From 9387a43d9d1f80d79f0610db327de695add95ec1 Mon Sep 17 00:00:00 2001 From: Cameron Date: Mon, 17 Jul 2017 12:10:32 -0700 Subject: [PATCH] PHP Mailer Upgrade to 5.2.23 --- e107_handlers/phpmailer/class.phpmailer.php | 32 +++++-- e107_handlers/phpmailer/class.pop3.php | 2 +- e107_handlers/phpmailer/class.smtp.php | 100 ++++++++++---------- 3 files changed, 75 insertions(+), 59 deletions(-) diff --git a/e107_handlers/phpmailer/class.phpmailer.php b/e107_handlers/phpmailer/class.phpmailer.php index 8ff13f110..1b31ec14c 100644 --- a/e107_handlers/phpmailer/class.phpmailer.php +++ b/e107_handlers/phpmailer/class.phpmailer.php @@ -31,7 +31,7 @@ class PHPMailer * The PHPMailer Version number. * @var string */ - public $Version = '5.2.21'; + public $Version = '5.2.23'; /** * Email priority. @@ -2492,6 +2492,7 @@ class PHPMailer /** * Add an attachment from a path on the filesystem. + * Never use a user-supplied path to a file! * Returns false if the file could not be found or read. * @param string $path Path to the attachment. * @param string $name Overrides the attachment name. @@ -3017,6 +3018,7 @@ class PHPMailer * displayed inline with the message, not just attached for download. * This is used in HTML messages that embed the images * the HTML refers to using the $cid value. + * Never use a user-supplied path to a file! * @param string $path Path to the attachment. * @param string $cid Content ID of the attachment; Use this to reference * the content when using an embedded image in HTML. @@ -3380,12 +3382,14 @@ class PHPMailer * Create a message body from an HTML string. * Automatically inlines images and creates a plain-text version by converting the HTML, * overwriting any existing values in Body and AltBody. - * $basedir is used when handling relative image paths, e.g. + * Do not source $message content from user input! + * $basedir is prepended when handling relative URLs, e.g. and must not be empty * will look for an image file in $basedir/images/a.png and convert it to inline. - * If you don't want to apply these transformations to your HTML, just set Body and AltBody yourself. + * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email) + * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly. * @access public * @param string $message HTML message string - * @param string $basedir base directory for relative paths to images + * @param string $basedir Absolute path to a base directory to prepend to relative paths to images * @param boolean|callable $advanced Whether to use the internal HTML to text converter * or your own custom converter @see PHPMailer::html2text() * @return string $message The transformed message Body @@ -3394,6 +3398,10 @@ class PHPMailer { preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images); if (array_key_exists(2, $images)) { + if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { + // Ensure $basedir has a trailing / + $basedir .= '/'; + } foreach ($images[2] as $imgindex => $url) { // Convert data URIs into embedded images if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) { @@ -3411,18 +3419,24 @@ class PHPMailer $message ); } - } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) { - // Do not change urls for absolute images (thanks to corvuscorax) + continue; + } + if ( + // Only process relative URLs if a basedir is provided (i.e. no absolute local paths) + !empty($basedir) + // Ignore URLs containing parent dir traversal (..) + && (strpos($url, '..') === false) // Do not change urls that are already inline images + && substr($url, 0, 4) !== 'cid:' + // Do not change absolute URLs, including anonymous protocol + && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) + ) { $filename = basename($url); $directory = dirname($url); if ($directory == '.') { $directory = ''; } $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2 - if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { - $basedir .= '/'; - } if (strlen($directory) > 1 && substr($directory, -1) != '/') { $directory .= '/'; } diff --git a/e107_handlers/phpmailer/class.pop3.php b/e107_handlers/phpmailer/class.pop3.php index 373c886cd..c464f90c6 100644 --- a/e107_handlers/phpmailer/class.pop3.php +++ b/e107_handlers/phpmailer/class.pop3.php @@ -34,7 +34,7 @@ class POP3 * @var string * @access public */ - public $Version = '5.2.21'; + public $Version = '5.2.23'; /** * Default POP3 port number. diff --git a/e107_handlers/phpmailer/class.smtp.php b/e107_handlers/phpmailer/class.smtp.php index 270162b26..01cee8209 100644 --- a/e107_handlers/phpmailer/class.smtp.php +++ b/e107_handlers/phpmailer/class.smtp.php @@ -30,7 +30,7 @@ class SMTP * The PHPMailer SMTP version number. * @var string */ - const VERSION = '5.2.21'; + const VERSION = '5.2.23'; /** * SMTP line break constant. @@ -81,7 +81,7 @@ class SMTP * @deprecated Use the `VERSION` constant instead * @see SMTP::VERSION */ - public $Version = '5.2.21'; + public $Version = '5.2.23'; /** * SMTP server port number. @@ -150,16 +150,16 @@ class SMTP */ public $Timelimit = 300; - /** - * @var array patterns to extract smtp transaction id from smtp reply - * Only first capture group will be use, use non-capturing group to deal with it - * Extend this class to override this property to fulfil your needs. - */ - protected $smtp_transaction_id_patterns = array( - 'exim' => '/[0-9]{3} OK id=(.