mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 20:57:26 +02:00
Code Issues Releases Wiki Activity

PHP Mailer Upgrade to 5.2.23

Browse Source
This commit is contained in:
Cameron
2017-07-17 12:10:32 -07:00
parent d5a7b52480
commit 9387a43d9d
3 changed files with 75 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
e107_handlers/phpmailer/class.phpmailer.php
View File

@@ -31,7 +31,7 @@ class PHPMailer
* The PHPMailer Version number. * The PHPMailer Version number.
* @var string * @var string
*/ */
public $Version = '5.2.21'; public $Version = '5.2.23';
/** /**
* Email priority. * Email priority.
@@ -2492,6 +2492,7 @@ class PHPMailer
/** /**
* Add an attachment from a path on the filesystem. * Add an attachment from a path on the filesystem.
* Never use a user-supplied path to a file!
* Returns false if the file could not be found or read. * Returns false if the file could not be found or read.
* @param string $path Path to the attachment. * @param string $path Path to the attachment.
* @param string $name Overrides the attachment name. * @param string $name Overrides the attachment name.
@@ -3017,6 +3018,7 @@ class PHPMailer
* displayed inline with the message, not just attached for download. * displayed inline with the message, not just attached for download.
* This is used in HTML messages that embed the images * This is used in HTML messages that embed the images
* the HTML refers to using the $cid value. * the HTML refers to using the $cid value.
* Never use a user-supplied path to a file!
* @param string $path Path to the attachment. * @param string $path Path to the attachment.
* @param string $cid Content ID of the attachment; Use this to reference * @param string $cid Content ID of the attachment; Use this to reference
* the content when using an embedded image in HTML. * the content when using an embedded image in HTML.
@@ -3380,12 +3382,14 @@ class PHPMailer
* Create a message body from an HTML string. * Create a message body from an HTML string.
* Automatically inlines images and creates a plain-text version by converting the HTML, * Automatically inlines images and creates a plain-text version by converting the HTML,
* overwriting any existing values in Body and AltBody. * overwriting any existing values in Body and AltBody.
* $basedir is used when handling relative image paths, e.g. <img src="images/a.png"> * Do not source $message content from user input!
* $basedir is prepended when handling relative URLs, e.g. <img src="/images/a.png"> and must not be empty
* will look for an image file in $basedir/images/a.png and convert it to inline. * will look for an image file in $basedir/images/a.png and convert it to inline.
* If you don't want to apply these transformations to your HTML, just set Body and AltBody yourself. * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email)
* If you don't want to apply these transformations to your HTML, just set Body and AltBody directly.
* @access public * @access public
* @param string $message HTML message string * @param string $message HTML message string
* @param string $basedir base directory for relative paths to images * @param string $basedir Absolute path to a base directory to prepend to relative paths to images
* @param boolean|callable $advanced Whether to use the internal HTML to text converter * @param boolean|callable $advanced Whether to use the internal HTML to text converter
* or your own custom converter @see PHPMailer::html2text() * or your own custom converter @see PHPMailer::html2text()
* @return string $message The transformed message Body * @return string $message The transformed message Body
@@ -3394,6 +3398,10 @@ class PHPMailer
{ {
preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images); preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images);
if (array_key_exists(2, $images)) { if (array_key_exists(2, $images)) {
if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
// Ensure $basedir has a trailing /
$basedir .= '/';
}
foreach ($images[2] as $imgindex => $url) { foreach ($images[2] as $imgindex => $url) {
// Convert data URIs into embedded images // Convert data URIs into embedded images
if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) { if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) {
@@ -3411,18 +3419,24 @@ class PHPMailer
$message $message
); );
} }
} elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) { continue;
// Do not change urls for absolute images (thanks to corvuscorax) }
if (
// Only process relative URLs if a basedir is provided (i.e. no absolute local paths)
!empty($basedir)
// Ignore URLs containing parent dir traversal (..)
&& (strpos($url, '..') === false)
// Do not change urls that are already inline images // Do not change urls that are already inline images
&& substr($url, 0, 4) !== 'cid:'
// Do not change absolute URLs, including anonymous protocol
&& !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url)
) {
$filename = basename($url); $filename = basename($url);
$directory = dirname($url); $directory = dirname($url);
if ($directory == '.') { if ($directory == '.') {
$directory = ''; $directory = '';
} }
$cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2 $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
$basedir .= '/';
}
if (strlen($directory) > 1 && substr($directory, -1) != '/') { if (strlen($directory) > 1 && substr($directory, -1) != '/') {
$directory .= '/'; $directory .= '/';
} }

2
e107_handlers/phpmailer/class.pop3.php
View File

@@ -34,7 +34,7 @@ class POP3
* @var string * @var string
* @access public * @access public
*/ */
public $Version = '5.2.21'; public $Version = '5.2.23';
/** /**
* Default POP3 port number. * Default POP3 port number.

