External Libraries: Upgrade PHPMailer to version 6.5.4.

The latest release includes some minor PHP cross-version improvements and a safeguard against hosters disabling security functions. Note to hosting providers: don't disable `escapeshellarg()` and `escapeshellcmd()`; it's not safe! Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.4 For a full list of changes in this update, see the PHPMailer GitHub: https://github.com/PHPMailer/PHPMailer/compare/v6.5.3...v6.5.4 Follow-up to [50628], [50799], [51169], [51634], [51635], [52252]. Props jrf, Synchro. Fixes #55187. Built from https://develop.svn.wordpress.org/trunk@52749 git-svn-id: http://core.svn.wordpress.org/trunk@52338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 14:53:08 +02:00 · 2022-02-17 13:23:04 +00:00 · 2022-02-17 13:23:04 +00:00 · c70e24e0ab
commit c70e24e0ab
parent ab2c6d696b
3 changed files with 19 additions and 12 deletions
--- a/wp-includes/PHPMailer/PHPMailer.php
+++ b/wp-includes/PHPMailer/PHPMailer.php
@ -750,7 +750,7 @@ class PHPMailer
     *
     * @var string
     */
-    const VERSION = '6.5.3';
+    const VERSION = '6.5.4';

    /**
     * Error severity: message only, continue processing.
@ -1185,6 +1185,7 @@ class PHPMailer
     *
     * @param string $addrstr The address list string
     * @param bool   $useimap Whether to use the IMAP extension to parse the list
+     * @param string $charset The charset to use when decoding the address list string.
     *
     * @return array
     */
@ -1744,7 +1745,7 @@ class PHPMailer
                fwrite($mail, $header);
                fwrite($mail, $body);
                $result = pclose($mail);
-                $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
+                $addrinfo = static::parseAddresses($toAddr, true, $this->CharSet);
                $this->doCallback(
                    ($result === 0),
                    [[$addrinfo['address'], $addrinfo['name']]],
@ -1799,7 +1800,13 @@ class PHPMailer
     */
    protected static function isShellSafe($string)
    {
-        //Future-proof
+        //It's not possible to use shell commands safely (which includes the mail() function) without escapeshellarg,
+        //but some hosting providers disable it, creating a security problem that we don't want to have to deal with,
+        //so we don't.
+        if (!function_exists('escapeshellarg') || !function_exists('escapeshellcmd')) {
+            return false;
+        }
+
        if (
            escapeshellcmd($string) !== $string
            || !in_array(escapeshellarg($string), ["'$string'", "\"$string\""])
@ -1907,7 +1914,7 @@ class PHPMailer
        if ($this->SingleTo && count($toArr) > 1) {
            foreach ($toArr as $toAddr) {
                $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
-                $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
+                $addrinfo = static::parseAddresses($toAddr, true, $this->CharSet);
                $this->doCallback(
                    $result,
                    [[$addrinfo['address'], $addrinfo['name']]],
@ -2632,16 +2639,15 @@ class PHPMailer
            $result .= $this->headerLine('X-Priority', $this->Priority);
        }
        if ('' === $this->XMailer) {
+            //Empty string for default X-Mailer header
            $result .= $this->headerLine(
                'X-Mailer',
                'PHPMailer ' . self::VERSION . ' (https://github.com/PHPMailer/PHPMailer)'
            );
-        } else {
-            $myXmailer = trim($this->XMailer);
-            if ($myXmailer) {
-                $result .= $this->headerLine('X-Mailer', $myXmailer);
-            }
-        }
+        } elseif (is_string($this->XMailer) && trim($this->XMailer) !== '') {
+            //Some string
+            $result .= $this->headerLine('X-Mailer', trim($this->XMailer));
+        } //Other values result in no X-Mailer header

        if ('' !== $this->ConfirmReadingTo) {
            $result .= $this->headerLine('Disposition-Notification-To', '<' . $this->ConfirmReadingTo . '>');
--- a/wp-includes/PHPMailer/SMTP.php
+++ b/wp-includes/PHPMailer/SMTP.php
@ -35,7 +35,7 @@ class SMTP
     *
     * @var string
     */
-    const VERSION = '6.5.3';
+    const VERSION = '6.5.4';

    /**
     * SMTP line break constant.
@ -187,6 +187,7 @@ class SMTP
        'SendGrid' => '/[\d]{3} Ok: queued as (.*)/',
        'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/',
        'Haraka' => '/[\d]{3} Message Queued \((.*)\)/',
+        'Mailjet' => '/[\d]{3} OK queued as (.*)/',
    ];

    /**
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -16,7 +16,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '6.0-alpha-52744';
+$wp_version = '6.0-alpha-52749';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.