*)/', - 'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/', - 'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/' - ); + /** + * @var array patterns to extract smtp transaction id from smtp reply + * Only first capture group will be use, use non-capturing group to deal with it + * Extend this class to override this property to fulfil your needs. + */ + protected $smtp_transaction_id_patterns = array( + 'exim' => '/[0-9]{3} OK id=(.*)/', + 'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/', + 'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/' + ); /** * The socket for the server connection. @@ -231,8 +231,7 @@ class SMTP preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' - ) - . "
\n"; + ) . "
\n"; break; case 'echo': default: @@ -242,7 +241,7 @@ class SMTP "\n", "\n \t ", trim($str) - )."\n"; + ) . "\n"; } } @@ -276,7 +275,8 @@ class SMTP } // Connect to the SMTP server $this->edebug( - "Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true), + "Connection: opening to $host:$port, timeout=$timeout, options=" . + var_export($options, true), self::DEBUG_CONNECTION ); $errno = 0; @@ -362,14 +362,14 @@ class SMTP } // Begin encrypted connection - if (!stream_socket_enable_crypto( + set_error_handler(array($this, 'errorHandler')); + $crypto_ok = stream_socket_enable_crypto( $this->smtp_conn, true, $crypto_method - )) { - return false; - } - return true; + ); + restore_error_handler(); + return $crypto_ok; } /** @@ -398,8 +398,7 @@ class SMTP } if (array_key_exists('EHLO', $this->server_caps)) { - // SMTP extensions are available. Let's try to find a proper authentication method - + // SMTP extensions are available; try to find a proper authentication method if (!array_key_exists('AUTH', $this->server_caps)) { $this->setError('Authentication is not allowed at this stage'); // 'at this stage' means that auth may be allowed after the stage changes @@ -424,7 +423,7 @@ class SMTP $this->setError('No supported authentication methods found'); return false; } - self::edebug('Auth method selected: '.$authtype, self::DEBUG_LOWLEVEL); + self::edebug('Auth method selected: ' . $authtype, self::DEBUG_LOWLEVEL); } if (!in_array($authtype, $this->server_caps['AUTH'])) { @@ -550,7 +549,7 @@ class SMTP * Works like hash_hmac('md5', $data, $key) * in case that function is not available * @param string $data The data to hash - * @param string $key The key to hash with + * @param string $key The key to hash with * @access protected * @return string */ @@ -893,7 +892,8 @@ class SMTP $code_ex = (count($matches) > 2 ? $matches[2] : null); // Cut off error code from each response line $detail = preg_replace( - "/{$code}[ -]".($code_ex ? str_replace('.', '\\.', $code_ex).' ' : '')."/m", + "/{$code}[ -]" . + ($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . "/m", '', $this->last_reply ); @@ -1105,7 +1105,7 @@ class SMTP // Now check if reads took too long if ($endtime and time() > $endtime) { $this->edebug( - 'SMTP -> get_lines(): timelimit reached ('. + 'SMTP -> get_lines(): timelimit reached (' . $this->Timelimit . ' sec)', self::DEBUG_LOWLEVEL ); @@ -1208,42 +1208,44 @@ class SMTP * Reports an error number and string. * @param integer $errno The error number returned by PHP. * @param string $errmsg The error message returned by PHP. + * @param string $errfile The file the error occurred in + * @param integer $errline The line number the error occurred on */ - protected function errorHandler($errno, $errmsg) + protected function errorHandler($errno, $errmsg, $errfile = '', $errline = 0) { - $notice = 'Connection: Failed to connect to server.'; + $notice = 'Connection failed.'; $this->setError( $notice, $errno, $errmsg ); $this->edebug( - $notice . ' Error number ' . $errno . '. "Error notice: ' . $errmsg, + $notice . ' Error #' . $errno . ': ' . $errmsg . " [$errfile line $errline]", self::DEBUG_CONNECTION ); } - /** - * Will return the ID of the last smtp transaction based on a list of patterns provided - * in SMTP::$smtp_transaction_id_patterns. - * If no reply has been received yet, it will return null. - * If no pattern has been matched, it will return false. - * @return bool|null|string - */ - public function getLastTransactionID() - { - $reply = $this->getLastReply(); + /** + * Will return the ID of the last smtp transaction based on a list of patterns provided + * in SMTP::$smtp_transaction_id_patterns. + * If no reply has been received yet, it will return null. + * If no pattern has been matched, it will return false. + * @return bool|null|string + */ + public function getLastTransactionID() + { + $reply = $this->getLastReply(); - if (empty($reply)) { - return null; - } + if (empty($reply)) { + return null; + } - foreach($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) { - if(preg_match($smtp_transaction_id_pattern, $reply, $matches)) { - return $matches[1]; - } - } + foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) { + if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) { + return $matches[1]; + } + } - return false; + return false; } }