Make WordPress Core

Changeset 51634


Ignore:
Timestamp:
08/18/2021 01:52:16 PM (3 years ago)
Author:
SergeyBiryukov
Message:

External Libraries: Upgrade PHPMailer to version 6.5.1.

The latest release includes preliminary PHP 8.1 support, as well as some small bug fixes.

Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.1

For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.5.0...v6.5.1

Follow-up to [50628], [50799], [51169].

Props jrf.
Fixes #53953.

Location:
trunk/src/wp-includes/PHPMailer
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/PHPMailer/Exception.php

    r49713 r51634  
    3636    public function errorMessage()
    3737    {
    38         return '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
     38        return '<strong>' . htmlspecialchars($this->getMessage(), ENT_COMPAT | ENT_HTML401) . "</strong><br />\n";
    3939    }
    4040}
  • trunk/src/wp-includes/PHPMailer/PHPMailer.php

    r51169 r51634  
    104104     * @var string
    105105     */
    106     public $From = 'root@localhost';
     106    public $From = '';
    107107
    108108    /**
     
    111111     * @var string
    112112     */
    113     public $FromName = 'Root User';
     113    public $FromName = '';
    114114
    115115    /**
     
    690690
    691691    /**
    692      * The array of available languages.
     692     * The array of available text strings for the current language.
    693693     *
    694694     * @var array
     
    751751     * @var string
    752752     */
    753     const VERSION = '6.5.0';
     753    const VERSION = '6.5.1';
    754754
    755755    /**
     
    859859    {
    860860        //Check overloading of mail function to avoid double-encoding
    861         if (ini_get('mbstring.func_overload') & 1) { // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated
     861        if (ini_get('mbstring.func_overload') & 1) {
    862862            $subject = $this->secureHeader($subject);
    863863        } else {
     
    11891189     * @return array
    11901190     */
    1191     public static function parseAddresses($addrstr, $useimap = true)
     1191    public static function parseAddresses($addrstr, $useimap = true, $charset = self::CHARSET_ISO88591)
    11921192    {
    11931193        $addresses = [];
     
    11951195            //Use this built-in parser if it's available
    11961196            $list = imap_rfc822_parse_adrlist($addrstr, '');
     1197            // Clear any potential IMAP errors to get rid of notices being thrown at end of script.
     1198            imap_errors();
    11971199            foreach ($list as $address) {
    11981200                if (
    1199                     ('.SYNTAX-ERROR.' !== $address->host) && static::validateAddress(
    1200                         $address->mailbox . '@' . $address->host
    1201                     )
     1201                    '.SYNTAX-ERROR.' !== $address->host &&
     1202                    static::validateAddress($address->mailbox . '@' . $address->host)
    12021203                ) {
    12031204                    //Decode the name part if it's present and encoded
    12041205                    if (
    12051206                        property_exists($address, 'personal') &&
    1206                         extension_loaded('mbstring') &&
    1207                         preg_match('/^=\?.*\?=$/', $address->personal)
     1207                        //Check for a Mbstring constant rather than using extension_loaded, which is sometimes disabled
     1208                        defined('MB_CASE_UPPER') &&
     1209                        preg_match('/^=\?.*\?=$/s', $address->personal)
    12081210                    ) {
     1211                        $origCharset = mb_internal_encoding();
     1212                        mb_internal_encoding($charset);
     1213                        //Undo any RFC2047-encoded spaces-as-underscores
     1214                        $address->personal = str_replace('_', '=20', $address->personal);
     1215                        //Decode the name
    12091216                        $address->personal = mb_decode_mimeheader($address->personal);
     1217                        mb_internal_encoding($origCharset);
    12101218                    }
    12111219
     
    12351243                    $name = trim($name);
    12361244                    if (static::validateAddress($email)) {
     1245                        //Check for a Mbstring constant rather than using extension_loaded, which is sometimes disabled
    12371246                        //If this name is encoded, decode it
    1238                         if (preg_match('/^=\?.*\?=$/', $name)) {
     1247                        if (defined('MB_CASE_UPPER') && preg_match('/^=\?.*\?=$/s', $name)) {
     1248                            $origCharset = mb_internal_encoding();
     1249                            mb_internal_encoding($charset);
     1250                            //Undo any RFC2047-encoded spaces-as-underscores
     1251                            $name = str_replace('_', '=20', $name);
     1252                            //Decode the name
    12391253                            $name = mb_decode_mimeheader($name);
     1254                            mb_internal_encoding($origCharset);
    12401255                        }
    12411256                        $addresses[] = [
     
