{|}~-]+)*)|(\[(([\x01-\x08\x0B\x0C\x0E-\x1F\x7F]' . 2609 '|[\x21-\x5A\x5E-\x7E])|(\\[\x01-\x09\x0B\x0C\x0E-\x7F]))*\])))>$/Di', 2610 $this->MessageID 2611 ) 2612 ) { 2557 2613 $this->lastMessageID = $this->MessageID; 2558 2614 } else { … … 3938 3994 $msg .= $this->lang('smtp_error') . $lasterror['error']; 3939 3995 if (!empty($lasterror['detail'])) { 3940 $msg .= ' Detail: '. $lasterror['detail'];3996 $msg .= ' ' . $this->lang('smtp_detail') . $lasterror['detail']; 3941 3997 } 3942 3998 if (!empty($lasterror['smtp_code'])) { 3943 $msg .= ' SMTP code: '. $lasterror['smtp_code'];3999 $msg .= ' ' . $this->lang('smtp_code') . $lasterror['smtp_code']; 3944 4000 } 3945 4001 if (!empty($lasterror['smtp_code_ex'])) { 3946 $msg .= ' Additional SMTP info: '. $lasterror['smtp_code_ex'];4002 $msg .= ' ' . $this->lang('smtp_code_ex') . $lasterror['smtp_code_ex']; 3947 4003 } 3948 4004 } … … 4005 4061 || !is_string($host) 4006 4062 || strlen($host) > 256 4007 || !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+ ])$/', $host)4063 || !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+\])$/', $host) 4008 4064 ) { 4009 4065 return false; … … 4082 4138 } 4083 4139 $name = trim($name); 4084 $value = trim($value);4140 $value = (null === $value) ? '' : trim($value); 4085 4141 //Ensure name is not empty, and that neither name nor value contain line breaks 4086 4142 if (empty($name) || strpbrk($name . $value, "\r\n") !== false) { 4087 4143 if ($this->exceptions) { 4088 throw new Exception( 'Invalid header name or value');4144 throw new Exception($this->lang('invalid_header')); 4089 4145 } 4090 4146 … … 4240 4296 * @param string $html The HTML text to convert 4241 4297 * @param bool|callable $advanced Any boolean value to use the internal converter, 4242 * or provide your own callable for custom conversion 4298 * or provide your own callable for custom conversion. 4299 * *Never* pass user-supplied data into this parameter 4243 4300 * 4244 4301 * @return string -
trunk/src/wp-includes/PHPMailer/SMTP.php
r51169 r51634 36 36 * @var string 37 37 */ 38 const VERSION = '6.5. 0';38 const VERSION = '6.5.1'; 39 39 40 40 /**
Note: See TracChangeset
for help on using the changeset viewer.