diff --git a/lib/phpmailer/COMMITMENT b/lib/phpmailer/COMMITMENT new file mode 100644 index 00000000000..a687e0ddb6f --- /dev/null +++ b/lib/phpmailer/COMMITMENT @@ -0,0 +1,46 @@ +GPL Cooperation Commitment +Version 1.0 + +Before filing or continuing to prosecute any legal proceeding or claim +(other than a Defensive Action) arising from termination of a Covered +License, we commit to extend to the person or entity ('you') accused +of violating the Covered License the following provisions regarding +cure and reinstatement, taken from GPL version 3. As used here, the +term 'this License' refers to the specific Covered License being +enforced. + + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly + and finally terminates your license, and (b) permanently, if the + copyright holder fails to notify you of the violation by some + reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you + have received notice of violation of this License (for any work) + from that copyright holder, and you cure the violation prior to 30 + days after your receipt of the notice. + +We intend this Commitment to be irrevocable, and binding and +enforceable against us and assignees of or successors to our +copyrights. + +Definitions + +'Covered License' means the GNU General Public License, version 2 +(GPLv2), the GNU Lesser General Public License, version 2.1 +(LGPLv2.1), or the GNU Library General Public License, version 2 +(LGPLv2), all as published by the Free Software Foundation. + +'Defensive Action' means a legal proceeding or claim that We bring +against you in response to a prior proceeding or claim initiated by +you or your affiliate. + +'We' means each contributor to this repository as of the date of +inclusion of this file, including subsidiaries of a corporate +contributor. + +This work is available under a Creative Commons Attribution-ShareAlike +4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/). diff --git a/lib/phpmailer/LICENSE b/lib/phpmailer/LICENSE index 8e0763d1c21..f166cc57b27 100644 --- a/lib/phpmailer/LICENSE +++ b/lib/phpmailer/LICENSE @@ -1,8 +1,8 @@ - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -10,7 +10,7 @@ as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] - Preamble + Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public @@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. - + Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a @@ -111,8 +111,8 @@ modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. - - GNU LESSER GENERAL PUBLIC LICENSE + + GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other @@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. - + 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an @@ -158,7 +158,7 @@ Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. - + 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 @@ -216,7 +216,7 @@ instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. - + Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. @@ -267,7 +267,7 @@ Library will still fall under Section 6.) distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. - + 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work @@ -312,7 +312,7 @@ of these things: from a designated place, offer equivalent access to copy the above specified materials from the same place. - e) verify that the user has already received a copy of these + e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the @@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. - + 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined @@ -370,7 +370,7 @@ subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. - + 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or @@ -422,7 +422,7 @@ conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. - + 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is @@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - NO WARRANTY + NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. @@ -455,8 +455,8 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - END OF TERMS AND CONDITIONS - + END OF TERMS AND CONDITIONS + How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest @@ -485,7 +485,7 @@ convey the exclusion of warranty; and each file should have at least the You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. @@ -499,6 +499,4 @@ necessary. Here is a sample; alter the names: , 1 April 1990 Ty Coon, President of Vice -That's all there is to it! - - +That's all there is to it! \ No newline at end of file diff --git a/lib/phpmailer/README.md b/lib/phpmailer/README.md index 2b753b04f97..70f3d909f44 100644 --- a/lib/phpmailer/README.md +++ b/lib/phpmailer/README.md @@ -19,7 +19,7 @@ Build status: [![Build Status](https://travis-ci.org/PHPMailer/PHPMailer.svg)](h - SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports - Validates email addresses automatically - Protect against header injection attacks -- Error messages in 47 languages! +- Error messages in over 50 languages! - DKIM and S/MIME signing support - Compatible with PHP 5.5 and later - Namespaced to prevent name clashes @@ -29,16 +29,15 @@ Build status: [![Build Status](https://travis-ci.org/PHPMailer/PHPMailer.svg)](h Many PHP developers utilize email in their code. The only PHP function that supports this is the `mail()` function. However, it does not provide any assistance for making use of popular features such as HTML-based emails and attachments. Formatting email correctly is surprisingly difficult. There are myriad overlapping RFCs, requiring tight adherence to horribly complicated formatting and encoding rules - the vast majority of code that you'll find online that uses the `mail()` function directly is just plain wrong! -*Please* don't be tempted to do it yourself - if you don't use PHPMailer, there are many other excellent libraries that you should look at before rolling your own - try SwiftMailer, Zend_Mail, eZcomponents etc. +*Please* don't be tempted to do it yourself - if you don't use PHPMailer, there are many other excellent libraries that you should look at before rolling your own - try [SwiftMailer](https://swiftmailer.symfony.com/), [Zend/Mail](https://zendframework.github.io/zend-mail/), [eZcomponents](https://github.com/zetacomponents/Mail) etc. The PHP `mail()` function usually sends via a local mail server, typically fronted by a `sendmail` binary on Linux, BSD and OS X platforms, however, Windows usually doesn't include a local mail server; PHPMailer's integrated SMTP implementation allows email sending on Windows platforms without a local mail server. ## License -This software is distributed under the [LGPL 2.1](http://www.gnu.org/licenses/lgpl-2.1.html) license. Please read LICENSE for information on the -software availability and distribution. +This software is distributed under the [LGPL 2.1](http://www.gnu.org/licenses/lgpl-2.1.html) license, along with the [GPL Cooperation Commitment](https://gplcc.github.io/gplcc/). Please read LICENSE for information on the software availability and distribution. ## Installation & loading -PHPMailer is available on [Packagist](https://packagist.org/packages/phpmailer/phpmailer) (using semantic versioning), and installation via composer is the recommended way to install PHPMailer. Just add this line to your `composer.json` file: +PHPMailer is available on [Packagist](https://packagist.org/packages/phpmailer/phpmailer) (using semantic versioning), and installation via [Composer](https://getcomposer.org) is the recommended way to install PHPMailer. Just add this line to your `composer.json` file: ```json "phpmailer/phpmailer": "~6.0" @@ -50,44 +49,62 @@ or run composer require phpmailer/phpmailer ``` -PHPMailer declares the namespace `PHPMailer\PHPMailer`. +Note that the `vendor` folder and the `vendor/autoload.php` script are generated by Composer; they are not part of PHPMailer. If you want to use the Gmail XOAUTH2 authentication class, you will also need to add a dependency on the `league/oauth2-client` package in your `composer.json`. -Alternatively, if you're not using composer, copy the contents of the PHPMailer folder into one of the `include_path` directories specified in your PHP configuration and load each one manually. +Alternatively, if you're not using Composer, copy the contents of the PHPMailer folder into one of the `include_path` directories specified in your PHP configuration and load each class file manually: -If you don't speak git or just want a tarball, click the 'zip' button on the right of the project page in GitHub. +```php +SMTPDebug = 2; // Enable verbose debug output - $mail->isSMTP(); // Set mailer to use SMTP - $mail->Host = 'smtp1.example.com;smtp2.example.com'; // Specify main and backup SMTP servers - $mail->SMTPAuth = true; // Enable SMTP authentication - $mail->Username = 'user@example.com'; // SMTP username - $mail->Password = 'secret'; // SMTP password - $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted - $mail->Port = 587; // TCP port to connect to + $mail->SMTPDebug = 2; // Enable verbose debug output + $mail->isSMTP(); // Set mailer to use SMTP + $mail->Host = 'smtp1.example.com;smtp2.example.com'; // Specify main and backup SMTP servers + $mail->SMTPAuth = true; // Enable SMTP authentication + $mail->Username = 'user@example.com'; // SMTP username + $mail->Password = 'secret'; // SMTP password + $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted + $mail->Port = 587; // TCP port to connect to //Recipients $mail->setFrom('from@example.com', 'Mailer'); @@ -97,11 +114,11 @@ try { $mail->addCC('cc@example.com'); $mail->addBCC('bcc@example.com'); - //Attachments + // Attachments $mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments $mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name - //Content + // Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = 'Here is the subject'; $mail->Body = 'This is the HTML message body in bold!'; @@ -110,8 +127,7 @@ try { $mail->send(); echo 'Message has been sent'; } catch (Exception $e) { - echo 'Message could not be sent.'; - echo 'Mailer Error: ' . $mail->ErrorInfo; + echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}"; } ``` @@ -120,25 +136,25 @@ You'll find plenty more to play with in the [examples](https://github.com/PHPMai That's it. You should now be ready to use PHPMailer! ## Localization -PHPMailer defaults to English, but in the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder you'll find numerous (46 at the time of writing!) translations for PHPMailer error messages that you may encounter. Their filenames contain [ISO 639-1](http://en.wikipedia.org/wiki/ISO_639-1) language code for the translations, for example `fr` for French. To specify a language, you need to tell PHPMailer which one to use, like this: +PHPMailer defaults to English, but in the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder you'll find numerous (48 at the time of writing!) translations for PHPMailer error messages that you may encounter. Their filenames contain [ISO 639-1](http://en.wikipedia.org/wiki/ISO_639-1) language code for the translations, for example `fr` for French. To specify a language, you need to tell PHPMailer which one to use, like this: ```php // To load the French version $mail->setLanguage('fr', '/optional/path/to/language/directory/'); ``` -We welcome corrections and new languages - if you're looking for corrections to do, run the [phpmailerLangTest.php](https://github.com/PHPMailer/PHPMailer/tree/master/test/phpmailerLangTest.php) script in the tests folder and it will show any missing translations. +We welcome corrections and new languages - if you're looking for corrections to do, run the [PHPMailerLangTest.php](https://github.com/PHPMailer/PHPMailer/tree/master/test/PHPMailerLangTest.php) script in the tests folder and it will show any missing translations. ## Documentation Start reading at the [GitHub wiki](https://github.com/PHPMailer/PHPMailer/wiki). If you're having trouble, this should be the first place you look as it's the most frequently updated. Examples of how to use PHPMailer for common scenarios can be found in the [examples](https://github.com/PHPMailer/PHPMailer/tree/master/examples) folder. If you're looking for a good starting point, we recommend you start with [the Gmail example](https://github.com/PHPMailer/PHPMailer/tree/master/examples/gmail.phps). -Note that in order to reduce PHPMailer's deployed code footprint, the examples are no longer included if you load PHPMailer via composer or via [GitHub's zip file download](https://github.com/PHPMailer/PHPMailer/archive/master.zip), so you'll need to either clone the git repository or use the above links to get to the examples directly. +Note that in order to reduce PHPMailer's deployed code footprint, the examples are no longer included if you load PHPMailer via Composer or via [GitHub's zip file download](https://github.com/PHPMailer/PHPMailer/archive/master.zip), so you'll need to either clone the git repository or use the above links to get to the examples directly. Complete generated API documentation is [available online](http://phpmailer.github.io/PHPMailer/). -You can generate complete API-level documentation by running `phpdoc` in the top-level folder, and documentation will appear in teh `docs` folder, though you'll need to have [PHPDocumentor](http://www.phpdoc.org) installed. You may find [the unit tests](https://github.com/PHPMailer/PHPMailer/tree/master/test/phpmailerTest.php) a good source of how to do various operations such as encryption. +You can generate complete API-level documentation by running `phpdoc` in the top-level folder, and documentation will appear in the `docs` folder, though you'll need to have [PHPDocumentor](http://www.phpdoc.org) installed. You may find [the unit tests](https://github.com/PHPMailer/PHPMailer/tree/master/test/phpmailerTest.php) a good source of how to do various operations such as encryption. If the documentation doesn't cover what you need, search the [many questions on Stack Overflow](http://stackoverflow.com/questions/tagged/phpmailer), and before you ask a question about "SMTP Error: Could not connect to SMTP host.", [read the troubleshooting guide](https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting). @@ -150,7 +166,6 @@ Build status: [![Build Status](https://travis-ci.org/PHPMailer/PHPMailer.svg)](h If this isn't passing, is there something you can do to help? ## Security - Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately. PHPMailer versions prior to 5.2.22 (released January 9th 2017) have a local file disclosure vulnerability, [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223). If content passed into `msgHTML()` is sourced from unfiltered user input, relative paths can map to absolute local file paths