    14401455                } elseif (defined('INTL_IDNA_VARIANT_2003')) {
    14411456                    //Fall back to this old, deprecated/removed encoding
    1442                     // phpcs:ignore PHPCompatibility.Constants.RemovedConstants.intl_idna_variant_2003Deprecated
    14431457                    $punycode = idn_to_ascii($domain, $errorcode, \INTL_IDNA_VARIANT_2003);
    14441458                } else {
    14451459                    //Fall back to a default we don't know about
    1446                     // phpcs:ignore PHPCompatibility.ParameterValues.NewIDNVariantDefault.NotSet
    14471460                    $punycode = idn_to_ascii($domain, $errorcode);
    14481461                }
     
    15111524            && stripos(PHP_OS, 'WIN') === 0
    15121525        ) {
    1513             trigger_error(
    1514                 'Your version of PHP is affected by a bug that may result in corrupted messages.' .
    1515                 ' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' .
    1516                 ' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.',
    1517                 E_USER_WARNING
    1518             );
     1526            trigger_error($this->lang('buggy_php'), E_USER_WARNING);
    15191527        }
    15201528
     
    17271735                fwrite($mail, $body);
    17281736                $result = pclose($mail);
    1729                 $addrinfo = static::parseAddresses($toAddr);
     1737                $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
    17301738                $this->doCallback(
    17311739                    ($result === 0),
     
    18871895            foreach ($toArr as $toAddr) {
    18881896                $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
    1889                 $addrinfo = static::parseAddresses($toAddr);
     1897                $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
    18901898                $this->doCallback(
    18911899                    $result,
     
    21842192    /**
    21852193     * Set the language for error messages.
    2186      * Returns false if it cannot load the language file.
    21872194     * The default language is English.
    21882195     *
    21892196     * @param string $langcode  ISO 639-1 2-character language code (e.g. French is "fr")
     2197     *                          Optionally, the language code can be enhanced with a 4-character
     2198     *                          script annotation and/or a 2-character country annotation.
    21902199     * @param string $lang_path Path to the language file directory, with trailing separator (slash).D
    21912200     *                          Do not set this from user input!
    21922201     *
    2193      * @return bool
     2202     * @return bool Returns true if the requested language was loaded, false otherwise.
    21942203     */
    21952204    public function setLanguage($langcode = 'en', $lang_path = '')
     
    22142223        $PHPMAILER_LANG = [
    22152224            'authenticate' => 'SMTP Error: Could not authenticate.',
     2225            'buggy_php' => 'Your version of PHP is affected by a bug that may result in corrupted messages.' .
     2226                ' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' .
     2227                ' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.',
    22162228            'connect_host' => 'SMTP Error: Could not connect to SMTP host.',
    22172229            'data_not_accepted' => 'SMTP Error: data not accepted.',
     
    22192231            'encoding' => 'Unknown encoding: ',
    22202232            'execute' => 'Could not execute: ',
     2233            'extension_missing' => 'Extension missing: ',
    22212234            'file_access' => 'Could not access file: ',
    22222235            'file_open' => 'File Error: Could not open file: ',
     
    22242237            'instantiate' => 'Could not instantiate mail function.',
    22252238            'invalid_address' => 'Invalid address: ',
     2239            'invalid_header' => 'Invalid header name or value',
    22262240            'invalid_hostentry' => 'Invalid hostentry: ',
    22272241            'invalid_host' => 'Invalid host: ',
     
    22302244            'recipients_failed' => 'SMTP Error: The following recipients failed: ',
    22312245            'signing' => 'Signing Error: ',
     2246            'smtp_code' => 'SMTP code: ',
     2247            'smtp_code_ex' => 'Additional SMTP info: ',
    22322248            'smtp_connect_failed' => 'SMTP connect() failed.',
     2249            'smtp_detail' => 'Detail: ',
    22332250            'smtp_error' => 'SMTP server error: ',
    22342251            'variable_set' => 'Cannot set or reset variable: ',
    2235             'extension_missing' => 'Extension missing: ',
    22362252        ];
    22372253        if (empty($lang_path)) {
     
    22392255            $lang_path = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR;
    22402256        }
     2257
    22412258        //Validate $langcode
    2242         if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) {
     2259        $foundlang = true;
     2260        $langcode  = strtolower($langcode);
     2261        if (
     2262            !preg_match('/^(?P<lang>[a-z]{2})(?P<script>_[a-z]{4})?(?P<country>_[a-z]{2})?$/', $langcode, $matches)
     2263            && $langcode !== 'en'
     2264        ) {
     2265            $foundlang = false;
    22432266            $langcode = 'en';
    22442267        }
    2245         $foundlang = true;
    2246         $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php';
     2268
    22472269        //There is no English translation file
    22482270        if ('en' !== $langcode) {
    2249             //Make sure language file path is readable
    2250             if (!static::fileIsAccessible($lang_file)) {
     2271            $langcodes = [];
     2272            if (!empty($matches['script']) && !empty($matches['country'])) {
     2273                $langcodes[] = $matches['lang'] . $matches['script'] . $matches['country'];
     2274            }
     2275            if (!empty($matches['country'])) {
     2276                $langcodes[] = $matches['lang'] . $matches['country'];
     2277            }
     2278            if (!empty($matches['script'])) {
     2279                $langcodes[] = $matches['lang'] . $matches['script'];
     2280            }
     2281            $langcodes[] = $matches['lang'];
     2282
     2283            //Try and find a readable language file for the requested language.
     2284            $foundFile = false;
     2285            foreach ($langcodes as $code) {
     2286                $lang_file = $lang_path . 'phpmailer.lang-' . $code . '.php';
     2287                if (static::fileIsAccessible($lang_file)) {
     2288                    $foundFile = true;
     2289                    break;
     2290                }
     2291            }
     2292
     2293            if ($foundFile === false) {
    22512294                $foundlang = false;
    22522295            } else {
    2253                 //$foundlang = include $lang_file;
    22542296                $lines = file($lang_file);
    22552297                foreach ($lines as $line) {
     
