Changeset 52749

Timestamp:

02/17/2022 01:21:44 PM (2 years ago)

Author:

SergeyBiryukov

Message:

External Libraries: Upgrade PHPMailer to version 6.5.4.

The latest release includes some minor PHP cross-version improvements and a safeguard against hosters disabling security functions. Note to hosting providers: don't disable escapeshellarg() and escapeshellcmd(); it's not safe!

Release notes:
​https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.4

For a full list of changes in this update, see the PHPMailer GitHub:
​https://github.com/PHPMailer/PHPMailer/compare/v6.5.3...v6.5.4

Follow-up to [50628], [50799], [51169], [51634], [51635], [52252].

Props jrf, Synchro.
Fixes #55187.

Location:

trunk/src/wp-includes/PHPMailer

Files:

• PHPMailer.php (modified) (6 diffs)
• SMTP.php (modified) (2 diffs)

trunk/src/wp-includes/PHPMailer/PHPMailer.php

@@ -751 +751 @@
      * @var string
      */
-    const VERSION = '6.5.3';
+    const VERSION = '6.5.';
 
     /**
@@ -1186 +1186 @@
      * @param string $addrstr The address list string
      * @param bool   $useimap Whether to use the IMAP extension to parse the list
+
      *
      * @return array
@@ -1745 +1746 @@
                 fwrite($mail, $body);
                 $result = pclose($mail);
-                $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
+                $addrinfo = static::parseAddresses($toAddr, true, $this->harSet);
                 $this->doCallback(
                     ($result === 0),
@@ -1800 +1801 @@
     protected static function isShellSafe($string)
     {
-        //Future-proof
+        //It's not possible to use shell commands safely (which includes the mail() function) without escapeshellarg,
+        //but some hosting providers disable it, creating a security problem that we don't want to have to deal with,
+        //so we don't.
+        if (!function_exists('escapeshellarg') || !function_exists('escapeshellcmd')) {
+            return false;
+        }
+
         if (
             escapeshellcmd($string) !== $string
@@ -1908 +1915 @@
             foreach ($toArr as $toAddr) {
                 $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
-                $addrinfo = static::parseAddresses($toAddr, true, $this->charSet);
+                $addrinfo = static::parseAddresses($toAddr, true, $this->harSet);
                 $this->doCallback(
                     $result,
@@ -2633 +2640 @@
         }
         if ('' === $this->XMailer) {
+
             $result .= $this->headerLine(
                 'X-Mailer',
                 'PHPMailer ' . self::VERSION . ' (https://github.com/PHPMailer/PHPMailer)'
             );
-        } else {
-            $myXmailer = trim($this->XMailer);
-            if ($myXmailer) {
-                $result .= $this->headerLine('X-Mailer', $myXmailer);
-            }
-        }
+        } elseif (is_string($this->XMailer) && trim($this->XMailer) !== '') {
+            //Some string
+            $result .= $this->headerLine('X-Mailer', trim($this->XMailer));
+        } //Other values result in no X-Mailer header
 
         if ('' !== $this->ConfirmReadingTo) {

trunk/src/wp-includes/PHPMailer/SMTP.php

@@ -36 +36 @@
      * @var string
      */
-    const VERSION = '6.5.3';
+    const VERSION = '6.5.';
 
     /**
@@ -188 +188 @@
         'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/',
         'Haraka' => '/[\d]{3} Message Queued \((.*)\)/',
+
     ];