and added as attachments. Also note that `addAttachment` (just like `file_get_contents`, `passthru`, `unlink`, etc) should not be passed user-sourced params either! Reported by Yongxiang Li of Asiasecurity. @@ -181,7 +196,7 @@ Development time and resources for PHPMailer are provided by [Smartmessages.net] Smartmessages email marketing -Other contributions are gladly received, whether in beer 🍺, T-shirts 👕, Amazon wishlist raids, or cold, hard cash 💰. +Other contributions are gladly received, whether in beer 🍺, T-shirts 👕, Amazon wishlist raids, or cold, hard cash 💰. If you'd like to donate to say "thank you" to maintainers or contributors, please contact them through individual profile pages via [the contributors page](https://github.com/PHPMailer/PHPMailer/graphs/contributors). ## Changelog See [changelog](changelog.md). @@ -202,4 +217,4 @@ See [changelog](changelog.md). - Public development. - Additional languages and language strings. - CRAM-MD5 authentication support. -- Preserves full repo history of authors, commits and branches from the original SourceForge project. \ No newline at end of file +- Preserves full repo history of authors, commits and branches from the original SourceForge project. diff --git a/lib/phpmailer/README_MOODLE.txt b/lib/phpmailer/README_MOODLE.txt index 6b176304c4b..c05ff328ce5 100644 --- a/lib/phpmailer/README_MOODLE.txt +++ b/lib/phpmailer/README_MOODLE.txt @@ -1,31 +1,20 @@ -Description of PHPMailer 6.0.1 library import into Moodle +Description of PHPMailer 6.0.7 library import into Moodle We now use a vanilla version of phpmailer and do our customisations in a subclass. -When doing the import we remove directories/files: -.github/ -.phan/ -docs/ -examples/ -src/OAuth.php -src/POP3.php -test/ -.gitattributes -.gitignore -.php_cs -.scrutinizer.yml -.travis.yml -SECURITY.md -UPGRADING.md -composer.json -get_oauth_token.php -phpdoc.dist.xml -travis.phpunit.xml.dist +For more information on this version of PHPMailer, check out https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.7 + +To upgrade this library: +1. Download the latest release of PHPMailer in https://github.com/PHPMailer/PHPMailer/releases. +2. Remove the lib/phpmailer/language folder. This will be replaced with language folder from the latest release. +3. Extract the contents of the release archive to lib/phpmailer. +4. Remove the following files that were extracted: + - composer.json + - get_oauth_token.php + - SECURITY.md + - src/OAuth.php + - src/POP3.php +5. Update lib/thirdpartylibs.xml. Local changes (to verify/apply with new imports): - -- MDL-63967: PHP 7.3 compatibility. - lib/phpmailer/src/PHPMailer.php: FILTER_FLAG_HOST_REQUIRED is deprecated and - implied with FILTER_VALIDATE_URL. This was fixed upstream by - https://github.com/PHPMailer/PHPMailer/pull/1551 diff --git a/lib/phpmailer/VERSION b/lib/phpmailer/VERSION index 5fe60723048..41bd15e2ea9 100644 --- a/lib/phpmailer/VERSION +++ b/lib/phpmailer/VERSION @@ -1 +1 @@ -6.0.1 +6.0.7 \ No newline at end of file diff --git a/lib/phpmailer/changelog.md b/lib/phpmailer/changelog.md deleted file mode 100644 index c484341b230..00000000000 --- a/lib/phpmailer/changelog.md +++ /dev/null @@ -1,768 +0,0 @@ -# PHPMailer Change Log - -## Version 6.0.1 (September 14th 2017) -* Use shorter Message-ID headers (with more entropy) to avoid iCloud blackhole bug -* Switch to Symfony code style (though it's not well defined) -* CI builds now apply syntax & code style checks, so make your PRs tidy! -* CI code coverage only applied on latest version of PHP to speed up builds (thanks to @Slamdunk for these CI changes) -* Remove `composer.lock` - it's important that libraries break early; keeping it is for apps -* Rename test scripts to PSR-4 spec -* Make content-id values settable on attachments, not just embedded items -* Add SMTP transaction IDs to callbacks & allow for future expansion -* Expand test coverage - -## Version 6.0 (August 28th 2017) -This is a major update that breaks backwards compatibility. - -* **Requires PHP 5.5 or later** -* **Uses the `PHPMailer\PHPMailer` namespace** -* File structure simplified and PSR-4 compatible, classes live in the `src/` folder -* The custom autoloader has been removed: [**use composer**](https://getcomposer.org)! -* Classes & Exceptions renamed to make use of the namespace -* Most statically called functions now use the `static` keyword instead of `self`, so it's possible to override static internal functions in subclasses, for example `validateAddress()` -* Complete RFC standardisation on CRLF (`\r\n`) line breaks for SMTP by default: - * `PHPMailer:$LE` defaults to CRLF - * All uses of `PHPMailer::$LE` property converted to use `static::$LE` constant for consistency and ease of overriding - * Similar changes to line break handling in SMTP and POP3 classes. - * Line break format for `mail()` transport is set automatically. - * Warnings emitted for buggy `mail()` in PHP versions 7.0.0 - 7.0.16 and 7.1.0 - 7.1.2; either upgrade or switch to SMTP. -* Extensive reworking of XOAUTH2, adding support for Google, Yahoo and Microsoft providers, thanks to @sherryl4george -* Major cleanup of docs and examples -* All elements previously marked as deprecated have been removed: - * `PHPMailer->Version` (replaced with `VERSION` constant) - * `PHPMailer->ReturnPath` - * `PHPMailer->PluginDir` - * `PHPMailer->encodeQPphp()` - * `SMTP->CRLF` (replaced with `LE` constant) - * `SMTP->Version` (replaced with `VERSION` constant) - * `SMTP->SMTP_PORT` (replaced with `DEFAULT_PORT` constant) - * `POP3->CRLF` (replaced with `LE` constant) - * `POP3->Version` (replaced with `VERSION` constant) - * `POP3->POP3_PORT` (replaced with `DEFAULT_PORT` constant) - * `POP3->POP3_TIMEOUT` (replaced with `DEFAULT_TIMEOUT` constant) -* NTLM authentication has been removed - it never worked anyway! - * `PHPMailer->Workstation` - * `PHPMailer->Realm` -* `SingleTo` functionality is deprecated; this belongs at a higher level - PHPMailer is not a mailing list system. -* `SMTP::authenticate` method signature changed -* `parseAddresses()` is now static -* `validateAddress()` is now called statically from `parseAddresses()` -* `idnSupported()` is now static and is called statically from `punyencodeAddress()` -* `PHPMailer->SingleToArray` is now protected -* `fixEOL()` method removed - it duplicates `PHPMailer::normalizeBreaks()`, so use that instead -* Don't try to use an auth mechanism if it's not supported by the server -* Reorder automatic AUTH mechanism selector to try most secure method first -* `Extras` classes have been removed - use alternative packages from [packagist.org](https://packagist.org) instead -* Better handling of automatic transfer encoding switch in the presence of long lines -* Simplification of address validation - now uses PHP's `FILTER_VALIDATE_EMAIL` pattern by default, retains advanced options -* `Debugoutput` can accept a PSR-3 logger instance -* To reduce code footprint, the examples folder is no longer included in composer deployments or github zip files -* Trap low-level errors in SMTP, reports via debug output -* More reliable folding of message headers -* Inject your own SMTP implementation via `setSMTPInstance()` instead of having to subclass and override `getSMTPInstance()`. -* Make obtaining SMTP transaction ID more reliable -* Better handling of unreliable PHP timeouts -* Made `SMTPDebug = 4` slightly less noisy - -## Version 5.2.25 (August 28th 2017) -* Make obtaining SMTP transaction ID more reliable -* Add Bosnian translation -* This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the [5.2-stable branch](https://github.com/PHPMailer/PHPMailer/tree/5.2-stable)), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0. - -## Version 5.2.24 (July 26th 2017) -* **SECURITY** Fix XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project. -* Handle bare codes (an RFC contravention) in SMTP server responses -* Make message timestamps more dynamic - calculate the date separately for each message -* More thorough checks for reading attachments. -* Throw an exception when trying to send a message with an empty body caused by an internal error. -* Replaced all use of MD5 and SHA1 hash functions with SHA256. -* Now checks for invalid host strings when sending via SMTP. -* Include timestamps in HTML-format debug output -* Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations -* Correction of Serbian ISO language code from `sr` to `rs` -* Fix matching of multiple entries in `Host` to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b) -* Better capture and reporting of SMTP connection errors - -## Version 5.2.23 (March 15th 2017) -* Improve trapping of TLS errors during connection so that they don't cause warnings, and are reported better in debug output -* Amend test suite so it uses PHPUnit version 4.8, compatible with older versions of PHP, instead of the version supplied by Travis-CI -* This forces pinning of some dev packages to older releases, but should make travis builds more reliable -* Test suite now runs on HHVM, and thus so should PHPMailer in general -* Improve Czech translations -* Add links to CVE-2017-5223 resources - -## Version 5.2.22 (January 5th 2017) -* **SECURITY** Fix [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223), local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to `msgHTML()` without a `$basedir` will not import images with relative URLs, and relative URLs containing `..` will be ignored. -* Add simple contact form example -* Emoji in test content - -## Version 5.2.21 (December 28th 2016) -* Fix missed number update in version file - no functional changes - -## Version 5.2.20 (December 28th 2016) -* **SECURITY** Critical security update for CVE-2016-10045 please update now! Thanks to [Dawid Golunski](https://legalhackers.com) and Paul Buonopane (@Zenexer). -* Note that this change will break VERP addresses in Sender if you're using mail() - workaround: use SMTP to localhost instead. - -## Version 5.2.19 (December 26th 2016) -* Minor cleanup - -## Version 5.2.18 (December 24th 2016) -* **SECURITY** Critical security update for CVE-2016-10033 please update now! Thanks to [Dawid Golunski](https://legalhackers.com). -* Add ability to extract the SMTP transaction ID from some common SMTP success messages -* Minor documentation tweaks - -## Version 5.2.17 (December 9th 2016) -* This is officially the last feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! -* Allow DKIM private key to be provided as a string -* Provide mechanism to allow overriding of boundary and message ID creation -* Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations -* PHP 7.1 support for Travis-CI -* Fix some language codes -* Add security notices -* Improve DKIM compatibility in older PHP versions -* Improve trapping and capture of SMTP connection errors -* Improve passthrough of error levels for debug output -* PHPDoc cleanup - -## Version 5.2.16 (June 6th 2016) -* Added DKIM example -* Fixed empty additional_parameters problem -* Fixed wrong version number in VERSION file! -* Improve line-length tests -* Use instance settings for SMTP::connect by default -* Use more secure auth mechanisms first - -## Version 5.2.15 (May 10th 2016) -* Added ability to inject custom address validators, and set the default validator -* Fix TLS 1.2 compatibility -* Remove some excess line breaks in MIME structure -* Updated Polish, Russian, Brazilian Portuguese, Georgian translations -* More DRY! -* Improve error messages -* Update dependencies -* Add example showing how to handle multiple form file uploads -* Improve SMTP example -* Improve Windows compatibility -* Use consistent names for temp files -* Fix gmail XOAUTH2 scope, thanks to @sherryl4george -* Fix extra line break in getSentMIMEMessage() -* Improve DKIM signing to use SHA-2 - -## Version 5.2.14 (Nov 1st 2015) -* Allow addresses with IDN (Internationalized Domain Name) in PHP 5.3+, thanks to @fbonzon -* Allow access to POP3 errors -* Make all POP3 private properties and methods protected -* **SECURITY** Fix vulnerability that allowed email addresses with line breaks (valid in RFC5322) to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada. -* Updated Brazilian Portuguese translations (Thanks to @phelipealves) - -## Version 5.2.13 (Sep 14th 2015) -* Rename internal oauth class to avoid name clashes -* Improve Estonian translations - -## Version 5.2.12 (Sep 1st 2015) -* Fix incorrect composer package dependencies -* Skip existing embedded image `cid`s in `msgHTML` - -## Version 5.2.11 (Aug 31st 2015) -* Don't switch to quoted-printable for long lines if already using base64 -* Fixed Travis-CI config when run on PHP 7 -* Added Google XOAUTH2 authentication mechanism, thanks to @sherryl4george -* Add address parser for RFC822-format addresses -* Update MS Office MIME types -* Don't convert line breaks when using quoted-printable encoding -* Handle MS Exchange returning an invalid empty AUTH-type list in EHLO -* Don't set name or filename properties on MIME parts that don't have one - -## Version 5.2.10 (May 4th 2015) -* Add custom header getter -* Use `application/javascript` for .js attachments -* Improve RFC2821 compliance for timelimits, especially for end-of-data -* Add Azerbaijani translations (Thanks to @mirjalal) -* Minor code cleanup for robustness -* Add Indonesian translations (Thanks to @ceceprawiro) -* Avoid `error_log` Debugoutput naming clash -* Add ability to parse server capabilities in response to EHLO (useful for SendGrid etc) -* Amended default values for WordWrap to match RFC -* Remove html2text converter class (has incompatible license) -* Provide new mechanism for injecting html to text converters -* Improve pointers to docs and support in README -* Add example file upload script -* Refactor and major cleanup of EasyPeasyICS, now a lot more usable -* Make set() method simpler and more reliable -* Add Malay translation (Thanks to @nawawi) -* Add Bulgarian translation (Thanks to @mialy) -* Add Armenian translation (Thanks to Hrayr Grigoryan) -* Add Slovenian translation (Thanks to Klemen Tušar) -* More efficient word wrapping -* Add support for S/MIME signing with additional CA certificate (thanks to @IgitBuh) -* Fix incorrect MIME structure when using S/MIME signing and isMail() (#372) -* Improved checks and error messages for missing extensions -* Store and report SMTP errors more consistently -* Add MIME multipart preamble for better Outlook compatibility -* Enable TLS encryption automatically if the server offers it -* Provide detailed errors when individual recipients fail -* Report more errors when connecting -* Add extras classes to composer classmap -* Expose stream_context_create options via new SMTPOptions property -* Automatic