Changeset 50628

Timestamp:

03/31/2021 09:28:10 PM (3 years ago)

Author:

ocean90

Message:

External Libraries: Upgrade PHPMailer from 6.3.0 to 6.4.0.

6.4.0 reverts a change that made the mail() and sendmail transports set the envelope sender if one isn't explicitly provided, as it was causing problems in specific PHP/server configurations.

Release post: ​https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.0
Changelog: ​https://github.com/PHPMailer/PHPMailer/compare/v6.3.0...v6.4.0

Props Synchro, tigertech, ayeshrajans, galbaras, audrasjb, SergeyBiryukov, desrosj, ocean90.
Fixes #52822.

Location:

trunk/src/wp-includes/PHPMailer

Files:

• PHPMailer.php (modified) (6 diffs)
• SMTP.php (modified) (2 diffs)

trunk/src/wp-includes/PHPMailer/PHPMailer.php

@@ -749 +749 @@
      * @var string
      */
-    const VERSION = '6.3.0';
+    const VERSION = '6..0';
 
     /**
@@ -1200 +1200 @@
                 ) {
                     //Decode the name part if it's present and encoded
-                    if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) {
+                    if (
+                        property_exists($address, 'personal') &&
+                        extension_loaded('mbstring') &&
+                        preg_match('/^=\?.*\?=$/', $address->personal)
+                    ) {
                         $address->personal = mb_decode_mimeheader($address->personal);
                     }
@@ -1683 +1687 @@
         //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
         //Example problem: https://www.drupal.org/node/1057954
-        //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
-        if ('' === $this->Sender) {
-            $this->Sender = $this->From;
-        }
         if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
             //PHP config has a sender address we can use
@@ -1692 +1692 @@
         }
         //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
-        //But sendmail requires this param, so fail without it
         if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
             if ($this->Mailer === 'qmail') {
@@ -1700 +1699 @@
             }
         } else {
-            $this->edebug('Sender address unusable or missing: ' . $this->Sender);
-            return false;
+            //allow sendmail to choose a default envelope sender. It may
+            //seem preferable to force it to use the From header as with
+            //SMTP, but that introduces new problems (see
+            //<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
+            //it has historically worked this way.
+            $sendmailFmt = '%s -oi -t';
         }
 
@@ -1861 +1864 @@
         //Example problem: https://www.drupal.org/node/1057954
         //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
-        if ('' === $this->Sender) {
-            $this->Sender = $this->From;
-        }
         if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
             //PHP config has a sender address we can use

trunk/src/wp-includes/PHPMailer/SMTP.php

@@ -36 +36 @@
      * @var string
      */
-    const VERSION = '6.3.0';
+    const VERSION = '6..0';
 
     /**
@@ -554 +554 @@
                 //Send encoded username and password
                 if (
+
+
                     !$this->sendCommand(
                         'User & Password',