44
e107_handlers/phpmailer/class.smtp.php
View File

@@ -30,7 +30,7 @@ class SMTP
* The PHPMailer SMTP version number. * The PHPMailer SMTP version number.
* @var string * @var string
*/ */
const VERSION = '5.2.21'; const VERSION = '5.2.23';
/** /**
* SMTP line break constant. * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
* @deprecated Use the `VERSION` constant instead * @deprecated Use the `VERSION` constant instead
* @see SMTP::VERSION * @see SMTP::VERSION
*/ */
public $Version = '5.2.21'; public $Version = '5.2.23';
/** /**
* SMTP server port number. * SMTP server port number.
@@ -231,8 +231,7 @@ class SMTP
preg_replace('/[\r\n]+/', '', $str), preg_replace('/[\r\n]+/', '', $str),
ENT_QUOTES, ENT_QUOTES,
'UTF-8' 'UTF-8'
) ) . "<br>\n";
. "<br>\n";
break; break;
case 'echo': case 'echo':
default: default:
@@ -242,7 +241,7 @@ class SMTP
"\n", "\n",
"\n \t ", "\n \t ",
trim($str) trim($str)
)."\n"; ) . "\n";
} }
} }
@@ -276,7 +275,8 @@ class SMTP
} }
// Connect to the SMTP server // Connect to the SMTP server
$this->edebug( $this->edebug(
"Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true), "Connection: opening to $host:$port, timeout=$timeout, options=" .
var_export($options, true),
self::DEBUG_CONNECTION self::DEBUG_CONNECTION
); );
$errno = 0; $errno = 0;
@@ -362,14 +362,14 @@ class SMTP
} }
// Begin encrypted connection // Begin encrypted connection
if (!stream_socket_enable_crypto( set_error_handler(array($this, 'errorHandler'));
$crypto_ok = stream_socket_enable_crypto(
$this->smtp_conn, $this->smtp_conn,
true, true,
$crypto_method $crypto_method
)) { );
return false; restore_error_handler();
} return $crypto_ok;
return true;
} }
/** /**
@@ -398,8 +398,7 @@ class SMTP
} }
if (array_key_exists('EHLO', $this->server_caps)) { if (array_key_exists('EHLO', $this->server_caps)) {
// SMTP extensions are available. Let's try to find a proper authentication method // SMTP extensions are available; try to find a proper authentication method
if (!array_key_exists('AUTH', $this->server_caps)) { if (!array_key_exists('AUTH', $this->server_caps)) {
$this->setError('Authentication is not allowed at this stage'); $this->setError('Authentication is not allowed at this stage');
// 'at this stage' means that auth may be allowed after the stage changes // 'at this stage' means that auth may be allowed after the stage changes
@@ -424,7 +423,7 @@ class SMTP
$this->setError('No supported authentication methods found'); $this->setError('No supported authentication methods found');
return false; return false;
} }
self::edebug('Auth method selected: '.$authtype, self::DEBUG_LOWLEVEL); self::edebug('Auth method selected: ' . $authtype, self::DEBUG_LOWLEVEL);
} }
if (!in_array($authtype, $this->server_caps['AUTH'])) { if (!in_array($authtype, $this->server_caps['AUTH'])) {
@@ -893,7 +892,8 @@ class SMTP
$code_ex = (count($matches) > 2 ? $matches[2] : null); $code_ex = (count($matches) > 2 ? $matches[2] : null);
// Cut off error code from each response line // Cut off error code from each response line
$detail = preg_replace( $detail = preg_replace(
"/{$code}[ -]".($code_ex ? str_replace('.', '\\.', $code_ex).' ' : '')."/m", "/{$code}[ -]" .
($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . "/m",
'', '',
$this->last_reply $this->last_reply
); );
@@ -1105,7 +1105,7 @@ class SMTP
// Now check if reads took too long // Now check if reads took too long
if ($endtime and time() > $endtime) { if ($endtime and time() > $endtime) {
$this->edebug( $this->edebug(
'SMTP -> get_lines(): timelimit reached ('. 'SMTP -> get_lines(): timelimit reached (' .
$this->Timelimit . ' sec)', $this->Timelimit . ' sec)',
self::DEBUG_LOWLEVEL self::DEBUG_LOWLEVEL
); );
@@ -1208,17 +1208,19 @@ class SMTP
* Reports an error number and string. * Reports an error number and string.
* @param integer $errno The error number returned by PHP. * @param integer $errno The error number returned by PHP.
* @param string $errmsg The error message returned by PHP. * @param string $errmsg The error message returned by PHP.
* @param string $errfile The file the error occurred in
* @param integer $errline The line number the error occurred on
*/ */
protected function errorHandler($errno, $errmsg) protected function errorHandler($errno, $errmsg, $errfile = '', $errline = 0)
{ {
$notice = 'Connection: Failed to connect to server.'; $notice = 'Connection failed.';
$this->setError( $this->setError(
$notice, $notice,
$errno, $errno,
$errmsg $errmsg
); );
$this->edebug( $this->edebug(
$notice . ' Error number ' . $errno . '. "Error notice: ' . $errmsg, $notice . ' Error #' . $errno . ': ' . $errmsg . " [$errfile line $errline]",
self::DEBUG_CONNECTION self::DEBUG_CONNECTION
); );
} }
@@ -1238,8 +1240,8 @@ class SMTP
return null; return null;
} }
foreach($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) { foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
if(preg_match($smtp_transaction_id_pattern, $reply, $matches)) { if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
return $matches[1]; return $matches[1];
} }
} }