encoding switch to quoted-printable if message lines are too long -* Add Korean translation (Thanks to @ChalkPE) -* Provide a pointer to troubleshooting docs on SMTP connection failure - -## Version 5.2.9 (Sept 25th 2014) -* **Important: The autoloader is no longer autoloaded by the PHPMailer class** -* Update html2text from https://github.com/mtibben/html2text -* Improve Arabic translations (Thanks to @tarekdj) -* Consistent handling of connection variables in SMTP and POP3 -* PHPDoc cleanup -* Update composer to use PHPUnit 4.1 -* Pass consistent params to callbacks -* More consistent handling of error states and debug output -* Use property defaults, remove constructors -* Remove unreachable code -* Use older regex validation pattern for troublesome PCRE library versions -* Improve PCRE detection in older PHP versions -* Handle debug output consistently, and always in UTF-8 -* Allow user-defined debug output method via a callable -* msgHTML now converts data URIs to embedded images -* SMTP::getLastReply() will now always be populated -* Improved example code in README -* Ensure long filenames in Content-Disposition are encoded correctly -* Simplify SMTP debug output mechanism, clarify levels with constants -* Add SMTP connection check example -* Simplify examples, don't use mysql* functions - -## Version 5.2.8 (May 14th 2014) -* Increase timeout to match RFC2821 section 4.5.3.2 and thus not fail greetdelays, fixes #104 -* Add timestamps to default debug output -* Add connection events and new level 3 to debug output options -* Chinese language update (Thanks to @binaryoung) -* Allow custom Mailer types (Thanks to @michield) -* Cope with spaces around SMTP host specs -* Fix processing of multiple hosts in connect string -* Added Galician translation (Thanks to @donatorouco) -* Autoloader now prepends -* Docs updates -* Add Latvian translation (Thanks to @eddsstudio) -* Add Belarusian translation (Thanks to @amaksymiuk) -* Make autoloader work better on older PHP versions -* Avoid double-encoding if mbstring is overloading mail() -* Add Portuguese translation (Thanks to @Jonadabe) -* Make quoted-printable encoder respect line ending setting -* Improve Chinese translation (Thanks to @PeterDaveHello) -* Add Georgian translation (Thanks to @akalongman) -* Add Greek translation (Thanks to @lenasterg) -* Fix serverHostname on PHP < 5.3 -* Improve performance of SMTP class -* Implement automatic 7bit downgrade -* Add Vietnamese translation (Thanks to @vinades) -* Improve example images, switch to PNG -* Add Croatian translation (Thanks to @hrvoj3e) -* Remove setting the Return-Path and deprecate the Return-path property - it's just wrong! -* Fix language file loading if CWD has changed (@stephandesouza) -* Add HTML5 email validation pattern -* Improve Turkish translations (Thanks to @yasinaydin) -* Improve Romanian translations (Thanks to @aflorea) -* Check php.ini for path to sendmail/qmail before using default -* Improve Farsi translation (Thanks to @MHM5000) -* Don't use quoted-printable encoding for multipart types -* Add Serbian translation (Thanks to ajevremovic at gmail.com) -* Remove useless PHP5 check -* Use SVG for build status badges -* Store MessageDate on creation -* Better default behaviour for validateAddress - -## Version 5.2.7 (September 12th 2013) -* Add Ukrainian translation from @Krezalis -* Support for do_verp -* Fix bug in CRAM-MD5 AUTH -* Propagate Debugoutput option to SMTP class (@Reblutus) -* Determine MIME type of attachments automatically -* Add cross-platform, multibyte-safe pathinfo replacement (with tests) and use it -* Add a new 'html' Debugoutput type -* Clean up SMTP debug output, remove embedded HTML -* Some small changes in header formatting to improve IETF msglint test results -* Update test_script to use some recently changed features, rename to code_generator -* Generated code actually works! -* Update SyntaxHighlighter -* Major overhaul and cleanup of example code -* New PHPMailer graphic -* msgHTML now uses RFC2392-compliant content ids -* Add line break normalization function and use it in msgHTML -* Don't set unnecessary reply-to addresses -* Make fakesendmail.sh a bit cleaner and safer -* Set a content-transfer-encoding on multiparts (fixes msglint error) -* Fix cid generation in msgHTML (Thanks to @digitalthought) -* Fix handling of multiple SMTP servers (Thanks to @NanoCaiordo) -* SMTP->connect() now supports stream context options (Thanks to @stanislavdavid) -* Add support for iCal event alternatives (Thanks to @reblutus) -* Update to Polish language file (Thanks to Krzysztof Kowalewski) -* Update to Norwegian language file (Thanks to @datagutten) -* Update to Hungarian language file (Thanks to @dominicus-75) -* Add Persian/Farsi translation from @jaii -* Make SMTPDebug property type match type in SMTP class -* Add unit tests for DKIM -* Major refactor of SMTP class -* Reformat to PSR-2 coding standard -* Introduce autoloader -* Allow overriding of SMTP class -* Overhaul of PHPDocs -* Fix broken Q-encoding -* Czech language update (Thanks to @nemelu) -* Removal of excess blank lines in messages -* Added fake POP server and unit tests for POP-before-SMTP - -## Version 5.2.6 (April 11th 2013) -* Reflect move to PHPMailer GitHub organisation at https://github.com/PHPMailer/PHPMailer -* Fix unbumped version numbers -* Update packagist.org with new location -* Clean up Changelog - -## Version 5.2.5 (April 6th 2013) -* First official release after move from Google Code -* Fixes for qmail when sending via mail() -* Merge in changes from Google code 5.2.4 release -* Minor coding standards cleanup in SMTP class -* Improved unit tests, now tests S/MIME signing -* Travis-CI support on GitHub, runs tests with fake SMTP server - -## Version 5.2.4 (February 19, 2013) -* Fix tag and version bug. -* un-deprecate isSMTP(), isMail(), IsSendmail() and isQmail(). -* Numerous translation updates - -## Version 5.2.3 (February 8, 2013) -* Fix issue with older PCREs and ValidateAddress() (Bugz: 124) -* Add CRAM-MD5 authentication, thanks to Elijah madden, https://github.com/okonomiyaki3000 -* Replacement of obsolete Quoted-Printable encoder with a much better implementation -* Composer package definition -* New language added: Hebrew - -## Version 5.2.2 (December 3, 2012) -* Some fixes and syncs from https://github.com/Synchro/PHPMailer -* Add Slovak translation, thanks to Michal Tinka - -## Version 5.2.2-rc2 (November 6, 2012) -* Fix SMTP server rotation (Bugz: 118) -* Allow override of autogen'ed 'Date' header (for Drupal's - og_mailinglist module) -* No whitespace after '-f' option (Bugz: 116) -* Work around potential warning (Bugz: 114) - -## Version 5.2.2-rc1 (September 28, 2012) -* Header encoding works with long lines (Bugz: 93) -* Turkish language update (Bugz: 94) -* undefined $pattern in EncodeQ bug squashed (Bugz: 98) -* use of mail() in safe_mode now works (Bugz: 96) -* ValidateAddress() now 'public static' so people can override the - default and use their own validation scheme. -* ValidateAddress() no longer uses broken FILTER_VALIDATE_EMAIL -* Added in AUTH PLAIN SMTP authentication - -## Version 5.2.2-beta2 (August 17, 2012) -* Fixed Postfix VERP support (Bugz: 92) -* Allow action_function callbacks to pass/use - the From address (passed as final param) -* Prevent inf look for get_lines() (Bugz: 77) -* New public var ($UseSendmailOptions). Only pass sendmail() - options iff we really are using sendmail or something sendmail - compatible. (Bugz: 75) -* default setting for LE returned to "\n" due to popular demand. - -## Version 5.2.2-beta1 (July 13, 2012) -* Expose PreSend() and PostSend() as public methods to allow - for more control if serializing message sending. -* GetSentMIMEMessage() only constructs the message copy when - needed. Save memory. -* Only pass params to mail() if the underlying MTA is - "sendmail" (as defined as "having the string sendmail - in its pathname") [#69] -* Attachments now work with Amazon SES and others [Bugz#70] -* Debug output now sent to stdout (via echo) or error_log [Bugz#5] -* New var: Debugoutput (for above) [Bugz#5] -* SMTP reads now Timeout aware (new var: Timeout=15) [Bugz#71] -* SMTP reads now can have a Timelimit associated with them - (new var: Timelimit=30)[Bugz#71] -* Fix quoting issue associated with charsets -* default setting for LE is now RFC compliant: "\r\n" -* Return-Path can now be user defined (new var: ReturnPath) - (the default is "" which implies no change from previous - behavior, which was to use either From or Sender) [Bugz#46] -* X-Mailer header can now be disabled (by setting to a - whitespace string, eg " ") [Bugz#66] -* Bugz closed: #68, #60, #42, #43, #59, #55, #66, #48, #49, - #52, #31, #41, #5. #70, #69 - -## Version 5.2.1 (January 16, 2012) -* Closed several bugs #5 -* Performance improvements -* MsgHTML() now returns the message as required. -* New method: GetSentMIMEMessage() (returns full copy of sent message) - -## Version 5.2 (July 19, 2011) -* protected MIME body and header -* better DKIM DNS Resource Record support -* better aly handling -* htmlfilter class added to extras -* moved to Apache Extras - -## Version 5.1 (October 20, 2009) -* fixed filename issue with AddStringAttachment (thanks to Tony) -* fixed "SingleTo" property, now works with Senmail, Qmail, and SMTP in - addition to PHP mail() -* added DKIM digital signing functionality, new properties: - - DKIM_domain (sets the domain name) - - DKIM_private (holds DKIM private key) - - DKIM_passphrase (holds your DKIM passphrase) - - DKIM_selector (holds the DKIM "selector") - - DKIM_identity (holds the identifying email address) -* added callback function support - - callback function parameters include: - result, to, cc, bcc, subject and body - - see the test/test_callback.php file for usage. -* added "auto" identity functionality - - can automatically add: - - Return-path (if Sender not set) - - Reply-To (if ReplyTo not set) - - can be disabled: - - $mail->SetFrom('yourname@yourdomain.com','First Last',false); - - or by adding the $mail->Sender and/or $mail->ReplyTo properties - -Note: "auto" identity added to help with emails ending up in spam or junk boxes because of missing headers - -## Version 5.0.2 (May 24, 2009) -* Fix for missing attachments when inline graphics are present -* Fix for missing Cc in header when using SMTP (mail was sent, - but not displayed in header -- Cc receiver only saw email To: - line and no Cc line, but did get the email (To receiver - saw same) - -## Version 5.0.1 (April 05, 2009) -* Temporary fix for missing attachments - -## Version 5.0.0 (April 02, 2009) -With the release of this version, we are initiating a new version numbering -system to differentiate from the PHP4 version of PHPMailer. -Most notable in this release is fully object oriented code. - -### class.smtp.php: -* Refactored class.smtp.php to support new exception handling -* code size reduced from 29.2 Kb to 25.6 Kb -* Removed unnecessary functions from class.smtp.php: - - public function Expand($name) { - - public function Help($keyword="") { - - public function Noop() { - - public function Send($from) { - - public function SendOrMail($from) { - - public function Verify($name) { - -### class.phpmailer.php: -* Refactored class.phpmailer.php with new exception handling -* Changed processing functionality of Sendmail and Qmail so they cannot be - inadvertently used -* removed getFile() function, just became a simple wrapper for - file_get_contents() -* added check for PHP version (will gracefully exit if not at least PHP 5.0) -* enhanced code to check if an attachment source is the same as an embedded or - inline graphic source to eliminate duplicate attachments - -### New /test_script -We have written a test script you can use to test the script as part of your -installation. Once you press submit, the test script will send a multi-mime -email with either the message you type in or an HTML email with an inline -graphic. Two attachments are included in the email (one of the attachments -is also the inline graphic so you can see that only one copy of the graphic -is sent in the email). The test script will also display the functional -script that you can copy/paste to your editor to duplicate the functionality. - -### New examples -All new examples in both basic and advanced modes. Advanced examples show - Exception handling. - -### PHPDocumentator (phpdocs) documentation for PHPMailer version 5.0.0 -All new documentation - -## Version 2.3 (November 06, 2008) -* added Arabic language (many thanks to Bahjat Al Mostafa) -* removed English language from language files and made it a default within - class.phpmailer.php - if no language is found, it will default to use - the english language translation -* fixed public/private declarations -* corrected line 1728, $basedir to $directory -* added $sign_cert_file to avoid improper duplicate use of $sign_key_file -* corrected $this->Hello on line 612 to $this->Helo -* changed default of $LE to "\r\n" to comply with RFC 2822. Can be set by the user - if default is not acceptable -* removed trim() from return results in EncodeQP -* /test and three files it contained are removed from version 2.3 -* fixed phpunit.php for compliance with PHP5 -* changed $this->AltBody = $textMsg; to $this->AltBody = html_entity_decode($textMsg); -* We have removed the /phpdoc from the downloads. All documentation is now on - the http://phpmailer.codeworxtech.com website. - -## Version 2.2.1 () July 19 2008 -* fixed line 1092 in class.smtp.php (my apologies, error on my part) - -## Version 2.2 () July 15 2008 -* Fixed redirect issue (display of UTF-8 in thank you redirect) -* fixed error in getResponse function declaration (class.pop3.php) -* PHPMailer now PHP6 compliant -* fixed line 1092 in class.smtp.php (endless loop from missing = sign) - -## Version 2.1 (Wed, June 04 2008) -NOTE: WE HAVE A NEW LANGUAGE VARIABLE FOR DIGITALLY SIGNED S/MIME EMAILS. IF YOU CAN HELP WITH LANGUAGES OTHER THAN ENGLISH AND SPANISH, IT WOULD BE APPRECIATED. - -* added S/MIME functionality (ability to digitally sign emails) - BIG THANKS TO "sergiocambra" for posting this patch back in November 2007. - The "Signed Emails" functionality adds the Sign method to pass the private key - filename and the password to read it, and then email will be sent with - content-type multipart/signed and with the digital signature attached. -* fully compatible with E_STRICT error level - - Please note: - In about half the test environments this development version was subjected - to, an error was thrown for the date() functions used (line 1565 and 1569). - This is NOT a PHPMailer error, it is the result of an incorrectly configured - PHP5 installation. The fix is to modify