    22862328    public function getTranslations()
    22872329    {
     2330        if (empty($this->language)) {
     2331            $this->setLanguage(); // Set the default language.
     2332        }
     2333
    22882334        return $this->language;
    22892335    }
     
    25542600        //Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4
    25552601        //https://tools.ietf.org/html/rfc5322#section-3.6.4
    2556         if ('' !== $this->MessageID && preg_match('/^<.*@.*>$/', $this->MessageID)) {
     2602        if (
     2603            '' !== $this->MessageID &&
     2604            preg_match(
     2605                '/^<((([a-z\d!#$%&\'*+\/=?^_`{|}~-]+(\.[a-z\d!#$%&\'*+\/=?^_`{|}~-]+)*)' .
     2606                '|("(([\x01-\x08\x0B\x0C\x0E-\x1F\x7F]|[\x21\x23-\x5B\x5D-\x7E])' .
     2607                '|(\\[\x01-\x09\x0B\x0C\x0E-\x7F]))*"))@(([a-z\d!#$%&\'*+\/=?^_`{|}~-]+' .
     2608                '(\.[a-z\d!#$%&\'*+\/=?^_`{|}~-]+)*)|(\[(([\x01-\x08\x0B\x0C\x0E-\x1F\x7F]' .
     2609                '|[\x21-\x5A\x5E-\x7E])|(\\[\x01-\x09\x0B\x0C\x0E-\x7F]))*\])))>$/Di',
     2610                $this->MessageID
     2611            )
     2612        ) {
    25572613            $this->lastMessageID = $this->MessageID;
    25582614        } else {
     
    39383994                $msg .= $this->lang('smtp_error') . $lasterror['error'];
    39393995                if (!empty($lasterror['detail'])) {
    3940                     $msg .= ' Detail: ' . $lasterror['detail'];
     3996                    $msg .= ' ' . $this->lang('smtp_detail') . $lasterror['detail'];
    39413997                }
    39423998                if (!empty($lasterror['smtp_code'])) {
    3943                     $msg .= ' SMTP code: ' . $lasterror['smtp_code'];
     3999                    $msg .= ' ' . $this->lang('smtp_code') . $lasterror['smtp_code'];
    39444000                }
    39454001                if (!empty($lasterror['smtp_code_ex'])) {
    3946                     $msg .= ' Additional SMTP info: ' . $lasterror['smtp_code_ex'];
     4002                    $msg .= ' ' . $this->lang('smtp_code_ex') . $lasterror['smtp_code_ex'];
    39474003                }
    39484004            }
     
    40054061            || !is_string($host)
    40064062            || strlen($host) > 256
    4007             || !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+])$/', $host)
     4063            || !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+\])$/', $host)
    40084064        ) {
    40094065            return false;
     
    40824138        }
    40834139        $name = trim($name);
    4084         $value = trim($value);
     4140        $value = (null === $value) ? '' : trim($value);
    40854141        //Ensure name is not empty, and that neither name nor value contain line breaks
    40864142        if (empty($name) || strpbrk($name . $value, "\r\n") !== false) {
    40874143            if ($this->exceptions) {
    4088                 throw new Exception('Invalid header name or value');
     4144                throw new Exception($this->lang('invalid_header'));
    40894145            }
    40904146
     
    42404296     * @param string        $html     The HTML text to convert
    42414297     * @param bool|callable $advanced Any boolean value to use the internal converter,
    4242      *                                or provide your own callable for custom conversion
     4298     *                                or provide your own callable for custom conversion.
     4299     *                                *Never* pass user-supplied data into this parameter
    42434300     *
    42444301     * @return string
  • trunk/src/wp-includes/PHPMailer/SMTP.php

    r51169 r51634  
    3636     * @var string
    3737     */
    38     const VERSION = '6.5.0';
     38    const VERSION = '6.5.1';
    3939
    4040    /**
Note: See TracChangeset for help on using the changeset viewer.