External Libraries: Upgrade PHPMailer from 6.3.0 to 6.4.0.

6.4.0 reverts a change that made the `mail()` and sendmail transports set the envelope sender if one isn't explicitly provided, as it was causing problems in specific PHP/server configurations.

Release post: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.0
Changelog: https://github.com/PHPMailer/PHPMailer/compare/v6.3.0...v6.4.0

Props Synchro, tigertech, ayeshrajans, galbaras, audrasjb, SergeyBiryukov, desrosj, ocean90.
Merges [50628] to the 5.7 branch.
Fixes #52822.
Built from https://develop.svn.wordpress.org/branches/5.7@50630


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-04-01 13:01:06 +00:00
parent 35592e1ffa
commit 4fa46b8d14
3 changed files with 16 additions and 14 deletions

View File

@ -748,7 +748,7 @@ class PHPMailer
*
* @var string
*/
const VERSION = '6.3.0';
const VERSION = '6.4.0';
/**
* Error severity: message only, continue processing.
@ -1199,7 +1199,11 @@ class PHPMailer
)
) {
//Decode the name part if it's present and encoded
if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) {
if (
property_exists($address, 'personal') &&
extension_loaded('mbstring') &&
preg_match('/^=\?.*\?=$/', $address->personal)
) {
$address->personal = mb_decode_mimeheader($address->personal);
}
@ -1682,16 +1686,11 @@ class PHPMailer
//Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
//Example problem: https://www.drupal.org/node/1057954
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
if ('' === $this->Sender) {
$this->Sender = $this->From;
}
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
//PHP config has a sender address we can use
$this->Sender = ini_get('sendmail_from');
}
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
//But sendmail requires this param, so fail without it
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
if ($this->Mailer === 'qmail') {
$sendmailFmt = '%s -f%s';
@ -1699,8 +1698,12 @@ class PHPMailer
$sendmailFmt = '%s -oi -f%s -t';
}
} else {
$this->edebug('Sender address unusable or missing: ' . $this->Sender);
return false;
//allow sendmail to choose a default envelope sender. It may
//seem preferable to force it to use the From header as with
//SMTP, but that introduces new problems (see
//<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
//it has historically worked this way.
$sendmailFmt = '%s -oi -t';
}
$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
@ -1860,9 +1863,6 @@ class PHPMailer
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
//Example problem: https://www.drupal.org/node/1057954
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
if ('' === $this->Sender) {
$this->Sender = $this->From;
}
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
//PHP config has a sender address we can use
$this->Sender = ini_get('sendmail_from');

View File

@ -35,7 +35,7 @@ class SMTP
*
* @var string
*/
const VERSION = '6.3.0';
const VERSION = '6.4.0';
/**
* SMTP line break constant.
@ -553,6 +553,8 @@ class SMTP
}
//Send encoded username and password
if (
//Format from https://tools.ietf.org/html/rfc4616#section-2
//We skip the first field (it's forgery), so the string starts with a null byte
!$this->sendCommand(
'User & Password',
base64_encode("\0" . $username . "\0" . $password),

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.7.1-alpha-50609';
$wp_version = '5.7.1-alpha-50630';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.