your 'php.ini' file and include the - date.timezone = Etc/UTC (or your own zone) - directive, to your own server timezone - - If you do get this error, and are unable to access your php.ini file: - In your PHP script, add - `date_default_timezone_set('Etc/UTC');` - - do not try to use - `$myVar = date_default_timezone_get();` - as a test, it will throw an error. -* added ability to define path (mainly for embedded images) - function `MsgHTML($message,$basedir='')` ... where: - `$basedir` is the fully qualified path -* fixed `MsgHTML()` function: - - Embedded Images where images are specified by `://` will not be altered or embedded -* fixed the return value of SMTP exit code ( pclose ) -* addressed issue of multibyte characters in subject line and truncating -* added ability to have user specified Message ID - (default is still that PHPMailer create a unique Message ID) -* corrected unidentified message type to 'application/octet-stream' -* fixed chunk_split() multibyte issue (thanks to Colin Brown, et al). -* added check for added attachments -* enhanced conversion of HTML to text in MsgHTML (thanks to "brunny") - -## Version 2.1.0beta2 (Sun, Dec 02 2007) -* implemented updated EncodeQP (thanks to coolbru, aka Marcus Bointon) -* finished all testing, all known bugs corrected, enhancements tested - -Note: will NOT work with PHP4. - -Please note, this is BETA software **DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS; INTENDED STRICTLY FOR TESTING** - -## Version 2.1.0beta1 -Please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS - INTENDED STRICTLY FOR TESTING - -## Version 2.0.0 rc2 (Fri, Nov 16 2007), interim release -* implements new property to control VERP in class.smtp.php - example (requires instantiating class.smtp.php): - $mail->do_verp = true; -* POP-before-SMTP functionality included, thanks to Richard Davey - (see class.pop3.php & pop3_before_smtp_test.php for examples) -* included example showing how to use PHPMailer with GMAIL -* fixed the missing Cc in SendMail() and Mail() - -## Version 2.0.0 rc1 (Thu, Nov 08 2007), interim release -* dramatically simplified using inline graphics ... it's fully automated and requires no user input -* added automatic document type detection for attachments and pictures -* added MsgHTML() function to replace Body tag for HTML emails -* fixed the SendMail security issues (input validation vulnerability) -* enhanced the AddAddresses functionality so that the "Name" portion is used in the email address -* removed the need to use the AltBody method (set from the HTML, or default text used) -* set the PHP Mail() function as the default (still support SendMail, SMTP Mail) -* removed the need to set the IsHTML property (set automatically) -* added Estonian language file by Indrek Päri -* added header injection patch -* added "set" method to permit users to create their own pseudo-properties like 'X-Headers', etc. -* fixed warning message in SMTP get_lines method -* added TLS/SSL SMTP support. -* PHPMailer has been tested with PHP4 (4.4.7) and PHP5 (5.2.7) -* Works with PHP installed as a module or as CGI-PHP -NOTE: will NOT work with PHP5 in E_STRICT error mode - -## Version 1.73 (Sun, Jun 10 2005) -* Fixed denial of service bug: http://www.cybsec.com/vuln/PHPMailer-DOS.pdf -* Now has a total of 20 translations -* Fixed alt attachments bug: http://tinyurl.com/98u9k - -## Version 1.72 (Wed, May 25 2004) -* Added Dutch, Swedish, Czech, Norwegian, and Turkish translations. -* Received: Removed this method because spam filter programs like - SpamAssassin reject this header. -* Fixed error count bug. -* SetLanguage default is now "language/". -* Fixed magic_quotes_runtime bug. - -## Version 1.71 (Tue, Jul 28 2003) -* Made several speed enhancements -* Added German and Italian translation files -* Fixed HELO/AUTH bugs on keep-alive connects -* Now provides an error message if language file does not load -* Fixed attachment EOL bug -* Updated some unclear documentation -* Added additional tests and improved others - -## Version 1.70 (Mon, Jun 20 2003) -* Added SMTP keep-alive support -* Added IsError method for error detection -* Added error message translation support (SetLanguage) -* Refactored many methods to increase library performance -* Hello now sends the newer EHLO message before HELO as per RFC 2821 -* Removed the boundary class and replaced it with GetBoundary -* Removed queue support methods -* New $Hostname variable -* New Message-ID header -* Received header reformat -* Helo variable default changed to $Hostname -* Removed extra spaces in Content-Type definition (#667182) -* Return-Path should be set to Sender when set -* Adds Q or B encoding to headers when necessary -* quoted-encoding should now encode NULs \000 -* Fixed encoding of body/AltBody (#553370) -* Adds "To: undisclosed-recipients:;" when all recipients are hidden (BCC) -* Multiple bug fixes - -## Version 1.65 (Fri, Aug 09 2002) -* Fixed non-visible attachment bug (#585097) for Outlook -* SMTP connections are now closed after each transaction -* Fixed SMTP::Expand return value -* Converted SMTP class documentation to phpDocumentor format - -## Version 1.62 (Wed, Jun 26 2002) -* Fixed multi-attach bug -* Set proper word wrapping -* Reduced memory use with attachments -* Added more debugging -* Changed documentation to phpDocumentor format - -## Version 1.60 (Sat, Mar 30 2002) -* Sendmail pipe and address patch (Christian Holtje) -* Added embedded image and read confirmation support (A. Ognio) -* Added unit tests -* Added SMTP timeout support (*nix only) -* Added possibly temporary PluginDir variable for SMTP class -* Added LE message line ending variable -* Refactored boundary and attachment code -* Eliminated SMTP class warnings -* Added SendToQueue method for future queuing support - -## Version 1.54 (Wed, Dec 19 2001) -* Add some queuing support code -* Fixed a pesky multi/alt bug -* Messages are no longer forced to have "To" addresses - -## Version 1.50 (Thu, Nov 08 2001) -* Fix extra lines when not using SMTP mailer -* Set WordWrap variable to int with a zero default - -## Version 1.47 (Tue, Oct 16 2001) -* Fixed Received header code format -* Fixed AltBody order error -* Fixed alternate port warning - -## Version 1.45 (Tue, Sep 25 2001) -* Added enhanced SMTP debug support -* Added support for multiple ports on SMTP -* Added Received header for tracing -* Fixed AddStringAttachment encoding -* Fixed possible header name quote bug -* Fixed wordwrap() trim bug -* Couple other small bug fixes - -## Version 1.41 (Wed, Aug 22 2001) -* Fixed AltBody bug w/o attachments -* Fixed rfc_date() for certain mail servers - -## Version 1.40 (Sun, Aug 12 2001) -* Added multipart/alternative support (AltBody) -* Documentation update -* Fixed bug in Mercury MTA - -## Version 1.29 (Fri, Aug 03 2001) -* Added AddStringAttachment() method -* Added SMTP authentication support - -## Version 1.28 (Mon, Jul 30 2001) -* Fixed a typo in SMTP class -* Fixed header issue with Imail (win32) SMTP server -* Made fopen() calls for attachments use "rb" to fix win32 error - -## Version 1.25 (Mon, Jul 02 2001) -* Added RFC 822 date fix (Patrice) -* Added improved error handling by adding a $ErrorInfo variable -* Removed MailerDebug variable (obsolete with new error handler) - -## Version 1.20 (Mon, Jun 25 2001) -* Added quoted-printable encoding (Patrice) -* Set Version as public and removed PrintVersion() -* Changed phpdoc to only display public variables and methods - -## Version 1.19 (Thu, Jun 21 2001) -* Fixed MS Mail header bug -* Added fix for Bcc problem with mail(). *Does not work on Win32* - (See PHP bug report: http://www.php.net/bugs.php?id=11616) -* mail() no longer passes a fifth parameter when not needed - -## Version 1.15 (Fri, Jun 15 2001) -Note: these changes contributed by Patrice Fournier -* Changed all remaining \n to \r\n -* Bcc: header no longer written to message except - when sent directly to sendmail -* Added a small message to non-MIME compliant mail reader -* Added Sender variable to change the Sender email - used in -f for sendmail/mail and in 'MAIL FROM' for smtp mode -* Changed boundary setting to a place it will be set only once -* Removed transfer encoding for whole message when using multipart -* Message body now uses Encoding in multipart messages -* Can set encoding and type to attachments 7bit, 8bit - and binary attachment are sent as is, base64 are encoded -* Can set Encoding to base64 to send 8 bits body - through 7 bits servers - -## Version 1.10 (Tue, Jun 12 2001) -* Fixed win32 mail header bug (printed out headers in message body) - -## Version 1.09 (Fri, Jun 08 2001) -* Changed date header to work with Netscape mail programs -* Altered phpdoc documentation - -## Version 1.08 (Tue, Jun 05 2001) -* Added enhanced error-checking -* Added phpdoc documentation to source - -## Version 1.06 (Fri, Jun 01 2001) -* Added optional name for file attachments - -## Version 1.05 (Tue, May 29 2001) -* Code cleanup -* Eliminated sendmail header warning message -* Fixed possible SMTP error - -## Version 1.03 (Thu, May 24 2001) -* Fixed problem where qmail sends out duplicate messages - -## Version 1.02 (Wed, May 23 2001) -* Added multiple recipient and attachment Clear* methods -* Added Sendmail public variable -* Fixed problem with loading SMTP library multiple times - -## Version 0.98 (Tue, May 22 2001) -* Fixed problem with redundant mail hosts sending out multiple messages -* Added additional error handler code -* Added AddCustomHeader() function -* Added support for Microsoft mail client headers (affects priority) -* Fixed small bug with Mailer variable -* Added PrintVersion() function - -## Version 0.92 (Tue, May 15 2001) -* Changed file names to class.phpmailer.php and class.smtp.php to match - current PHP class trend. -* Fixed problem where body not being printed when a message is attached -* Several small bug fixes - -## Version 0.90 (Tue, April 17 2001) -* Initial public release diff --git a/lib/phpmailer/language/phpmailer.lang-ar.php b/lib/phpmailer/language/phpmailer.lang-ar.php index 790e2a5ec81..865d0b7329e 100644 --- a/lib/phpmailer/language/phpmailer.lang-ar.php +++ b/lib/phpmailer/language/phpmailer.lang-ar.php @@ -24,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'خطأ في التوقيع: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() غير ممكن.'; $PHPMAILER_LANG['smtp_error'] = 'خطأ على مستوى الخادم SMTP: '; $PHPMAILER_LANG['variable_set'] = 'لا يمكن تعيين أو إعادة تعيين متغير: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'الإضافة غير موجودة: '; diff --git a/lib/phpmailer/language/phpmailer.lang-eo.php b/lib/phpmailer/language/phpmailer.lang-eo.php index 2cf7d5c793e..5ca6cb70952 100644 --- a/lib/phpmailer/language/phpmailer.lang-eo.php +++ b/lib/phpmailer/language/phpmailer.lang-eo.php @@ -22,4 +22,4 @@ $PHPMAILER_LANG['signing'] = 'Eraro de subskribo: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP konektado malsukcesis.'; $PHPMAILER_LANG['smtp_error'] = 'Eraro de servilo SMTP : '; $PHPMAILER_LANG['variable_set'] = 'Variablo ne pravalorizeblas aŭ ne repravalorizeblas: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Mankas etendo: '; diff --git a/lib/phpmailer/language/phpmailer.lang-es.php b/lib/phpmailer/language/phpmailer.lang-es.php index d2eac8d354e..f2c4e8316c0 100644 --- a/lib/phpmailer/language/phpmailer.lang-es.php +++ b/lib/phpmailer/language/phpmailer.lang-es.php @@ -8,7 +8,7 @@ $PHPMAILER_LANG['authenticate'] = 'Error SMTP: Imposible autentificar.'; $PHPMAILER_LANG['connect_host'] = 'Error SMTP: Imposible conectar al servidor SMTP.'; $PHPMAILER_LANG['data_not_accepted'] = 'Error SMTP: Datos no aceptados.'; -$PHPMAILER_LANG['empty_message'] = 'El cuerpo del mensaje está vacío'; +$PHPMAILER_LANG['empty_message'] = 'El cuerpo del mensaje está vacío.'; $PHPMAILER_LANG['encoding'] = 'Codificación desconocida: '; $PHPMAILER_LANG['execute'] = 'Imposible ejecutar: '; $PHPMAILER_LANG['file_access'] = 'Imposible acceder al archivo: '; diff --git a/lib/phpmailer/language/phpmailer.lang-hi.php b/lib/phpmailer/language/phpmailer.lang-hi.php new file mode 100644 index 00000000000..607a5ee3f9b --- /dev/null +++ b/lib/phpmailer/language/phpmailer.lang-hi.php @@ -0,0 +1,26 @@ + + */ + +$PHPMAILER_LANG['authenticate'] = 'SMTP त्रुटि: प्रामाणिकता की जांच नहीं हो सका। '; +$PHPMAILER_LANG['connect_host'] = 'SMTP त्रुटि: SMTP सर्वर से कनेक्ट नहीं हो सका। '; +$PHPMAILER_LANG['data_not_accepted'] = 'SMTP त्रुटि: डेटा स्वीकार नहीं किया जाता है। '; +$PHPMAILER_LANG['empty_message'] = 'संदेश खाली है। '; +$PHPMAILER_LANG['encoding'] = 'अज्ञात एन्कोडिंग प्रकार। '; +$PHPMAILER_LANG['execute'] = 'आदेश को निष्पादित करने में विफल। '; +$PHPMAILER_LANG['file_access'] = 'फ़ाइल उपलब्ध नहीं है। '; +$PHPMAILER_LANG['file_open'] = 'फ़ाइल त्रुटि: फाइल को खोला नहीं जा सका। '; +$PHPMAILER_LANG['from_failed'] = 'प्रेषक का पता गलत है। '; +$PHPMAILER_LANG['instantiate'] = 'मेल फ़ंक्शन कॉल नहीं कर सकता है।'; +$PHPMAILER_LANG['invalid_address'] = 'पता गलत है। '; +$PHPMAILER_LANG['mailer_not_supported'] = 'मेल सर्वर के साथ काम नहीं करता है। '; +$PHPMAILER_LANG['provide_address'] = 'आपको कम से कम एक प्राप्तकर्ता का ई-मेल पता प्रदान करना होगा।'