External libraries: Improve attachment handling in PHPMailer

Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown. Partially merges [50799] to the 5.5 branch. Built from https://develop.svn.wordpress.org/branches/5.5@50849 git-svn-id: http://core.svn.wordpress.org/branches/5.5@50458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-11-13 22:26:06 +01:00 · 2021-05-12 22:26:56 +00:00 · 2021-05-12 22:26:56 +00:00 · aae37f1790
commit aae37f1790
parent 3a58019c39
1 changed files with 26 additions and 5 deletions
--- a/wp-includes/PHPMailer/PHPMailer.php
+++ b/wp-includes/PHPMailer/PHPMailer.php
@ -1747,7 +1747,28 @@ class PHPMailer
     */
    protected static function isPermittedPath($path)
    {
-        return !preg_match('#^[a-z]+://#i', $path);
+        //Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1
+        return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path);
+    }
+
+    /**
+     * Check whether a file path is safe, accessible, and readable.
+     *
+     * @param string $path A relative or absolute path to a file
+     *
+     * @return bool
+     */
+    protected static function fileIsAccessible($path)
+    {
+        if (!static::isPermittedPath($path)) {
+                return false;
+        }
+        $readable = file_exists($path);
+        //If not a UNC path (expected to start with \\), check read permission, see #2069
+        if (strpos($path, '\\\\') !== 0) {
+            $readable = $readable && is_readable($path);
+        }
+        return $readable;
    }

    /**
@ -2133,7 +2154,7 @@ class PHPMailer
        // There is no English translation file
        if ('en' !== $langcode) {
            // Make sure language file path is readable
-            if (!static::isPermittedPath($lang_file) || !file_exists($lang_file)) {
+            if (!static::fileIsAccessible($lang_file)) {
                $foundlang = false;
            } else {
                // Overwrite language-specific strings.
@ -2965,7 +2986,7 @@ class PHPMailer
        $disposition = 'attachment'
    ) {
        try {
-            if (!static::isPermittedPath($path) || !@is_file($path) || !is_readable($path)) {
+            if (!static::fileIsAccessible($path)) {
                throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE);
            }

@ -3140,7 +3161,7 @@ class PHPMailer
    protected function encodeFile($path, $encoding = self::ENCODING_BASE64)
    {
        try {
-            if (!static::isPermittedPath($path) || !file_exists($path) || !is_readable($path)) {
+            if (!static::fileIsAccessible($path)) {
                throw new Exception($this->lang('file_open') . $path, self::STOP_CONTINUE);
            }
            $file_buffer = file_get_contents($path);
@ -3526,7 +3547,7 @@ class PHPMailer
        $disposition = 'inline'
    ) {
        try {
-            if (!static::isPermittedPath($path) || !@is_file($path) || !is_readable($path)) {
+            if (!static::fileIsAccessible($path)) {
                throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE);
            }