diff --git a/lib/phpmailer/README_MOODLE.txt b/lib/phpmailer/README_MOODLE.txt index b9176cbfc43..22169bb54d9 100644 --- a/lib/phpmailer/README_MOODLE.txt +++ b/lib/phpmailer/README_MOODLE.txt @@ -1,4 +1,4 @@ -Description of PHPMailer 5.2.14 library import into Moodle +Description of PHPMailer 5.2.16 library import into Moodle We now use a vanilla version of phpmailer and do our customisations in a subclass. diff --git a/lib/phpmailer/VERSION b/lib/phpmailer/VERSION index ba678f2d2cf..56f1219b499 100644 --- a/lib/phpmailer/VERSION +++ b/lib/phpmailer/VERSION @@ -1 +1 @@ -5.2.14 \ No newline at end of file +5.2.16 \ No newline at end of file diff --git a/lib/phpmailer/class.phpmailer.php b/lib/phpmailer/class.phpmailer.php index e4dd00bf39e..f9013ebb174 100644 --- a/lib/phpmailer/class.phpmailer.php +++ b/lib/phpmailer/class.phpmailer.php @@ -31,7 +31,7 @@ class PHPMailer * The PHPMailer Version number. * @var string */ - public $Version = '5.2.14'; + public $Version = '5.2.16'; /** * Email priority. @@ -285,7 +285,7 @@ class PHPMailer /** * SMTP auth type. - * Options are LOGIN (default), PLAIN, NTLM, CRAM-MD5 + * Options are CRAM-MD5, LOGIN, PLAIN, NTLM, XOAUTH2, attempted in that order if not specified * @var string */ public $AuthType = ''; @@ -352,6 +352,7 @@ class PHPMailer /** * Whether to split multiple to addresses into multiple messages * or send them all in one message. + * Only supported in `mail` and `sendmail` transports, not in SMTP. * @var boolean */ public $SingleTo = false; @@ -394,7 +395,7 @@ class PHPMailer /** * DKIM Identity. - * Usually the email address used as the source of the email + * Usually the email address used as the source of the email. * @var string */ public $DKIM_identity = ''; @@ -446,6 +447,15 @@ class PHPMailer */ public $XMailer = ''; + /** + * Which validator to use by default when validating email addresses. + * May be a callable to inject your own validator, but there are several built-in validators. + * @see PHPMailer::validateAddress() + * @var string|callable + * @static + */ + public static $validator = 'auto'; + /** * An instance of the SMTP sender class. * @var SMTP @@ -634,9 +644,11 @@ class PHPMailer * Constructor. * @param boolean $exceptions Should we throw external exceptions? */ - public function __construct($exceptions = false) + public function __construct($exceptions = null) { - $this->exceptions = (boolean)$exceptions; + if ($exceptions !== null) { + $this->exceptions = (boolean)$exceptions; + } } /** @@ -645,9 +657,7 @@ class PHPMailer public function __destruct() { //Close any open SMTP connection nicely - if ($this->Mailer == 'smtp') { - $this->smtpClose(); - } + $this->smtpClose(); } /** @@ -671,7 +681,9 @@ class PHPMailer } else { $subject = $this->encodeHeader($this->secureHeader($subject)); } - if (ini_get('safe_mode') || !($this->UseSendmailOptions)) { + //Can't use additional_parameters in safe_mode + //@link http://php.net/manual/en/function.mail.php + if (ini_get('safe_mode') or !$this->UseSendmailOptions) { $result = @mail($to, $subject, $body, $header); } else { $result = @mail($to, $subject, $body, $header, $params); @@ -713,7 +725,7 @@ class PHPMailer case 'echo': default: //Normalize line breaks - $str = preg_replace('/(\r\n|\r|\n)/ms', "\n", $str); + $str = preg_replace('/\r\n?/ms', "\n", $str); echo gmdate('Y-m-d H:i:s') . "\t" . str_replace( "\n", "\n \t ", @@ -850,7 +862,7 @@ class PHPMailer $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim if (($pos = strrpos($address, '@')) === false) { // At-sign is misssing. - $error_message = $this->lang('invalid_address') . $address; + $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address"; $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -900,7 +912,7 @@ class PHPMailer return false; } if (!