; +$PHPMAILER_LANG['recipients_failed'] = 'SMTP त्रुटि: निम्न प्राप्तकर्ताओं को पते भेजने में विफल। '; +$PHPMAILER_LANG['signing'] = 'साइनअप त्रुटि:। '; +$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP का connect () फ़ंक्शन विफल हुआ। '; +$PHPMAILER_LANG['smtp_error'] = 'SMTP सर्वर त्रुटि। '; +$PHPMAILER_LANG['variable_set'] = 'चर को बना या संशोधित नहीं किया जा सकता। '; +$PHPMAILER_LANG['extension_missing'] = 'एक्सटेन्षन गायब है: '; diff --git a/lib/phpmailer/language/phpmailer.lang-hu.php b/lib/phpmailer/language/phpmailer.lang-hu.php index d7ca8887020..196cddc224f 100644 --- a/lib/phpmailer/language/phpmailer.lang-hu.php +++ b/lib/phpmailer/language/phpmailer.lang-hu.php @@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing'] = 'Hibás aláírás: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Hiba az SMTP-kapcsolatban.'; $PHPMAILER_LANG['smtp_error'] = 'SMTP-szerver hiba: '; $PHPMAILER_LANG['variable_set'] = 'A következő változók beállítása nem sikerült: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Bővítmény hiányzik: '; diff --git a/lib/phpmailer/language/phpmailer.lang-id.php b/lib/phpmailer/language/phpmailer.lang-id.php index e57b5240b62..ba6ca5faca9 100644 --- a/lib/phpmailer/language/phpmailer.lang-id.php +++ b/lib/phpmailer/language/phpmailer.lang-id.php @@ -3,24 +3,25 @@ * Indonesian PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Cecep Prawiro + * @author @januridp */ -$PHPMAILER_LANG['authenticate'] = 'Kesalahan SMTP: Tidak dapat mengautentikasi.'; +$PHPMAILER_LANG['authenticate'] = 'Kesalahan SMTP: Tidak dapat mengotentikasi.'; $PHPMAILER_LANG['connect_host'] = 'Kesalahan SMTP: Tidak dapat terhubung ke host SMTP.'; -$PHPMAILER_LANG['data_not_accepted'] = 'Kesalahan SMTP: Data tidak diterima peladen.'; +$PHPMAILER_LANG['data_not_accepted'] = 'Kesalahan SMTP: Data tidak diterima.'; $PHPMAILER_LANG['empty_message'] = 'Isi pesan kosong'; $PHPMAILER_LANG['encoding'] = 'Pengkodean karakter tidak dikenali: '; $PHPMAILER_LANG['execute'] = 'Tidak dapat menjalankan proses : '; $PHPMAILER_LANG['file_access'] = 'Tidak dapat mengakses berkas : '; -$PHPMAILER_LANG['file_open'] = 'Kesalahan File: Berkas tidak bisa dibuka : '; -$PHPMAILER_LANG['from_failed'] = 'Alamat pengirim berikut mengakibatkan error : '; -$PHPMAILER_LANG['instantiate'] = 'Tidak dapat menginisialisasi fungsi email'; -$PHPMAILER_LANG['invalid_address'] = 'Gagal terkirim, alamat email tidak valid : '; +$PHPMAILER_LANG['file_open'] = 'Kesalahan File: Berkas tidak dapat dibuka : '; +$PHPMAILER_LANG['from_failed'] = 'Alamat pengirim berikut mengakibatkan kesalahan : '; +$PHPMAILER_LANG['instantiate'] = 'Tidak dapat menginisialisasi fungsi surel'; +$PHPMAILER_LANG['invalid_address'] = 'Gagal terkirim, alamat surel tidak benar : '; $PHPMAILER_LANG['provide_address'] = 'Harus disediakan minimal satu alamat tujuan'; -$PHPMAILER_LANG['mailer_not_supported'] = 'Mailer tidak didukung'; -$PHPMAILER_LANG['recipients_failed'] = 'Kesalahan SMTP: Alamat tujuan berikut menghasilkan error : '; +$PHPMAILER_LANG['mailer_not_supported'] = ' mailer tidak didukung'; +$PHPMAILER_LANG['recipients_failed'] = 'Kesalahan SMTP: Alamat tujuan berikut menghasilkan kesalahan : '; $PHPMAILER_LANG['signing'] = 'Kesalahan dalam tanda tangan : '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() gagal.'; -$PHPMAILER_LANG['smtp_error'] = 'Kesalahan peladen SMTP : '; -$PHPMAILER_LANG['variable_set'] = 'Tidak berhasil mengatur atau mengatur ulang variable : '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['smtp_error'] = 'Kesalahan pada pelayan SMTP : '; +$PHPMAILER_LANG['variable_set'] = 'Tidak dapat mengatur atau mengatur ulang variable : '; +$PHPMAILER_LANG['extension_missing'] = 'Ekstensi hilang: '; diff --git a/lib/phpmailer/language/phpmailer.lang-it.php b/lib/phpmailer/language/phpmailer.lang-it.php index d2f4643e715..e67b6f72c6e 100644 --- a/lib/phpmailer/language/phpmailer.lang-it.php +++ b/lib/phpmailer/language/phpmailer.lang-it.php @@ -24,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'Errore nella firma: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() fallita.'; $PHPMAILER_LANG['smtp_error'] = 'Errore del server SMTP: '; $PHPMAILER_LANG['variable_set'] = 'Impossibile impostare o resettare la variabile: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Estensione mancante: '; diff --git a/lib/phpmailer/language/phpmailer.lang-mg.php b/lib/phpmailer/language/phpmailer.lang-mg.php new file mode 100644 index 00000000000..f4c7563030c --- /dev/null +++ b/lib/phpmailer/language/phpmailer.lang-mg.php @@ -0,0 +1,25 @@ + + */ +$PHPMAILER_LANG['authenticate'] = 'Hadisoana SMTP: Tsy nahomby ny fanamarinana.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP Error: Tsy afaka mampifandray amin\'ny mpampiantrano SMTP.'; +$PHPMAILER_LANG['data_not_accepted'] = 'SMTP diso: tsy voarakitra ny angona.'; +$PHPMAILER_LANG['empty_message'] = 'Tsy misy ny votoaty mailaka.'; +$PHPMAILER_LANG['encoding'] = 'Tsy fantatra encoding: '; +$PHPMAILER_LANG['execute'] = 'Tsy afaka manatanteraka ity baiko manaraka ity: '; +$PHPMAILER_LANG['file_access'] = 'Tsy nahomby ny fidirana amin\'ity rakitra ity: '; +$PHPMAILER_LANG['file_open'] = 'Hadisoana diso: Tsy afaka nanokatra ity file manaraka ity: '; +$PHPMAILER_LANG['from_failed'] = 'Ny adiresy iraka manaraka dia diso: '; +$PHPMAILER_LANG['instantiate'] = 'Tsy afaka nanomboka ny hetsika mail.'; +$PHPMAILER_LANG['invalid_address'] = 'Tsy mety ny adiresy: '; +$PHPMAILER_LANG['mailer_not_supported'] = ' mailer tsy manohana.'; +$PHPMAILER_LANG['provide_address'] = 'Alefaso azafady iray adiresy iray farafahakeliny.'; +$PHPMAILER_LANG['recipients_failed'] = 'SMTP Error: Tsy mety ireo mpanaraka ireto: '; +$PHPMAILER_LANG['signing'] = 'Error nandritra ny sonia:'; +$PHPMAILER_LANG['smtp_connect_failed'] = 'Tsy nahomby ny fifandraisana tamin\'ny server SMTP.'; +$PHPMAILER_LANG['smtp_error'] = 'Fahadisoana tamin\'ny server SMTP: '; +$PHPMAILER_LANG['variable_set'] = 'Tsy azo atao ny mametraka na mamerina ny variable: '; +$PHPMAILER_LANG['extension_missing'] = 'Tsy hita ny ampahany: '; diff --git a/lib/phpmailer/language/phpmailer.lang-ms.php b/lib/phpmailer/language/phpmailer.lang-ms.php index 4e2c34083a9..f12a6ad4861 100644 --- a/lib/phpmailer/language/phpmailer.lang-ms.php +++ b/lib/phpmailer/language/phpmailer.lang-ms.php @@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing'] = 'Ralat pada tanda tangan: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() telah gagal.'; $PHPMAILER_LANG['smtp_error'] = 'Ralat pada pelayan SMTP: '; $PHPMAILER_LANG['variable_set'] = 'Tidak boleh menetapkan atau menetapkan semula pembolehubah: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Sambungan hilang: '; diff --git a/lib/phpmailer/language/phpmailer.lang-nb.php b/lib/phpmailer/language/phpmailer.lang-nb.php index 446105422cb..97403e73cae 100644 --- a/lib/phpmailer/language/phpmailer.lang-nb.php +++ b/lib/phpmailer/language/phpmailer.lang-nb.php @@ -7,7 +7,7 @@ $PHPMAILER_LANG['authenticate'] = 'SMTP Feil: Kunne ikke autentisere.'; $PHPMAILER_LANG['connect_host'] = 'SMTP Feil: Kunne ikke koble til SMTP tjener.'; $PHPMAILER_LANG['data_not_accepted'] = 'SMTP Feil: Datainnhold ikke akseptert.'; -$PHPMAILER_LANG['empty_message'] = 'Melding kropp tomt'; +$PHPMAILER_LANG['empty_message'] = 'Meldingsinnhold mangler'; $PHPMAILER_LANG['encoding'] = 'Ukjent koding: '; $PHPMAILER_LANG['execute'] = 'Kunne ikke utføre: '; $PHPMAILER_LANG['file_access'] = 'Får ikke tilgang til filen: '; diff --git a/lib/phpmailer/language/phpmailer.lang-nl.php b/lib/phpmailer/language/phpmailer.lang-nl.php index c36d8b21127..2fb01b2d8f9 100644 --- a/lib/phpmailer/language/phpmailer.lang-nl.php +++ b/lib/phpmailer/language/phpmailer.lang-nl.php @@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing'] = 'Signeerfout: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Verbinding mislukt.'; $PHPMAILER_LANG['smtp_error'] = 'SMTP-serverfout: '; $PHPMAILER_LANG['variable_set'] = 'Kan de volgende variabele niet instellen of resetten: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Extensie afwezig: '; diff --git a/lib/phpmailer/language/phpmailer.lang-sk.php b/lib/phpmailer/language/phpmailer.lang-sk.php index a38f4e52cf2..69cfb0fc1db 100644 --- a/lib/phpmailer/language/phpmailer.lang-sk.php +++ b/lib/phpmailer/language/phpmailer.lang-sk.php @@ -3,6 +3,7 @@ * Slovak PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Michal Tinka + * @author Peter Orlický */ $PHPMAILER_LANG['authenticate'] = 'SMTP Error: Chyba autentifikácie.'; @@ -23,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'Chyba prihlasovania: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() zlyhalo.'; $PHPMAILER_LANG['smtp_error'] = 'SMTP chyba serveru: '; $PHPMAILER_LANG['variable_set'] = 'Nemožno nastaviť alebo resetovať premennú: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Chýba rozšírenie: '; diff --git a/lib/phpmailer/language/phpmailer.lang-sl.php b/lib/phpmailer/language/phpmailer.lang-sl.php index 54c9572506a..1e3cb7fa9b9 100644 --- a/lib/phpmailer/language/phpmailer.lang-sl.php +++ b/lib/phpmailer/language/phpmailer.lang-sl.php @@ -3,10 +3,11 @@ * Slovene PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Klemen Tušar + * @author Filip Š */ $PHPMAILER_LANG['authenticate'] = 'SMTP napaka: Avtentikacija ni uspela.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP napaka: Ne morem vzpostaviti povezave s SMTP gostiteljem.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP napaka: Vzpostavljanje povezave s SMTP gostiteljem ni uspelo.'; $PHPMAILER_LANG['data_not_accepted'] = 'SMTP napaka: Strežnik zavrača podatke.'; $PHPMAILER_LANG['empty_message'] = 'E-poštno sporočilo nima vsebine.'; $PHPMAILER_LANG['encoding'] = 'Nepoznan tip kodiranja: '; @@ -23,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'Napaka pri podpisovanju: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Ne morem vzpostaviti povezave s SMTP strežnikom.'; $PHPMAILER_LANG['smtp_error'] = 'Napaka SMTP strežnika: '; $PHPMAILER_LANG['variable_set'] = 'Ne morem nastaviti oz. ponastaviti spremenljivke: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Manjkajoča razširitev: '; diff --git a/lib/phpmailer/language/phpmailer.lang-rs.php b/lib/phpmailer/language/phpmailer.lang-sr.php similarity index 79% rename from lib/phpmailer/language/phpmailer.lang-rs.php rename to lib/phpmailer/language/phpmailer.lang-sr.php index 0502f021435..34c1e182a09 100644 --- a/lib/phpmailer/language/phpmailer.lang-rs.php +++ b/lib/phpmailer/language/phpmailer.lang-sr.php @@ -3,24 +3,25 @@ * Serbian PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Александар Јевремовић + * @author Miloš Milanović */ $PHPMAILER_LANG['authenticate'] = 'SMTP грешка: аутентификација није успела.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP грешка: није могуће повезивање са SMTP сервером.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP грешка: повезивање са SMTP сервером није успело.'; $PHPMAILER_LANG['data_not_accepted'] = 'SMTP грешка: подаци нису прихваћени.'; $PHPMAILER_LANG['empty_message'] = 'Садржај поруке је празан.'; -$PHPMAILER_LANG['encoding'] = 'Непознато кодовање: '; +$PHPMAILER_LANG['encoding'] = 'Непознато кодирање: '; $PHPMAILER_LANG['execute'] = 'Није могуће извршити наредбу: '; $PHPMAILER_LANG['file_access'] = 'Није могуће приступити датотеци: '; $PHPMAILER_LANG['file_open'] = 'Није могуће отворити датотеку: '; $PHPMAILER_LANG['from_failed'] = 'SMTP грешка: слање са следећих адреса није успело: '; $PHPMAILER_LANG['recipients_failed'] = 'SMTP грешка: слање на следеће адресе није успело: '; $PHPMAILER_LANG['instantiate'] = 'Није могуће покренути mail функцију.'; -$PHPMAILER_LANG['invalid_address'] = 'Порука није послата због неисправне адресе: '; +$PHPMAILER_LANG['invalid_address'] = 'Порука није послата. Неисправна адреса: '; $PHPMAILER_LANG['mailer_not_supported'] = ' мејлер није подржан.'; -$PHPMAILER_LANG['provide_address'] = 'Потребно је задати најмање једну адресу.'; -$PHPMAILER_LANG['signing'] = 'Грешка приликом пријављивања: '; +$PHPMAILER_LANG['provide_address'] = 'Дефинишите бар једну адресу примаоца.'; +$PHPMAILER_LANG['signing'] = 'Грешка приликом пријаве: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Повезивање са SMTP сервером није успело.'; $PHPMAILER_LANG['smtp_error'] = 'Грешка SMTP сервера: '; -$PHPMAILER_LANG['variable_set'] = 'Није могуће задати променљиву, нити је вратити уназад: '; +$PHPMAILER_LANG['variable_set'] = 'Није могуће задати нити ресетовати променљиву: '; $PHPMAILER_LANG['extension_missing'] = 'Недостаје проширење: '; diff --git a/lib/phpmailer/language/phpmailer.lang-tl.php b/lib/phpmailer/language/phpmailer.lang-tl.php new file mode 100644 index 00000000000..ed51d4c601a --- /dev/null +++ b/lib/phpmailer/language/phpmailer.lang-tl.php @@ -0,0 +1,27 @@ + + */ + +$PHPMAILER_LANG['authenticate'] = 'SMTP Error: Hindi mapatotohanan.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP Error: Hindi makakonekta sa SMTP host.'; +$PHPMAILER_LANG['data_not_accepted'] = 'SMTP Error: Ang datos ay hindi maaaring matatanggap.'; +$PHPMAILER_LANG['empty_message'] = 'Walang laman ang mensahe'; +$PHPMAILER_LANG['encoding'] = 'Hindi alam ang encoding: '; +$PHPMAILER_LANG['execute'] = 'Hindi maisasagawa: '; +$PHPMAILER_LANG['file_access'] = 'Hindi ma-access ang file: '; +$PHPMAILER_LANG['file_open'] = 'Hindi mabuksan ang file: '; +$PHPMAILER_LANG['from_failed'] = 'Ang sumusunod na address ay nabigo: '; +$PHPMAILER_LANG['instantiate'] = 'Hindi maaaring magbigay ng institusyon ang mail'; +$PHPMAILER_LANG['invalid_address'] = 'Hindi wasto ang address na naibigay: '; +$PHPMAILER_LANG['mailer_not_supported'] = 'Ang mailer ay hindi suportado'; +$PHPMAILER_LANG['provide_address'] = 'Kailangan mong magbigay ng kahit isang email address na tatanggap'; +$PHPMAILER_LANG['recipients_failed'] = 'SMTP Error: Ang mga sumusunod na tatanggap ay nabigo: '; +$PHPMAILER_LANG['signing'] = 'Hindi ma-sign'; +$PHPMAILER_LANG['smtp_connect_failed'] = 'Ang SMTP connect() ay nabigo'; +$PHPMAILER_LANG['smtp_error'] = 'Ang server ng SMTP ay nabigo'; +$PHPMAILER_LANG['variable_set'] = 'Hindi matatakda ang mga variables: '; +$PHPMAILER_LANG['extension_missing'] = 'Nawawala ang extension'; diff --git a/lib/phpmailer/language/phpmailer.lang-uk.php b/lib/phpmailer/language/phpmailer.lang-uk.php index 9a7b34674e4..a0a160660a7 100644 --- a/lib/phpmailer/language/phpmailer.lang-uk.php +++ b/lib/phpmailer/language/phpmailer.lang-uk.php @@ -24,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'Помилка підпису: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Помилка з\'єднання із SMTP-сервером'; $PHPMAILER_LANG['smtp_error'] = 'Помилка SMTP-сервера: '; $PHPMAILER_LANG['variable_set'] = 'Неможливо встановити або перевстановити змінну: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Не знайдено розширення: '; diff --git a/lib/phpmailer/src/PHPMailer.php b/lib/phpmailer/src/PHPMailer.php index b5b98652054..5411e4ff8f3 100644 --- a/lib/phpmailer/src/PHPMailer.php +++ b/lib/phpmailer/src/PHPMailer.php @@ -30,6 +30,22 @@ namespace PHPMailer\PHPMailer; */ class PHPMailer { + const CHARSET_ISO88591 = 'iso-8859-1'; + const CHARSET_UTF8 = 'utf-8'; + + const CONTENT_TYPE_PLAINTEXT = 'text/plain'; + const CONTENT_TYPE_TEXT_CALENDAR = 'text/calendar'; + const CONTENT_TYPE_TEXT_HTML = 'text/html'; + const CONTENT_TYPE_MULTIPART_ALTERNATIVE = 'multipart/alternative'; + const CONTENT_TYPE_MULTIPART_MIXED = 'multipart/mixed'; + const CONTENT_TYPE_MULTIPART_RELATED = 'multipart/related'; + + const ENCODING_7BIT = '7bit'; + const ENCODING_8BIT = '8bit'; + const ENCODING_BASE64 = 'base64'; + const ENCODING_BINARY = 'binary'; + const ENCODING_QUOTED_PRINTABLE = 'quoted-printable'; + /** * Email priority. * Options: null (default), 1 = High, 3 = Normal, 5 = low. @@ -37,21 +53,21 @@ class PHPMailer * * @var int */ - public $Priority = null; + public $Priority; /** * The character set of the message. * * @var string */ - public $CharSet = 'iso-8859-1'; + public $CharSet = self::CHARSET_ISO88591; /** * The MIME Content-type of the message. * * @var string */ - public $ContentType = 'text/plain'; + public $ContentType = self::CONTENT_TYPE_PLAINTEXT; /** * The message encoding. @@ -59,7 +75,7 @@ class PHPMailer * * @var string */ - public $Encoding = '8bit'; + public $Encoding = self::ENCODING_8BIT; /** * Holds the most recent mailer error message. @@ -314,7 +330,7 @@ class PHPMailer * * @var OAuth */ - protected $oauth = null; + protected $oauth; /** * The SMTP server timeout in seconds. @@ -324,6 +340,19 @@ class PHPMailer */ public $Timeout = 300; + /** + * Comma separated list of DSN notifications + * 'NEVER' under no circumstances a DSN must be returned to the sender. + * If you use NEVER all other notifications will be ignored. + * 'SUCCESS' will notify you when your mail has arrived at its destination. + * 'FAILURE' will arrive if an error occurred during delivery. + * 'DELAY' will notify you if there is an unusual delay in delivery, but the actual + * delivery's outcome (success or failure) is not yet decided. + * + * @see https://tools.ietf.org/html/rfc3461 See section 4.1 for more information about NOTIFY + */ + public $dsn = ''; + /** * SMTP class debug output mode. * Debug output level. @@ -441,6 +470,22 @@ class PHPMailer */ public $DKIM_domain = ''; + /** + * DKIM Copy header field values for diagnostic use. + * + * @var bool + */ + public $DKIM_copyHeaderFields = true; + + /** + * DKIM Extra signing headers. + * + * @example ['List-Unsubscribe', 'List-Help'] + * + * @var array + */ + public $DKIM_extraHeaders = []; + /** * DKIM private key file path. * @@ -482,9 +527,9 @@ class PHPMailer /** * What to put in the X-Mailer header. - * Options: An empty string for PHPMailer default, whitespace for none, or a string to use. + * Options: An empty string for PHPMailer default, whitespace/null for none, or a string to use. * - * @var string + * @var string|null */ public $XMailer = ''; @@ -504,7 +549,7 @@ class PHPMailer * * @var SMTP */ - protected $smtp = null; + protected $smtp; /** * The array of 'to' names and addresses. @@ -669,7 +714,7 @@ class PHPMailer * * @var string */ - const VERSION = '6.0.1'; + const VERSION = '6.0.7'; /** * Error severity: message only, continue processing. @@ -708,10 +753,13 @@ class PHPMailer /** * The lower maximum line length allowed by RFC 2822 section 2.1.1. + * This length does NOT include the line break + * 76 means that lines will be 77 or 78 chars depending on whether + * the line break format is LF or CRLF; both are valid. * * @var int */ - const STD_LINE_LENGTH = 78; + const STD_LINE_LENGTH = 76; /** * Constructor. @@ -783,7 +831,7 @@ class PHPMailer return; } //Is this a PSR-3 logger? - if (is_a($this->Debugoutput, 'Psr\Log\LoggerInterface')) { + if ($this->Debugoutput instanceof \Psr\Log\LoggerInterface) { $this->Debugoutput->debug($str); return; @@ -834,9 +882,9 @@ class PHPMailer public function isHTML($isHtml = true) { if ($isHtml) { - $this->ContentType = 'text/html'; + $this->ContentType = static::CONTENT_TYPE_TEXT_HTML; } else { - $this->ContentType = 'text/plain'; + $this->ContentType = static::CONTENT_TYPE_PLAINTEXT; } } @@ -863,7 +911,7 @@ class PHPMailer { $ini_sendmail_path = ini_get('sendmail_path'); - if (!stristr($ini_sendmail_path, 'sendmail')) { + if (false === stripos($ini_sendmail_path, 'sendmail')) { $this->Sendmail = '/usr/sbin/sendmail'; } else { $this->Sendmail = $ini_sendmail_path; @@ -878,7 +926,7 @@ class PHPMailer { $ini_sendmail_path = ini_get('sendmail_path'); - if (!stristr($ini_sendmail_path, 'qmail')) { + if (false === stripos($ini_sendmail_path, 'qmail')) { $this->Sendmail = '/var/qmail/bin/qmail-inject'; } else { $this->Sendmail = $ini_sendmail_path; @@ -892,6 +940,8 @@ class PHPMailer * @param string $address The email address to send to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addAddress($address, $name = '') @@ -905,6 +955,8 @@ class PHPMailer * @param string $address The email address to send to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addCC($address, $name = '') @@ -918,6 +970,8 @@ class PHPMailer * @param string $address The email address to send to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addBCC($address, $name = '') @@ -931,6 +985,8 @@ class PHPMailer * @param string $address The email address to reply to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addReplyTo($address, $name = '') @@ -959,7 +1015,12 @@ class PHPMailer $pos = strrpos($address, '@'); if (false === $pos) { // At-sign is missing. - $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address"; + $error_message = sprintf( + '%s (%s): %s', + $this->lang('invalid_address'), + $kind, + $address + ); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -970,7 +1031,7 @@ class PHPMailer } $params = [$kind, $address, $name]; // Enqueue addresses with IDN until we know the PHPMailer::$CharSet. - if ($this->has8bitChars(substr($address, ++$pos)) and $this->idnSupported()) { + if ($this->has8bitChars(substr($address, ++$pos)) and static::idnSupported()) { if ('Reply-To' != $kind) { if (!array_key_exists($address, $this->RecipientsQueue)) { $this->RecipientsQueue[$address] = $params; @@ -1007,7 +1068,9 @@ class PHPMailer protected function addAnAddress($kind, $address, $name = '') { if (!in_array($kind, ['to', 'cc', 'bcc', 'Reply-To'])) { - $error_message = $this->lang('Invalid recipient kind: ') . $kind; + $error_message = sprintf('%s: %s', + $this->lang('Invalid recipient kind'), + $kind); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1017,7 +1080,10 @@ class PHPMailer return false; } if (!static::validateAddress($address)) { - $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address"; + $error_message = sprintf('%s (%s): %s', + $this->lang('invalid_address'), + $kind, + $address); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1028,7 +1094,7 @@ class PHPMailer } if ('Reply-To' != $kind) { if (!array_key_exists(strtolower($address), $this->all_recipients)) { - array_push($this->$kind, [$address, $name]); + $this->{$kind}[] = [$address, $name]; $this->all_recipients[strtolower($address)] = true; return true; @@ -1121,9 +1187,11 @@ class PHPMailer // Don't validate now addresses with IDN. Will be done in send(). $pos = strrpos($address, '@'); if (false === $pos or - (!$this->has8bitChars(substr($address, ++$pos)) or !$this->idnSupported()) and + (!$this->has8bitChars(substr($address, ++$pos)) or !static::idnSupported()) and !static::validateAddress($address)) { - $error_message = $this->lang('invalid_address') . " (setFrom) $address"; + $error_message = sprintf('%s (From): %s', + $this->lang('invalid_address'), + $address); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1246,7 +1314,7 @@ class PHPMailer * * @return bool `true` if required functions for IDN support are present */ - public function idnSupported() + public static function idnSupported() { return function_exists('idn_to_ascii') and function_exists('mb_convert_encoding'); } @@ -1269,7 +1337,7 @@ class PHPMailer { // Verify we have required functions, CharSet, and at-sign. $pos = strrpos($address, '@'); - if ($this->idnSupported() and + if (static::idnSupported() and !empty($this->CharSet) and false !== $pos ) { @@ -1373,7 +1441,10 @@ class PHPMailer } $this->$address_kind = $this->punyencodeAddress($this->$address_kind); if (!static::validateAddress($this->$address_kind)) { - $error_message = $this->lang('invalid_address') . ' (punyEncode) ' . $this->$address_kind; + $error_message = sprintf('%s (%s): %s', + $this->lang('invalid_address'), + $address_kind, + $this->$address_kind); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1386,7 +1457,7 @@ class PHPMailer // Set whether the message is multipart/alternative if ($this->alternativeExists()) { - $this->ContentType = 'multipart/alternative'; + $this->ContentType = static::CONTENT_TYPE_MULTIPART_ALTERNATIVE; } $this->setMessageType(); @@ -1423,7 +1494,10 @@ class PHPMailer if (!empty($this->DKIM_domain) and !empty($this->DKIM_selector) and (!empty($this->DKIM_private_string) - or (!empty($this->DKIM_private) and file_exists($this->DKIM_private)) + or (!empty($this->DKIM_private) + and static::isPermittedPath($this->DKIM_private) + and file_exists($this->DKIM_private) + ) ) ) { $header_dkim = $this->DKIM_Add( @@ -1600,6 +1674,20 @@ class PHPMailer return true; } + /** + * Check whether a file path is of a permitted type. + * Used to reject URLs and phar files from functions that access local file paths, + * such as addAttachment. + * + * @param string $path A relative or absolute path to a file + * + * @return bool + */ + protected static function isPermittedPath($path) + { + return !preg_match('#^[a-z]+://#i', $path); + } + /** * Send mail using the PHP mail() function. * @@ -1724,7 +1812,7 @@ class PHPMailer // Attempt to send to all recipients foreach ([$this->to, $this->cc, $this->bcc] as $togroup) { foreach ($togroup as $to) { - if (!$this->smtp->recipient($to[0])) { + if (!$this->smtp->recipient($to[0], $this->dsn)) { $error = $this->smtp->getError(); $bad_rcpt[] = ['to' => $to[0], 'error' => $error['detail']]; $isSent = false; @@ -1874,7 +1962,7 @@ class PHPMailer // * we have openssl extension // * we are not already using SSL // * the server offers STARTTLS - if ($this->SMTPAutoTLS and $sslext and $secure != 'ssl' and $this->smtp->getServerExt('STARTTLS')) { + if ($this->SMTPAutoTLS and $sslext and 'ssl' != $secure and $this->smtp->getServerExt('STARTTLS')) { $tls = true; } if ($tls) { @@ -1947,7 +2035,8 @@ class PHPMailer 'dk' => 'da', 'no' => 'nb', 'se' => 'sv', - 'sr' => 'rs', + 'rs' => 'sr', + 'tg' => 'tl', ]; if (isset($renamed_langcodes[$langcode])) { @@ -1978,7 +2067,7 @@ class PHPMailer ]; if (empty($lang_path)) { // Calculate an absolute path so it can work if CWD is not here - $lang_path = __DIR__ . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR; + $lang_path = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR; } //Validate $langcode if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) { @@ -1989,7 +2078,7 @@ class PHPMailer // There is no English translation file if ('en' != $langcode) { // Make sure language file path is readable - if (!file_exists($lang_file)) { + if (!static::isPermittedPath($lang_file) || !file_exists($lang_file)) { $foundlang = false; } else { // Overwrite language-specific strings. @@ -2073,7 +2162,7 @@ class PHPMailer } // If utf-8 encoding is used, we will need to make sure we don't // split multibyte characters when we wrap - $is_utf8 = (strtolower($this->CharSet) == 'utf-8'); + $is_utf8 = static::CHARSET_UTF8 === strtolower($this->CharSet); $lelen = strlen(static::$LE); $crlflen = strlen(static::$LE); @@ -2099,9 +2188,9 @@ class PHPMailer $len = $space_left; if ($is_utf8) { $len = $this->utf8CharBoundary($word, $len); - } elseif (substr($word, $len - 1, 1) == '=') { + } elseif ('=' == substr($word, $len - 1, 1)) { --$len; - } elseif (substr($word, $len - 2, 1) == '=') { + } elseif ('=' == substr($word, $len - 2, 1)) { $len -= 2; } $part = substr($word, 0, $len); @@ -2120,9 +2209,9 @@ class PHPMailer $len = $length; if ($is_utf8) { $len = $this->utf8CharBoundary($word, $len); - } elseif (substr($word, $len - 1, 1) == '=') { + } elseif ('=' == substr($word, $len - 1, 1)) { --$len; - } elseif (substr($word, $len - 2, 1) == '=') { + } elseif ('=' == substr($word, $len - 2, 1)) { $len -= 2; } $part = substr($word, 0, $len); @@ -2141,7 +2230,7 @@ class PHPMailer } $buf .= $word; - if (strlen($buf) > $length and $buf_o != '') { + if (strlen($buf) > $length and '' != $buf_o) { $message .= $buf_o . $soft_break; $buf = $word; } @@ -2291,7 +2380,7 @@ class PHPMailer if (null !== $this->Priority) { $result .= $this->headerLine('X-Priority', $this->Priority); } - if ('' == $this->XMailer) { + if ('' === $this->XMailer) { $result .= $this->headerLine( 'X-Mailer', 'PHPMailer ' . self::VERSION . ' (https://github.com/PHPMailer/PHPMailer)' @@ -2333,20 +2422,20 @@ class PHPMailer $ismultipart = true; switch ($this->message_type) { case 'inline': - $result .= $this->headerLine('Content-Type', 'multipart/related;'); - $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); + $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); + $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; case 'attach': case 'inline_attach': case 'alt_attach': case 'alt_inline_attach': - $result .= $this->headerLine('Content-Type', 'multipart/mixed;'); - $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); + $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_MIXED . ';'); + $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; case 'alt': case 'alt_inline': - $result .= $this->headerLine('Content-Type', 'multipart/alternative;'); - $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); + $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); + $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; default: // Catches case 'plain': and case '': @@ -2355,11 +2444,11 @@ class PHPMailer break; } // RFC1341 part 5 says 7bit is assumed if not specified - if ('7bit' != $this->Encoding) { + if (static::ENCODING_7BIT != $this->Encoding) { // RFC 2045 section 6.4 says multipart MIME parts may only use 7bit, 8bit or binary CTE if ($ismultipart) { - if ('8bit' == $this->Encoding) { - $result .= $this->headerLine('Content-Transfer-Encoding', '8bit'); + if (static::ENCODING_8BIT == $this->Encoding) { + $result .= $this->headerLine('Content-Transfer-Encoding', static::ENCODING_8BIT); } // The only remaining alternatives are quoted-printable and base64, which are both 7bit compatible } else { @@ -2435,29 +2524,29 @@ class PHPMailer $bodyEncoding = $this->Encoding; $bodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? - if ('8bit' == $bodyEncoding and !$this->has8bitChars($this->Body)) { - $bodyEncoding = '7bit'; + if (static::ENCODING_8BIT == $bodyEncoding and !$this->has8bitChars($this->Body)) { + $bodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $bodyCharSet = 'us-ascii'; } //If lines are too long, and we're not already using an encoding that will shorten them, //change to quoted-printable transfer encoding for the body part only - if ('base64' != $this->Encoding and static::hasLineLongerThanMax($this->Body)) { - $bodyEncoding = 'quoted-printable'; + if (static::ENCODING_BASE64 != $this->Encoding and static::hasLineLongerThanMax($this->Body)) { + $bodyEncoding = static::ENCODING_QUOTED_PRINTABLE; } $altBodyEncoding = $this->Encoding; $altBodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? - if ('8bit' == $altBodyEncoding and !$this->has8bitChars($this->AltBody)) { - $altBodyEncoding = '7bit'; + if (static::ENCODING_8BIT == $altBodyEncoding and !