Make WordPress Core


Ignore:
Timestamp:
02/17/2022 01:21:44 PM (2 years ago)
Author:
SergeyBiryukov
Message:

External Libraries: Upgrade PHPMailer to version 6.5.4.

The latest release includes some minor PHP cross-version improvements and a safeguard against hosters disabling security functions. Note to hosting providers: don't disable escapeshellarg() and escapeshellcmd(); it's not safe!

Release notes:
https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.4

For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.5.3...v6.5.4

Follow-up to [50628], [50799], [51169], [51634], [51635], [52252].

Props jrf, Synchro.
Fixes #55187.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/PHPMailer/PHPMailer.php

    r52252 r52749  
    751751     * @var string
    752752     */
    753     const VERSION = '6.5.3';
     753    const VERSION = '6.5.4';
    754754
    755755    /**
     
    11861186     * @param string $addrstr The address list string
    11871187     * @param bool   $useimap Whether to use the IMAP extension to parse the list
     1188     * @param string $charset The charset to use when decoding the address list string.
    11881189     *
    11891190     * @return array
     
    17451746                fwrite($mail, $body);
    17461747                $result = pclose($mail);
    1747                 $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
     1748                $addrinfo = static::parseAddresses($toAddr, true, $this->CharSet);
    17481749                $this->doCallback(
    17491750                    ($result === 0),
     
    18001801    protected static function isShellSafe($string)
    18011802    {
    1802         //Future-proof
     1803        //It's not possible to use shell commands safely (which includes the mail() function) without escapeshellarg,
     1804        //but some hosting providers disable it, creating a security problem that we don't want to have to deal with,
     1805        //so we don't.
     1806        if (!function_exists('escapeshellarg') || !function_exists('escapeshellcmd')) {
     1807            return false;
     1808        }
     1809
    18031810        if (
    18041811            escapeshellcmd($string) !== $string
     
    19081915            foreach ($toArr as $toAddr) {
    19091916                $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
    1910                 $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
     1917                $addrinfo = static::parseAddresses($toAddr, true, $this->CharSet);
    19111918                $this->doCallback(
    19121919                    $result,
     
    26332640        }
    26342641        if ('' === $this->XMailer) {
     2642            //Empty string for default X-Mailer header
    26352643            $result .= $this->headerLine(
    26362644                'X-Mailer',
    26372645                'PHPMailer ' . self::VERSION . ' (https://github.com/PHPMailer/PHPMailer)'
    26382646            );
    2639         } else {
    2640             $myXmailer = trim($this->XMailer);
    2641             if ($myXmailer) {
    2642                 $result .= $this->headerLine('X-Mailer', $myXmailer);
    2643             }
    2644         }
     2647        } elseif (is_string($this->XMailer) && trim($this->XMailer) !== '') {
     2648            //Some string
     2649            $result .= $this->headerLine('X-Mailer', trim($this->XMailer));
     2650        } //Other values result in no X-Mailer header
    26452651
    26462652        if ('' !== $this->ConfirmReadingTo) {
Note: See TracChangeset for help on using the changeset viewer.