$this->validateAddress($address)) { - $error_message = $this->lang('invalid_address') . $address; + $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address"; $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -994,7 +1006,7 @@ class PHPMailer if (($pos = strrpos($address, '@')) === false or (!$this->has8bitChars(substr($address, ++$pos)) or !$this->idnSupported()) and !$this->validateAddress($address)) { - $error_message = $this->lang('invalid_address') . $address; + $error_message = $this->lang('invalid_address') . " (setFrom) $address"; $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1027,19 +1039,30 @@ class PHPMailer /** * Check that a string looks like an email address. * @param string $address The email address to check - * @param string $patternselect A selector for the validation pattern to use : + * @param string|callable $patternselect A selector for the validation pattern to use : * * `auto` Pick best pattern automatically; * * `pcre8` Use the squiloople.com pattern, requires PCRE > 8.0, PHP >= 5.3.2, 5.2.14; * * `pcre` Use old PCRE implementation; * * `php` Use PHP built-in FILTER_VALIDATE_EMAIL; * * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements. * * `noregex` Don't use a regex: super fast, really dumb. + * Alternatively you may pass in a callable to inject your own validator, for example: + * PHPMailer::validateAddress('user@example.com', function($address) { + * return (strpos($address, '@') !== false); + * }); + * You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator. * @return boolean * @static * @access public */ - public static function validateAddress($address, $patternselect = 'auto') + public static function validateAddress($address, $patternselect = null) { + if (is_null($patternselect)) { + $patternselect = self::$validator; + } + if (is_callable($patternselect)) { + return call_user_func($patternselect, $address); + } //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321 if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) { return false; @@ -1216,7 +1239,7 @@ class PHPMailer } $this->$address_kind = $this->punyencodeAddress($this->$address_kind); if (!$this->validateAddress($this->$address_kind)) { - $error_message = $this->lang('invalid_address') . $this->$address_kind; + $error_message = $this->lang('invalid_address') . ' (punyEncode) ' . $this->$address_kind; $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1227,7 +1250,7 @@ class PHPMailer } // Set whether the message is multipart/alternative - if (!empty($this->AltBody)) { + if ($this->alternativeExists()) { $this->ContentType = 'multipart/alternative'; } @@ -1404,9 +1427,9 @@ class PHPMailer } $to = implode(', ', $toArr); - if (empty($this->Sender)) { - $params = ' '; - } else { + $params = null; + //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver + if (!empty($this->Sender)) { $params = sprintf('-f%s', $this->Sender); } if ($this->Sender != '' and !ini_get('safe_mode')) { @@ -1414,7 +1437,7 @@ class PHPMailer ini_set('sendmail_from', $this->Sender); } $result = false; - if ($this->SingleTo && count($toArr) > 1) { + if ($this->SingleTo and count($toArr) > 1) { foreach ($toArr as $toAddr) { $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params); $this->doCallback($result, array($toAddr), $this->cc, $this->bcc, $this->Subject, $body, $this->From); @@ -1520,12 +1543,17 @@ class PHPMailer * @throws phpmailerException * @return boolean */ - public function smtpConnect($options = array()) + public function smtpConnect($options = null) { if (is_null($this->smtp)) { $this->smtp = $this->getSMTPInstance(); } + //If no options are provided, use whatever is set in the instance + if (is_null($options)) { + $options = $this->SMTPOptions; + } + // Already connected? if ($this->smtp->connected()) { return true; @@ -1595,7 +1623,7 @@ class PHPMailer if (!