$this->has8bitChars($this->AltBody)) { + $altBodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $altBodyCharSet = 'us-ascii'; } //If lines are too long, and we're not already using an encoding that will shorten them, //change to quoted-printable transfer encoding for the alt body part only - if ('base64' != $altBodyEncoding and static::hasLineLongerThanMax($this->AltBody)) { - $altBodyEncoding = 'quoted-printable'; + if (static::ENCODING_BASE64 != $altBodyEncoding and static::hasLineLongerThanMax($this->AltBody)) { + $altBodyEncoding = static::ENCODING_QUOTED_PRINTABLE; } //Use this as a preamble in all multipart message types $mimepre = 'This is a multi-part message in MIME format.' . static::$LE; @@ -2479,8 +2568,9 @@ class PHPMailer case 'inline_attach': $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); - $body .= $this->headerLine('Content-Type', 'multipart/related;'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '";'); + $body .= $this->textLine(' type="' . static::CONTENT_TYPE_TEXT_HTML . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, '', $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); @@ -2491,14 +2581,14 @@ class PHPMailer break; case 'alt': $body .= $mimepre; - $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, 'text/plain', $altBodyEncoding); + $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, 'text/html', $bodyEncoding); + $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; if (!empty($this->Ical)) { - $body .= $this->getBoundary($this->boundary[1], '', 'text/calendar; method=REQUEST', ''); + $body .= $this->getBoundary($this->boundary[1], '', static::CONTENT_TYPE_TEXT_CALENDAR . '; method=REQUEST', ''); $body .= $this->encodeString($this->Ical, $this->Encoding); $body .= static::$LE; } @@ -2506,14 +2596,15 @@ class PHPMailer break; case 'alt_inline': $body .= $mimepre; - $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, 'text/plain', $altBodyEncoding); + $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->textLine('--' . $this->boundary[1]); - $body .= $this->headerLine('Content-Type', 'multipart/related;'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '";'); + $body .= $this->textLine(' type="' . static::CONTENT_TYPE_TEXT_HTML . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, 'text/html', $bodyEncoding); + $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[2]); @@ -2523,17 +2614,17 @@ class PHPMailer case 'alt_attach': $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); - $body .= $this->headerLine('Content-Type', 'multipart/alternative;'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, 'text/plain', $altBodyEncoding); + $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, 'text/html', $bodyEncoding); + $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; if (!empty($this->Ical)) { - $body .= $this->getBoundary($this->boundary[2], '', 'text/calendar; method=REQUEST', ''); + $body .= $this->getBoundary($this->boundary[2], '', static::CONTENT_TYPE_TEXT_CALENDAR . '; method=REQUEST', ''); $body .= $this->encodeString($this->Ical, $this->Encoding); } $body .= $this->endBoundary($this->boundary[2]); @@ -2543,17 +2634,18 @@ class PHPMailer case 'alt_inline_attach': $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); - $body .= $this->headerLine('Content-Type', 'multipart/alternative;'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, 'text/plain', $altBodyEncoding); + $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->textLine('--' . $this->boundary[2]); - $body .= $this->headerLine('Content-Type', 'multipart/related;'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[3] . '"'); + $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); + $body .= $this->textLine(' boundary="' . $this->boundary[3] . '";'); + $body .= $this->textLine(' type="' . static::CONTENT_TYPE_TEXT_HTML . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[3], $bodyCharSet, 'text/html', $bodyEncoding); + $body .= $this->getBoundary($this->boundary[3], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[3]); @@ -2580,12 +2672,10 @@ class PHPMailer if (!defined('PKCS7_TEXT')) { throw new Exception($this->lang('extension_missing') . 'openssl'); } - // @TODO would be nice to use php://temp streams here - $file = tempnam(sys_get_temp_dir(), 'mail'); - if (false === file_put_contents($file, $body)) { - throw new Exception($this->lang('signing') . ' Could not write temp file'); - } - $signed = tempnam(sys_get_temp_dir(), 'signed'); + $file = fopen('php://temp', 'rb+'); + $signed = fopen('php://temp', 'rb+'); + fwrite($file, $body); + //Workaround for PHP bug https://bugs.php.net/bug.php?id=69197 if (empty($this->sign_extracerts_file)) { $sign = @openssl_pkcs7_sign( @@ -2606,16 +2696,16 @@ class PHPMailer $this->sign_extracerts_file ); } - @unlink($file); + fclose($file); if ($sign) { $body = file_get_contents($signed); - @unlink($signed); + fclose($signed); //The message returned by openssl contains both headers and body, so need to split them up $parts = explode("\n\n", $body, 2); $this->MIMEHeader .= $parts[0] . static::$LE . static::$LE; $body = $parts[1]; } else { - @unlink($signed); + fclose($signed); throw new Exception($this->lang('signing') . openssl_error_string()); } } catch (Exception $exc) { @@ -2655,7 +2745,7 @@ class PHPMailer $result .= sprintf('Content-Type: %s; charset=%s', $contentType, $charSet); $result .= static::$LE; // RFC1341 part 5 says 7bit is assumed if not specified - if ('7bit' != $encoding) { + if (static::ENCODING_7BIT != $encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', $encoding); } $result .= static::$LE; @@ -2727,6 +2817,8 @@ class PHPMailer * Add an attachment from a path on the filesystem. * Never use a user-supplied path to a file! * Returns false if the file could not be found or read. + * Explicitly *does not* support passing URLs; PHPMailer is not an HTTP client. + * If you need to do that, fetch the resource yourself and pass it in via a local file or string. * * @param string $path Path to the attachment * @param string $name Overrides the attachment name @@ -2738,10 +2830,15 @@ class PHPMailer * * @return bool */ - public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment') - { + public function addAttachment( + $path, + $name = '', + $encoding = self::ENCODING_BASE64, + $type = '', + $disposition = 'attachment' + ) { try { - if (!@is_file($path)) { + if (!static::isPermittedPath($path) || !@is_file($path)) { throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); } @@ -2750,11 +2847,15 @@ class PHPMailer $type = static::filenameToType($path); } - $filename = basename($path); + $filename = static::mb_pathinfo($path, PATHINFO_BASENAME); if ('' == $name) { $name = $filename; } + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + $this->attachment[] = [ 0 => $path, 1 => $filename, @@ -2850,19 +2951,23 @@ class PHPMailer ); } // RFC1341 part 5 says 7bit is assumed if not specified - if ('7bit' != $encoding) { + if (static::ENCODING_7BIT != $encoding) { $mime[] = sprintf('Content-Transfer-Encoding: %s%s', $encoding, static::$LE); } if (!empty($cid)) { - $mime[] = sprintf('Content-ID: <%s>%s', $cid, static::$LE); + $mime[] = sprintf( + 'Content-ID: <%s>%s', + $this->encodeHeader($this->secureHeader($cid)), + static::$LE + ); } // If a filename contains any of these chars, it should be quoted, // but not otherwise: RFC2183 & RFC2045 5.1 // Fixes a warning in IETF's msglint MIME checker // Allow for bypassing the Content-Disposition header totally - if (!(empty($disposition))) { + if (!empty($disposition)) { $encoded_name = $this->encodeHeader($this->secureHeader($name)); if (preg_match('/[ \(\)<>@,;:\\"\/\[\]\?=]/', $encoded_name)) { $mime[] = sprintf( @@ -2920,10 +3025,10 @@ class PHPMailer * * @return string */ - protected function encodeFile($path, $encoding = 'base64') + protected function encodeFile($path, $encoding = self::ENCODING_BASE64) { try { - if (!file_exists($path)) { + if (!static::isPermittedPath($path) || !file_exists($path)) { throw new Exception($this->lang('file_open') . $path, self::STOP_CONTINUE); } $file_buffer = file_get_contents($path); @@ -2945,37 +3050,42 @@ class PHPMailer * Returns an empty string on failure. * * @param string $str The text to encode - * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable + * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable' + * + * @throws Exception * * @return string */ - public function encodeString($str, $encoding = 'base64') + public function encodeString($str, $encoding = self::ENCODING_BASE64) { $encoded = ''; switch (strtolower($encoding)) { - case 'base64': + case static::ENCODING_BASE64: $encoded = chunk_split( base64_encode($str), - static::STD_LINE_LENGTH - strlen(static::$LE), + static::STD_LINE_LENGTH, static::$LE ); break; - case '7bit': - case '8bit': + case static::ENCODING_7BIT: + case static::ENCODING_8BIT: $encoded = static::normalizeBreaks($str); // Make sure it ends with a line break if (substr($encoded, -(strlen(static::$LE))) != static::$LE) { $encoded .= static::$LE; } break; - case 'binary': + case static::ENCODING_BINARY: $encoded = $str; break; - case 'quoted-printable': + case static::ENCODING_QUOTED_PRINTABLE: $encoded = $this->encodeQP($str); break; default: $this->setError($this->lang('encoding') . $encoding); + if ($this->exceptions) { + throw new Exception($this->lang('encoding') . $encoding); + } break; } @@ -3186,6 +3296,7 @@ class PHPMailer default: // RFC 2047 section 5.1 // Replace every high ascii, control, =, ? and _ characters + /** @noinspection SuspiciousAssignmentsInspection */ $pattern = '\000-\011\013\014\016-\037\075\077\137\177-\377' . $pattern; break; } @@ -3217,29 +3328,50 @@ class PHPMailer * @param string $encoding File encoding (see $Encoding) * @param string $type File extension (MIME) type * @param string $disposition Disposition to use + * + * @throws Exception + * + * @return bool True on successfully adding an attachment */ public function addStringAttachment( $string, $filename, - $encoding = 'base64', + $encoding = self::ENCODING_BASE64, $type = '', $disposition = 'attachment' ) { - // If a MIME type is not specified, try to work it out from the file name - if ('' == $type) { - $type = static::filenameToType($filename); + try { + // If a MIME type is not specified, try to work it out from the file name + if ('' == $type) { + $type = static::filenameToType($filename); + } + + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + + // Append to $attachment array + $this->attachment[] = [ + 0 => $string, + 1 => $filename, + 2 => static::mb_pathinfo($filename, PATHINFO_BASENAME), + 3 => $encoding, + 4 => $type, + 5 => true, // isStringAttachment + 6 => $disposition, + 7 => 0, + ]; + } catch (Exception $exc) { + $this->setError($exc->getMessage()); + $this->edebug($exc->getMessage()); + if ($this->exceptions) { + throw $exc; + } + + return false; } - // Append to $attachment array - $this->attachment[] = [ - 0 => $string, - 1 => $filename, - 2 => basename($filename), - 3 => $encoding, - 4 => $type, - 5 => true, // isStringAttachment - 6 => $disposition, - 7 => 0, - ]; + + return true; } /** @@ -3259,85 +3391,144 @@ class PHPMailer * @param string $type File MIME type * @param string $disposition Disposition to use * + * @throws Exception + * * @return bool True on successfully adding an attachment */ - public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline') - { - if (!@is_file($path)) { - $this->setError($this->lang('file_access') . $path); + public function addEmbeddedImage( + $path, + $cid, + $name = '', + $encoding = self::ENCODING_BASE64, + $type = '', + $disposition = 'inline' + ) { + try { + if (!static::isPermittedPath($path) || !@is_file($path)) { + throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); + } + + // If a MIME type is not specified, try to work it out from the file name + if ('' == $type) { + $type = static::filenameToType($path); + } + + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + + $filename = static::mb_pathinfo($path, PATHINFO_BASENAME); + if ('' == $name) { + $name = $filename; + } + + // Append to $attachment array + $this->attachment[] = [ + 0 => $path, + 1 => $filename, + 2 => $name, + 3 => $encoding, + 4 => $type, + 5 => false, // isStringAttachment + 6 => $disposition, + 7 => $cid, + ]; + } catch (Exception $exc) { + $this->setError($exc->getMessage()); + $this->edebug($exc->getMessage()); + if ($this->exceptions) { + throw $exc; + } return false; } - // If a MIME type is not specified, try to work it out from the file name - if ('' == $type) { - $type = static::filenameToType($path); - } - - $filename = basename($path); - if ('' == $name) { - $name = $filename; - } - - // Append to $attachment array - $this->attachment[] = [ - 0 => $path, - 1 => $filename, - 2 => $name, - 3 => $encoding, - 4 => $type, - 5 => false, // isStringAttachment - 6 => $disposition, - 7 => $cid, - ]; - return true; } /** * Add an embedded stringified attachment. * This can include images, sounds, and just about any other document type. - * Be sure to set the $type to an image type for images: - * JPEG images use 'image/jpeg', GIF uses 'image/gif', PNG uses 'image/png'. + * If your filename doesn't contain an extension, be sure to set the $type to an appropriate MIME type. * * @param string $string The attachment binary data * @param string $cid Content ID of the attachment; Use this to reference * the content when using an embedded image in HTML - * @param string $name - * @param string $encoding File encoding (see $Encoding) - * @param string $type MIME type + * @param string $name A filename for the attachment. If this contains an extension, + * PHPMailer will attempt to set a MIME type for the attachment. + * For example 'file.jpg' would get an 'image/jpeg' MIME type. + * @param string $encoding File encoding (see $Encoding), defaults to 'base64' + * @param string $type MIME type - will be used in preference to any automatically derived type * @param string $disposition Disposition to use * + * @throws Exception + * * @return bool True on successfully adding an attachment */ public function addStringEmbeddedImage( $string, $cid, $name = '', - $encoding = 'base64', + $encoding = self::ENCODING_BASE64, $type = '', $disposition = 'inline' ) { - // If a MIME type is not specified, try to work it out from the name - if ('' == $type and !empty($name)) { - $type = static::filenameToType($name); + try { + // If a MIME type is not specified, try to work it out from the name + if ('' == $type and !empty($name)) { + $type = static::filenameToType($name); + } + + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + + // Append to $attachment array + $this->attachment[] = [ + 0 => $string, + 1 => $name, + 2 => $name, + 3 => $encoding, + 4 => $type, + 5 => true, // isStringAttachment + 6 => $disposition, + 7 => $cid, + ]; + } catch (Exception $exc) { + $this->setError($exc->getMessage()); + $this->edebug($exc->getMessage()); + if ($this->exceptions) { + throw $exc; + } + + return false; } - // Append to $attachment array - $this->attachment[] = [ - 0 => $string, - 1 => $name, - 2 => $name, - 3 => $encoding, - 4 => $type, - 5 => true, // isStringAttachment - 6 => $disposition, - 7 => $cid, - ]; - return true; } + /** + * Validate encodings. + * + * @param $encoding + * + * @return bool + */ + protected function validateEncoding($encoding) + { + return in_array( + $encoding, + [ + self::ENCODING_7BIT, + self::ENCODING_QUOTED_PRINTABLE, + self::ENCODING_BASE64, + self::ENCODING_8BIT, + self::ENCODING_BINARY, + ], + true + ); + } + /** * Check if an embedded attachment is present with this cid. * @@ -3364,7 +3555,7 @@ class PHPMailer public function inlineImageExists() { foreach ($this->attachment as $attachment) { - if ($attachment[6] == 'inline') { + if ('inline' == $attachment[6]) { return true; } } @@ -3380,7 +3571,7 @@ class PHPMailer public function attachmentExists() { foreach ($this->attachment as $attachment) { - if ($attachment[6] == 'attachment') { + if ('attachment' == $attachment[6]) { return true; } } @@ -3674,7 +3865,7 @@ class PHPMailer { preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images); if (array_key_exists(2, $images)) { - if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { + if (strlen($basedir) > 1 && '/' != substr($basedir, -1)) { // Ensure $basedir has a trailing / $basedir .