Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 22:56:19 +01:00
Code Issues Projects Releases Wiki Activity

External Libraries: Upgrade PHPMailer from 6.3.0 to 6.4.0.

Browse Source 
6.4.0 reverts a change that made the `mail()` and sendmail transports set the envelope sender if one isn't explicitly provided, as it was causing problems in specific PHP/server configurations.

Release post: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.0
Changelog: https://github.com/PHPMailer/PHPMailer/compare/v6.3.0...v6.4.0

Props Synchro, tigertech, ayeshrajans, galbaras, audrasjb, SergeyBiryukov, desrosj, ocean90.
Merges [50628] to the 5.7 branch.
Fixes #52822.
Built from https://develop.svn.wordpress.org/branches/5.7@50630


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-04-01 13:01:06 +00:00
parent 35592e1ffa
commit 4fa46b8d14
3 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
wp-includes/PHPMailer/PHPMailer.php
View File

@ -748,7 +748,7 @@ class PHPMailer
* *
* @var string * @var string
*/ */
const VERSION = '6.3.0'; const VERSION = '6.4.0';
/** /**
* Error severity: message only, continue processing. * Error severity: message only, continue processing.
@ -1199,7 +1199,11 @@ class PHPMailer
) )
) { ) {
//Decode the name part if it's present and encoded //Decode the name part if it's present and encoded
if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) { if (
property_exists($address, 'personal') &&
extension_loaded('mbstring') &&
preg_match('/^=\?.*\?=$/', $address->personal)
) {
$address->personal = mb_decode_mimeheader($address->personal); $address->personal = mb_decode_mimeheader($address->personal);
} }
@ -1682,16 +1686,11 @@ class PHPMailer
//Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
//Example problem: https://www.drupal.org/node/1057954 //Example problem: https://www.drupal.org/node/1057954
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
if ('' === $this->Sender) {
$this->Sender = $this->From;
}
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) { if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
//PHP config has a sender address we can use //PHP config has a sender address we can use
$this->Sender = ini_get('sendmail_from'); $this->Sender = ini_get('sendmail_from');
} }
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
//But sendmail requires this param, so fail without it
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) { if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
if ($this->Mailer === 'qmail') { if ($this->Mailer === 'qmail') {
$sendmailFmt = '%s -f%s'; $sendmailFmt = '%s -f%s';
@ -1699,8 +1698,12 @@ class PHPMailer
$sendmailFmt = '%s -oi -f%s -t'; $sendmailFmt = '%s -oi -f%s -t';
} }
} else { } else {
$this->edebug('Sender address unusable or missing: ' . $this->Sender); //allow sendmail to choose a default envelope sender. It may
return false; //seem preferable to force it to use the From header as with
//SMTP, but that introduces new problems (see
//<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
//it has historically worked this way.
$sendmailFmt = '%s -oi -t';
} }
$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender); $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
@ -1860,9 +1863,6 @@ class PHPMailer
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
//Example problem: https://www.drupal.org/node/1057954 //Example problem: https://www.drupal.org/node/1057954
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
if ('' === $this->Sender) {
$this->Sender = $this->From;
}
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) { if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
//PHP config has a sender address we can use //PHP config has a sender address we can use
$this->Sender = ini_get('sendmail_from'); $this->Sender = ini_get('sendmail_from');

4
wp-includes/PHPMailer/SMTP.php
View File

@ -35,7 +35,7 @@ class SMTP
* *
* @var string * @var string
*/ */
const VERSION = '6.3.0'; const VERSION = '6.4.0';
/** /**
* SMTP line break constant. * SMTP line break constant.
@ -553,6 +553,8 @@ class SMTP
} }
//Send encoded username and password //Send encoded username and password
if ( if (
//Format from https://tools.ietf.org/html/rfc4616#section-2
//We skip the first field (it's forgery), so the string starts with a null byte
!$this->sendCommand( !$this->sendCommand(
'User & Password', 'User & Password',
base64_encode("\0" . $username . "\0" . $password), base64_encode("\0" . $username . "\0" . $password),

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.7.1-alpha-50609'; $wp_version = '5.7.1-alpha-50630';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.