$this->smtp->startTLS()) { throw new phpmailerException($this->lang('connect_host')); } - // We must resend HELO after tls negotiation + // We must resend EHLO after TLS negotiation $this->smtp->hello($hello); } if ($this->SMTPAuth) { @@ -1634,7 +1662,7 @@ class PHPMailer */ public function smtpClose() { - if ($this->smtp !== null) { + if (is_a($this->smtp, 'SMTP')) { if ($this->smtp->connected()) { $this->smtp->quit(); $this->smtp->close(); @@ -1972,7 +2000,7 @@ class PHPMailer $result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject))); } - if ($this->MessageID != '') { + if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) { $this->lastMessageID = $this->MessageID; } else { $this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname()); @@ -2074,7 +2102,7 @@ class PHPMailer */ public function getSentMIMEMessage() { - return $this->MIMEHeader . $this->mailHeader . self::CRLF . $this->MIMEBody; + return rtrim($this->MIMEHeader . $this->mailHeader, "\n\r") . self::CRLF . self::CRLF . $this->MIMEBody; } /** @@ -2104,12 +2132,12 @@ class PHPMailer //Can we do a 7-bit downgrade? if ($bodyEncoding == '8bit' and !$this->has8bitChars($this->Body)) { $bodyEncoding = '7bit'; + //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $bodyCharSet = 'us-ascii'; } //If lines are too long, and we're not already using an encoding that will shorten them, - //change to quoted-printable transfer encoding + //change to quoted-printable transfer encoding for the body part only if ('base64' != $this->Encoding and self::hasLineLongerThanMax($this->Body)) { - $this->Encoding = 'quoted-printable'; $bodyEncoding = 'quoted-printable'; } @@ -2118,10 +2146,12 @@ class PHPMailer //Can we do a 7-bit downgrade? if ($altBodyEncoding == '8bit' and !$this->has8bitChars($this->AltBody)) { $altBodyEncoding = '7bit'; + //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $altBodyCharSet = 'us-ascii'; } - //If lines are too long, change to quoted-printable transfer encoding - if (self::hasLineLongerThanMax($this->AltBody)) { + //If lines are too long, and we're not already using an encoding that will shorten them, + //change to quoted-printable transfer encoding for the alt body part only + if ('base64' != $altBodyEncoding and self::hasLineLongerThanMax($this->AltBody)) { $altBodyEncoding = 'quoted-printable'; } //Use this as a preamble in all multipart message types @@ -2224,8 +2254,10 @@ class PHPMailer $body .= $this->attachAll('attachment', $this->boundary[1]); break; default: - // catch case 'plain' and case '' - $body .= $this->encodeString($this->Body, $bodyEncoding); + // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types + //Reset the `Encoding` property in case we changed it for line length reasons + $this->Encoding = $bodyEncoding; + $body .= $this->encodeString($this->Body, $this->Encoding); break; } @@ -2331,8 +2363,7 @@ class PHPMailer /** * Set the message type. - * PHPMailer only supports some preset message types, - * not arbitrary MIME structures. + * PHPMailer only supports some preset message types, not arbitrary MIME structures. * @access protected * @return void */ @@ -2350,6 +2381,7 @@ class PHPMailer } $this->message_type = implode('_', $type); if ($this->message_type == '') { + //The 'plain' message_type refers to the message having a single body element, not that it is plain-text $this->message_type = 'plain'; } } @@ -3296,7 +3328,7 @@ class PHPMailer $message ); } - } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[A-z]+://#', $url)) { + } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) { // Do not change urls for absolute images (thanks to corvuscorax) // Do not change urls that are already inline images $filename = basename($url); @@ -3332,7 +3364,7 @@ class PHPMailer // Convert all message body line breaks to CRLF, makes quoted-printable encoding work much better $this->Body = $this->normalizeBreaks($message); $this->AltBody = $this->normalizeBreaks($this->html2text($message, $advanced)); - if (empty($this->AltBody)) { + if (!$this->alternativeExists()) { $this->AltBody = 'To view this email message, open it in a program that understands HTML!' . self::CRLF . self::CRLF; } @@ -3657,11 +3689,13 @@ class PHPMailer if ($this->DKIM_passphrase != '') { $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase); } else { - $privKey = $privKeyStr; + $privKey = openssl_pkey_get_private($privKeyStr); } - if (openssl_sign($signHeader, $signature, $privKey)) { + if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { //sha1WithRSAEncryption + openssl_pkey_free($privKey); return base64_encode($signature); } + openssl_pkey_free($privKey); return ''; } @@ -3678,7 +3712,7 @@ class PHPMailer foreach ($lines as $key => $line) { list($heading, $value) = explode(':', $line, 2); $heading = strtolower($heading); - $value = preg_replace('/\s+/', ' ', $value); // Compress useless spaces + $value = preg_replace('/\s{2,}/', ' ', $value); // Compress useless spaces $lines[$key] = $heading . ':' . trim($value); // Don't forget to remove WSP around the value } $signHeader = implode("\r\n", $lines); @@ -3716,7 +3750,7 @@ class PHPMailer */ public function DKIM_Add($headers_line, $subject, $body) { - $DKIMsignatureType = 'rsa-sha1'; // Signature & hash algorithms + $DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization of header/body $DKIMquery = 'dns/txt'; // Query method $DKIMtime = time(); // Signature Timestamp = seconds since 00:00:00 - Jan 1, 1970 (UTC time zone) @@ -3724,6 +3758,7 @@ class PHPMailer $headers = explode($this->LE, $headers_line); $from_header = ''; $to_header = ''; + $date_header = ''; $current = ''; foreach ($headers as $header) { if (strpos($header, 'From:') === 0) { @@ -3732,6 +3767,9 @@ class PHPMailer } elseif (strpos($header, 'To:') === 0) { $to_header = $header; $current = 'to_header'; + } elseif (strpos($header, 'Date:') === 0) { + $date_header = $header; + $current = 'date_header'; } else { if (!empty($$current) && strpos($header, ' =?') === 0) { $$current .= $header; @@ -3742,6 +3780,7 @@ class PHPMailer } $from = str_replace('|', '=7C', $this->DKIM_QP($from_header)); $to = str_replace('|', '=7C', $this->DKIM_QP($to_header)); + $date = str_replace('|', '=7C', $this->DKIM_QP($date_header)); $subject = str_replace( '|', '=7C', @@ -3749,7 +3788,7 @@ class PHPMailer ); // Copied header fields (dkim-quoted-printable) $body = $this->DKIM_BodyC($body); $DKIMlen = strlen($body); // Length of body - $DKIMb64 = base64_encode(pack('H*', sha1($body))); // Base64 of packed binary SHA-1 hash of body + $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body if ('' == $this->DKIM_identity) { $ident = ''; } else { @@ -3762,16 +3801,18 @@ class PHPMailer $this->DKIM_selector . ";\r\n" . "\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" . - "\th=From:To:Subject;\r\n" . + "\th=From:To:Date:Subject;\r\n" . "\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" . "\tz=$from\r\n" . "\t|$to\r\n" . + "\t|$date\r\n" . "\t|$subject;\r\n" . "\tbh=" . $DKIMb64 . ";\r\n" . "\tb="; $toSign = $this->DKIM_HeaderC( $from_header . "\r\n" . $to_header . "\r\n" . + $date_header . "\r\n" . $subject_header . "\r\n" . $dkimhdrs ); diff --git a/lib/phpmailer/class.smtp.php b/lib/phpmailer/class.smtp.php index 2e32e2fce00..0c016f12191 100644 --- a/lib/phpmailer/class.smtp.php +++ b/lib/phpmailer/class.smtp.php @@ -30,7 +30,7 @@ class SMTP * The PHPMailer SMTP version number. * @var string */ - const VERSION = '5.2.14'; + const VERSION = '5.2.16'; /** * SMTP line break constant. @@ -81,7 +81,7 @@ class SMTP * @deprecated Use the `VERSION` constant instead * @see SMTP::VERSION */ - public $Version = '5.2.14'; + public $Version = '5.2.16'; /** * SMTP server port number. @@ -336,11 +336,22 @@ class SMTP if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) { return false; } + + //Allow the best TLS version(s) we can + $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT; + + //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT + //so add them back in manually if we can + if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) { + $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; + $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; + } + // Begin encrypted connection if (!stream_socket_enable_crypto( $this->smtp_conn, true, - STREAM_CRYPTO_METHOD_TLS_CLIENT + $crypto_method )) { return false; } @@ -389,7 +400,7 @@ class SMTP ); if (empty($authtype)) { - foreach (array('LOGIN', 'CRAM-MD5', 'NTLM', 'PLAIN', 'XOAUTH2') as $method) { + foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN', 'NTLM', 'XOAUTH2') as $method) { if (in_array($method, $this->server_caps['AUTH'])) { $authtype = $method; break; @@ -736,7 +747,7 @@ class SMTP protected function parseHelloFields($type) { $this->server_caps = array(); - $lines = explode("\n", $this->last_reply); + $lines = explode("\n", $this->helo_rply); foreach ($lines as $n => $s) { //First 4 chars contain response code followed by - or space diff --git a/lib/phpmailer/language/phpmailer.lang-ka.php b/lib/phpmailer/language/phpmailer.lang-ka.php index cdf3168783d..dd1af8abec5 100644 --- a/lib/phpmailer/language/phpmailer.lang-ka.php +++ b/lib/phpmailer/language/phpmailer.lang-ka.php @@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing'] = 'ხელმოწერის შე $PHPMAILER_LANG['smtp_connect_failed'] = 'შეცდომა SMTP სერვერთან დაკავშირებისას'; $PHPMAILER_LANG['smtp_error'] = 'SMTP სერვერის შეცდომა: '; $PHPMAILER_LANG['variable_set'] = 'შეუძლებელია შემდეგი ცვლადის შექმნა ან შეცვლა: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'ბიბლიოთეკა არ არსებობს: '; diff --git a/lib/phpmailer/language/phpmailer.lang-pl.php b/lib/phpmailer/language/phpmailer.lang-pl.php index 991914faf93..3da0dee91f1 100644 --- a/lib/phpmailer/language/phpmailer.lang-pl.php +++ b/lib/phpmailer/language/phpmailer.lang-pl.php @@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing'] = 'Błąd podpisywania wiadomości: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() zakończone niepowodzeniem.'; $PHPMAILER_LANG['smtp_error'] = 'Błąd SMTP: '; $PHPMAILER_LANG['variable_set'] = 'Nie można ustawić lub zmodyfikować zmiennej: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Brakujące rozszerzenie: '; diff --git a/lib/phpmailer/language/phpmailer.lang-ru.php b/lib/phpmailer/language/phpmailer.lang-ru.php index 50020d5df45..4066f6b451c 100644 --- a/lib/phpmailer/language/phpmailer.lang-ru.php +++ b/lib/phpmailer/language/phpmailer.lang-ru.php @@ -18,9 +18,9 @@ $PHPMAILER_LANG['instantiate'] = 'Невозможно запустит $PHPMAILER_LANG['provide_address'] = 'Пожалуйста, введите хотя бы один адрес e-mail получателя.'; $PHPMAILER_LANG['mailer_not_supported'] = ' — почтовый сервер не поддерживается.'; $PHPMAILER_LANG['recipients_failed'] = 'Ошибка SMTP: отправка по следующим адресам получателей не удалась: '; -$PHPMAILER_LANG['empty_message'] = 'Пустое тело сообщения'; +$PHPMAILER_LANG['empty_message'] = 'Пустое сообщение'; $PHPMAILER_LANG['invalid_address'] = 'Не отослано, неправильный формат email адреса: '; -$PHPMAILER_LANG['signing'] = 'Ошибка подписывания: '; +$PHPMAILER_LANG['signing'] = 'Ошибка подписи: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Ошибка соединения с SMTP-сервером'; $PHPMAILER_LANG['smtp_error'] = 'Ошибка SMTP-сервера: '; $PHPMAILER_LANG['variable_set'] = 'Невозможно установить или переустановить переменную: '; diff --git a/lib/thirdpartylibs.xml b/lib/thirdpartylibs.xml index 8acc232fc55..3adb90bb79e 100644 --- a/lib/thirdpartylibs.xml +++ b/lib/thirdpartylibs.xml @@ -116,7 +116,7 @@ phpmailer PHPMailer LGPL - 5.2.14 + 5.2.16 2.1