= '/'; } @@ -3682,7 +3873,7 @@ class PHPMailer // Convert data URIs into embedded images //e.g. "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" if (preg_match('#^data:(image/(?:jpe?g|gif|png));?(base64)?,(.+)#', $url, $match)) { - if (count($match) == 4 and 'base64' == $match[2]) { + if (count($match) == 4 and static::ENCODING_BASE64 == $match[2]) { $data = base64_decode($match[3]); } elseif ('' == $match[2]) { $data = rawurldecode($match[3]); @@ -3695,7 +3886,7 @@ class PHPMailer $cid = hash('sha256', $data) . '@phpmailer.0'; // RFC2392 S 2 if (!$this->cidExists($cid)) { - $this->addStringEmbeddedImage($data, $cid, 'embed' . $imgindex, 'base64', $match[1]); + $this->addStringEmbeddedImage($data, $cid, 'embed' . $imgindex, static::ENCODING_BASE64, $match[1]); } $message = str_replace( $images[0][$imgindex], @@ -3709,27 +3900,27 @@ class PHPMailer // Ignore URLs containing parent dir traversal (..) and (strpos($url, '..') === false) // Do not change urls that are already inline images - and substr($url, 0, 4) !== 'cid:' + and 0 !== strpos($url, 'cid:') // Do not change absolute URLs, including anonymous protocol and !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) ) { - $filename = basename($url); + $filename = static::mb_pathinfo($url, PATHINFO_BASENAME); $directory = dirname($url); if ('.' == $directory) { $directory = ''; } $cid = hash('sha256', $url) . '@phpmailer.0'; // RFC2392 S 2 - if (strlen($basedir) > 1 and substr($basedir, -1) != '/') { + if (strlen($basedir) > 1 and '/' != substr($basedir, -1)) { $basedir .= '/'; } - if (strlen($directory) > 1 and substr($directory, -1) != '/') { + if (strlen($directory) > 1 and '/' != substr($directory, -1)) { $directory .= '/'; } if ($this->addEmbeddedImage( $basedir . $directory . $filename, $cid, $filename, - 'base64', + static::ENCODING_BASE64, static::_mime_types((string) static::mb_pathinfo($filename, PATHINFO_EXTENSION)) ) ) { @@ -3859,6 +4050,7 @@ class PHPMailer 'midi' => 'audio/midi', 'mp2' => 'audio/mpeg', 'mp3' => 'audio/mpeg', + 'm4a' => 'audio/mp4', 'mpga' => 'audio/mpeg', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', @@ -3868,6 +4060,7 @@ class PHPMailer 'rpm' => 'audio/x-pn-realaudio-plugin', 'ra' => 'audio/x-realaudio', 'wav' => 'audio/x-wav', + 'mka' => 'audio/x-matroska', 'bmp' => 'image/bmp', 'gif' => 'image/gif', 'jpeg' => 'image/jpeg', @@ -3876,6 +4069,11 @@ class PHPMailer 'png' => 'image/png', 'tiff' => 'image/tiff', 'tif' => 'image/tiff', + 'webp' => 'image/webp', + 'heif' => 'image/heif', + 'heifs' => 'image/heif-sequence', + 'heic' => 'image/heic', + 'heics' => 'image/heic-sequence', 'eml' => 'message/rfc822', 'css' => 'text/css', 'html' => 'text/html', @@ -3891,17 +4089,23 @@ class PHPMailer 'ics' => 'text/calendar', 'xml' => 'text/xml', 'xsl' => 'text/xml', + 'wmv' => 'video/x-ms-wmv', 'mpeg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mpg' => 'video/mpeg', + 'mp4' => 'video/mp4', + 'm4v' => 'video/mp4', 'mov' => 'video/quicktime', 'qt' => 'video/quicktime', 'rv' => 'video/vnd.rn-realvideo', 'avi' => 'video/x-msvideo', 'movie' => 'video/x-sgi-movie', + 'webm' => 'video/webm', + 'mkv' => 'video/x-matroska', ]; - if (array_key_exists(strtolower($ext), $mimes)) { - return $mimes[strtolower($ext)]; + $ext = strtolower($ext); + if (array_key_exists($ext, $mimes)) { + return $mimes[$ext]; } return 'application/octet-stream'; @@ -3943,7 +4147,7 @@ class PHPMailer { $ret = ['dirname' => '', 'basename' => '', 'extension' => '', 'filename' => '']; $pathinfo = []; - if (preg_match('#^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^\.\\\\/]+?)|))[\\\\/\.]*$#im', $path, $pathinfo)) { + if (preg_match('#^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^.\\\\/]+?)|))[\\\\/.]*$#m', $path, $pathinfo)) { if (array_key_exists(1, $pathinfo)) { $ret['dirname'] = $pathinfo[1]; } @@ -4031,7 +4235,7 @@ class PHPMailer // Normalise to \n $text = str_replace(["\r\n", "\r"], "\n", $text); // Now convert LE as needed - if ("\n" !== static::$LE) { + if ("\n" !== $breaktype) { $text = str_replace("\n", $breaktype, $text); } @@ -4136,6 +4340,7 @@ class PHPMailer /** * Generate a DKIM canonicalization header. * Uses the 'relaxed' algorithm from RFC6376 section 3.4.2. + * Canonicalized headers should *always* use CRLF, regardless of mailer setting. * * @see https://tools.ietf.org/html/rfc6376#section-3.4.2 * @@ -4171,12 +4376,13 @@ class PHPMailer $lines[$key] = trim($heading, " \t") . ':' . trim($value, " \t"); } - return implode(static::$LE, $lines); + return implode("\r\n", $lines); } /** * Generate a DKIM canonicalization body. * Uses the 'simple' algorithm from RFC6376 section 3.4.3. + * Canonicalized bodies should *always* use CRLF, regardless of mailer setting. * * @see https://tools.ietf.org/html/rfc6376#section-3.4.3 * @@ -4187,13 +4393,13 @@ class PHPMailer public function DKIM_BodyC($body) { if (empty($body)) { - return static::$LE; + return "\r\n"; } - // Normalize line endings - $body = static::normalizeBreaks($body); + // Normalize line endings to CRLF + $body = static::normalizeBreaks($body, "\r\n"); //Reduce multiple trailing line breaks to a single one - return rtrim($body, "\r\n") . static::$LE; + return rtrim($body, "\r\n") . "\r\n"; } /** @@ -4217,6 +4423,11 @@ class PHPMailer $to_header = ''; $date_header = ''; $current = ''; + $copiedHeaderFields = ''; + $foundExtraHeaders = []; + $extraHeaderKeys = ''; + $extraHeaderValues = ''; + $extraCopyHeaderFields = ''; foreach ($headers as $header) { if (strpos($header, 'From:') === 0) { $from_header = $header; @@ -4227,6 +4438,23 @@ class PHPMailer } elseif (strpos($header, 'Date:') === 0) { $date_header = $header; $current = 'date_header'; + } elseif (!empty($this->DKIM_extraHeaders)) { + foreach ($this->DKIM_extraHeaders as $extraHeader) { + if (strpos($header, $extraHeader . ':') === 0) { + $headerValue = $header; + foreach ($this->CustomHeader as $customHeader) { + if ($customHeader[0] === $extraHeader) { + $headerValue = trim($customHeader[0]) . + ': ' . + $this->encodeHeader(trim($customHeader[1])); + break; + } + } + $foundExtraHeaders[$extraHeader] = $headerValue; + $current = ''; + break; + } + } } else { if (!empty($$current) and strpos($header, ' =?') === 0) { $$current .= $header; @@ -4235,14 +4463,24 @@ class PHPMailer } } } - $from = str_replace('|', '=7C', $this->DKIM_QP($from_header)); - $to = str_replace('|', '=7C', $this->DKIM_QP($to_header)); - $date = str_replace('|', '=7C', $this->DKIM_QP($date_header)); - $subject = str_replace( - '|', - '=7C', - $this->DKIM_QP($subject_header) - ); // Copied header fields (dkim-quoted-printable) + foreach ($foundExtraHeaders as $key => $value) { + $extraHeaderKeys .= ':' . $key; + $extraHeaderValues .= $value . "\r\n"; + if ($this->DKIM_copyHeaderFields) { + $extraCopyHeaderFields .= ' |' . str_replace('|', '=7C', $this->DKIM_QP($value)) . ";\r\n"; + } + } + if ($this->DKIM_copyHeaderFields) { + $from = str_replace('|', '=7C', $this->DKIM_QP($from_header)); + $to = str_replace('|', '=7C', $this->DKIM_QP($to_header)); + $date = str_replace('|', '=7C', $this->DKIM_QP($date_header)); + $subject = str_replace('|', '=7C', $this->DKIM_QP($subject_header)); + $copiedHeaderFields = " z=$from\r\n" . + " |$to\r\n" . + " |$date\r\n" . + " |$subject;\r\n" . + $extraCopyHeaderFields; + } $body = $this->DKIM_BodyC($body); $DKIMlen = strlen($body); // Length of body $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body @@ -4257,20 +4495,18 @@ class PHPMailer $DKIMlen . '; s=' . $this->DKIM_selector . ";\r\n" . - "\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" . - "\th=From:To:Date:Subject;\r\n" . - "\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" . - "\tz=$from\r\n" . - "\t|$to\r\n" . - "\t|$date\r\n" . - "\t|$subject;\r\n" . - "\tbh=" . $DKIMb64 . ";\r\n" . - "\tb="; + ' t=' . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" . + ' h=From:To:Date:Subject' . $extraHeaderKeys . ";\r\n" . + ' d=' . $this->DKIM_domain . ';' . $ident . "\r\n" . + $copiedHeaderFields . + ' bh=' . $DKIMb64 . ";\r\n" . + ' b='; $toSign = $this->DKIM_HeaderC( $from_header . "\r\n" . $to_header . "\r\n" . $date_header . "\r\n" . $subject_header . "\r\n" . + $extraHeaderValues . $dkimhdrs ); $signed = $this->DKIM_Sign($toSign); @@ -4361,7 +4597,7 @@ class PHPMailer protected function doCallback($isSent, $to, $cc, $bcc, $subject, $body, $from, $extra) { if (!empty($this->action_function) and is_callable($this->action_function)) { - call_user_func_array($this->action_function, [$isSent, $to, $cc, $bcc, $subject, $body, $from, $extra]); + call_user_func($this->action_function, $isSent, $to, $cc, $bcc, $subject, $body, $from, $extra); } } diff --git a/lib/phpmailer/src/SMTP.php b/lib/phpmailer/src/SMTP.php index 10e3d6fe61b..c4d43ed0437 100644 --- a/lib/phpmailer/src/SMTP.php +++ b/lib/phpmailer/src/SMTP.php @@ -34,7 +34,7 @@ class SMTP * * @var string */ - const VERSION = '6.0.1'; + const VERSION = '6.0.7'; /** * SMTP line break constant. @@ -155,11 +155,13 @@ class SMTP * @var string[] */ protected $smtp_transaction_id_patterns = [ - 'exim' => '/[0-9]{3} OK id=(.*)/', - 'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/', - 'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/', - 'Microsoft_ESMTP' => '/[0-9]{3} 2.[0-9].0 (.*)@(?:.*) Queued mail for delivery/', - 'Amazon_SES' => '/[0-9]{3} Ok (.*)/', + 'exim' => '/[\d]{3} OK id=(.*)/', + 'sendmail' => '/[\d]{3} 2.0.0 (.*) Message/', + 'postfix' => '/[\d]{3} 2.0.0 Ok: queued as (.*)/', + 'Microsoft_ESMTP' => '/[0-9]{3} 2.[\d].0 (.*)@(?:.*) Queued mail for delivery/', + 'Amazon_SES' => '/[\d]{3} Ok (.*)/', + 'SendGrid' => '/[\d]{3} Ok: queued as (.*)/', + 'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/', ]; /** @@ -231,7 +233,7 @@ class SMTP return; } //Is this a PSR-3 logger? - if (is_a($this->Debugoutput, 'Psr\Log\LoggerInterface')) { + if ($this->Debugoutput instanceof \Psr\Log\LoggerInterface) { $this->Debugoutput->debug($str); return; @@ -442,14 +444,14 @@ class SMTP return false; } - $this->edebug('Auth method requested: ' . ($authtype ? $authtype : 'UNKNOWN'), self::DEBUG_LOWLEVEL); + $this->edebug('Auth method requested: ' . ($authtype ? $authtype : 'UNSPECIFIED'), self::DEBUG_LOWLEVEL); $this->edebug( 'Auth methods available on the server: ' . implode(',', $this->server_caps['AUTH']), self::DEBUG_LOWLEVEL ); //If we have requested a specific auth type, check the server supports it before trying others - if (!in_array($authtype, $this->server_caps['AUTH'])) { + if (null !== $authtype and !in_array($authtype, $this->server_caps['AUTH'])) { $this->edebug('Requested auth method not available: ' . $authtype, self::DEBUG_LOWLEVEL); $authtype = null; } @@ -701,7 +703,7 @@ class SMTP if (!empty($line_out) and $line_out[0] == '.') { $line_out = '.' . $line_out; } - $this->client_send($line_out . static::LE); + $this->client_send($line_out . static::LE, 'DATA'); } } @@ -731,7 +733,7 @@ class SMTP public function hello($host = '') { //Try extended hello first (RFC 2821) - return (bool) ($this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host)); + return $this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host); } /** @@ -851,16 +853,37 @@ class SMTP * Implements from RFC 821: RCPT TO: . * * @param string $address The address the message is being sent to + * @param string $dsn Comma separated list of DSN notifications. NEVER, SUCCESS, FAILURE + * or DELAY. If you specify NEVER all other notifications are ignored. * * @return bool */ - public function recipient($address) + public function recipient($address, $dsn = '') { + if (empty($dsn)) { + $rcpt = 'RCPT TO:<' . $address . '>'; + } else { + $dsn = strtoupper($dsn); + $notify = []; + + if (strpos($dsn, 'NEVER') !== false) { + $notify[] = 'NEVER'; + } else { + foreach (['SUCCESS', 'FAILURE', 'DELAY'] as $value) { + if (strpos($dsn, $value) !== false) { + $notify[] = $value; + } + } + } + + $rcpt = 'RCPT TO:<' . $address . '> NOTIFY=' . implode(',', $notify); + } + return $this->sendCommand( - 'RCPT TO', - 'RCPT TO:<' . $address . '>', - [250, 251] - ); + 'RCPT TO', + $rcpt, + [250, 251] + ); } /** @@ -897,12 +920,12 @@ class SMTP return false; } - $this->client_send($commandstring . static::LE); + $this->client_send($commandstring . static::LE, $command); $this->last_reply = $this->get_lines(); // Fetch SMTP code and possible error code explanation $matches = []; - if (preg_match('/^([0-9]{3})[ -](?:([0-9]\\.[0-9]\\.[0-9]) )?/', $this->last_reply, $matches)) { + if (preg_match('/^([0-9]{3})[ -](?:([0-9]\\.[0-9]\\.[0-9]{1,2}) )?/', $this->last_reply, $matches)) { $code = $matches[1]; $code_ex = (count($matches) > 2 ? $matches[2] : null); // Cut off error code from each response line @@ -1003,13 +1026,21 @@ class SMTP /** * Send raw data to the server. * - * @param string $data The data to send + * @param string $data The data to send + * @param string $command Optionally, the command this is part of, used only for controlling debug output * * @return int|bool The number of bytes sent to the server or false on error */ - public function client_send($data) + public function client_send($data, $command = '') { - $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT); + //If SMTP transcripts are left enabled, or debug output is posted online + //it can leak credentials, so hide credentials in all but lowest level + if (self::DEBUG_LOWLEVEL > $this->do_debug and + in_array($command, ['User & Password', 'Username', 'Password'], true)) { + $this->edebug('CLIENT -> SERVER: