From 0d8da2d66503a453ede62953ef30d0470187381f Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Sun, 21 Feb 2021 09:34:05 +0000 Subject: [PATCH] External Libraries: Upgrade PHPMailer to version 6.3.0. This is a maintenance release. Changes include: * Handle early connection errors such as 421 during connection and EHLO states. * Make the `mail()` and sendmail transports set the envelope sender the same way as SMTP does, i.e. use whatever `From` is set to, only falling back to the `sendmail_from` php.ini setting if `From` is unset. This avoids errors from the `mail()` function if `Sender` is not set explicitly and php.ini is not configured. This is a minor functionality change, so bumps the minor version number. * Extend `parseAddresses` to decode encoded names. Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.3.0 For a full list of changes in this update, see the PHPMailer GitHub: https://github.com/PHPMailer/PHPMailer/compare/v6.2.0...v6.3.0 Props ayeshrajans. Fixes #52577. Built from https://develop.svn.wordpress.org/trunk@50397 git-svn-id: http://core.svn.wordpress.org/trunk@50008 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/PHPMailer/PHPMailer.php | 384 ++++++++++++++++------------ wp-includes/PHPMailer/SMTP.php | 114 +++++---- wp-includes/version.php | 2 +- 3 files changed, 287 insertions(+), 213 deletions(-) diff --git a/wp-includes/PHPMailer/PHPMailer.php b/wp-includes/PHPMailer/PHPMailer.php index 31646b2a84..52e2027859 100644 --- a/wp-includes/PHPMailer/PHPMailer.php +++ b/wp-includes/PHPMailer/PHPMailer.php @@ -748,7 +748,7 @@ class PHPMailer * * @var string */ - const VERSION = '6.2.0'; + const VERSION = '6.3.0'; /** * Error severity: message only, continue processing. @@ -862,18 +862,25 @@ class PHPMailer $subject = $this->encodeHeader($this->secureHeader($subject)); } //Calling mail() with null params breaks + $this->edebug('Sending with mail()'); + $this->edebug('Sendmail path: ' . ini_get('sendmail_path')); + $this->edebug("Envelope sender: {$this->Sender}"); + $this->edebug("To: {$to}"); + $this->edebug("Subject: {$subject}"); + $this->edebug("Headers: {$header}"); if (!$this->UseSendmailOptions || null === $params) { $result = @mail($to, $subject, $body, $header); } else { + $this->edebug("Additional params: {$params}"); $result = @mail($to, $subject, $body, $header, $params); } - + $this->edebug('Result: ' . ($result ? 'true' : 'false')); return $result; } /** - * Output debugging info via user-defined method. - * Only generates output if SMTP debug output is enabled (@see SMTP::$do_debug). + * Output debugging info via a user-defined method. + * Only generates output if debug output is enabled. * * @see PHPMailer::$Debugoutput * @see PHPMailer::$SMTPDebug @@ -1070,7 +1077,7 @@ class PHPMailer $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim $pos = strrpos($address, '@'); if (false === $pos) { - // At-sign is missing. + //At-sign is missing. $error_message = sprintf( '%s (%s): %s', $this->lang('invalid_address'), @@ -1086,7 +1093,7 @@ class PHPMailer return false; } $params = [$kind, $address, $name]; - // Enqueue addresses with IDN until we know the PHPMailer::$CharSet. + //Enqueue addresses with IDN until we know the PHPMailer::$CharSet. if (static::idnSupported() && $this->has8bitChars(substr($address, ++$pos))) { if ('Reply-To' !== $kind) { if (!array_key_exists($address, $this->RecipientsQueue)) { @@ -1103,7 +1110,7 @@ class PHPMailer return false; } - // Immediately add standard addresses without IDN. + //Immediately add standard addresses without IDN. return call_user_func_array([$this, 'addAnAddress'], $params); } @@ -1191,6 +1198,11 @@ class PHPMailer $address->mailbox . '@' . $address->host ) ) { + //Decode the name part if it's present and encoded + if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) { + $address->personal = mb_decode_mimeheader($address->personal); + } + $addresses[] = [ 'name' => (property_exists($address, 'personal') ? $address->personal : ''), 'address' => $address->mailbox . '@' . $address->host, @@ -1214,9 +1226,15 @@ class PHPMailer } else { list($name, $email) = explode('<', $address); $email = trim(str_replace('>', '', $email)); + $name = trim($name); if (static::validateAddress($email)) { + //If this name is encoded, decode it + if (preg_match('/^=\?.*\?=$/', $name)) { + $name = mb_decode_mimeheader($name); + } $addresses[] = [ - 'name' => trim(str_replace(['"', "'"], '', $name)), + //Remove any surrounding quotes and spaces from the name + 'name' => trim($name, '\'" '), 'address' => $email, ]; } @@ -1242,7 +1260,7 @@ class PHPMailer { $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim - // Don't validate now addresses with IDN. Will be done in send(). + //Don't validate now addresses with IDN. Will be done in send(). $pos = strrpos($address, '@'); if ( (false === $pos) @@ -1395,7 +1413,7 @@ class PHPMailer */ public function punyencodeAddress($address) { - // Verify we have required functions, CharSet, and at-sign. + //Verify we have required functions, CharSet, and at-sign. $pos = strrpos($address, '@'); if ( !empty($this->CharSet) && @@ -1403,17 +1421,21 @@ class PHPMailer static::idnSupported() ) { $domain = substr($address, ++$pos); - // Verify CharSet string is a valid one, and domain properly encoded in this CharSet. + //Verify CharSet string is a valid one, and domain properly encoded in this CharSet. if ($this->has8bitChars($domain) && @mb_check_encoding($domain, $this->CharSet)) { - $domain = mb_convert_encoding($domain, 'UTF-8', $this->CharSet); + //Convert the domain from whatever charset it's in to UTF-8 + $domain = mb_convert_encoding($domain, self::CHARSET_UTF8, $this->CharSet); //Ignore IDE complaints about this line - method signature changed in PHP 5.4 $errorcode = 0; if (defined('INTL_IDNA_VARIANT_UTS46')) { - $punycode = idn_to_ascii($domain, $errorcode, INTL_IDNA_VARIANT_UTS46); + //Use the current punycode standard (appeared in PHP 7.2) + $punycode = idn_to_ascii($domain, $errorcode, \INTL_IDNA_VARIANT_UTS46); } elseif (defined('INTL_IDNA_VARIANT_2003')) { + //Fall back to this old, deprecated/removed encoding // phpcs:ignore PHPCompatibility.Constants.RemovedConstants.intl_idna_variant_2003Deprecated - $punycode = idn_to_ascii($domain, $errorcode, INTL_IDNA_VARIANT_2003); + $punycode = idn_to_ascii($domain, $errorcode, \INTL_IDNA_VARIANT_2003); } else { + //Fall back to a default we don't know about // phpcs:ignore PHPCompatibility.ParameterValues.NewIDNVariantDefault.NotSet $punycode = idn_to_ascii($domain, $errorcode); } @@ -1464,7 +1486,7 @@ class PHPMailer { if ( 'smtp' === $this->Mailer - || ('mail' === $this->Mailer && (PHP_VERSION_ID >= 80000 || stripos(PHP_OS, 'WIN') === 0)) + || ('mail' === $this->Mailer && (\PHP_VERSION_ID >= 80000 || stripos(PHP_OS, 'WIN') === 0)) ) { //SMTP mandates RFC-compliant line endings //and it's also used with mail() on Windows @@ -1476,8 +1498,8 @@ class PHPMailer //Check for buggy PHP versions that add a header with an incorrect line break if ( 'mail' === $this->Mailer - && ((PHP_VERSION_ID >= 70000 && PHP_VERSION_ID < 70017) - || (PHP_VERSION_ID >= 70100 && PHP_VERSION_ID < 70103)) + && ((\PHP_VERSION_ID >= 70000 && \PHP_VERSION_ID < 70017) + || (\PHP_VERSION_ID >= 70100 && \PHP_VERSION_ID < 70103)) && ini_get('mail.add_x_header') === '1' && stripos(PHP_OS, 'WIN') === 0 ) { @@ -1490,10 +1512,10 @@ class PHPMailer } try { - $this->error_count = 0; // Reset errors + $this->error_count = 0; //Reset errors $this->mailHeader = ''; - // Dequeue recipient and Reply-To addresses with IDN + //Dequeue recipient and Reply-To addresses with IDN foreach (array_merge($this->RecipientsQueue, $this->ReplyToQueue) as $params) { $params[1] = $this->punyencodeAddress($params[1]); call_user_func_array([$this, 'addAnAddress'], $params); @@ -1502,7 +1524,7 @@ class PHPMailer throw new Exception($this->lang('provide_address'), self::STOP_CRITICAL); } - // Validate From, Sender, and ConfirmReadingTo addresses + //Validate From, Sender, and ConfirmReadingTo addresses foreach (['From', 'Sender', 'ConfirmReadingTo'] as $address_kind) { $this->$address_kind = trim($this->$address_kind); if (empty($this->$address_kind)) { @@ -1526,29 +1548,29 @@ class PHPMailer } } - // Set whether the message is multipart/alternative + //Set whether the message is multipart/alternative if ($this->alternativeExists()) { $this->ContentType = static::CONTENT_TYPE_MULTIPART_ALTERNATIVE; } $this->setMessageType(); - // Refuse to send an empty message unless we are specifically allowing it + //Refuse to send an empty message unless we are specifically allowing it if (!$this->AllowEmpty && empty($this->Body)) { throw new Exception($this->lang('empty_message'), self::STOP_CRITICAL); } //Trim subject consistently $this->Subject = trim($this->Subject); - // Create body before headers in case body makes changes to headers (e.g. altering transfer encoding) + //Create body before headers in case body makes changes to headers (e.g. altering transfer encoding) $this->MIMEHeader = ''; $this->MIMEBody = $this->createBody(); - // createBody may have added some headers, so retain them + //createBody may have added some headers, so retain them $tempheaders = $this->MIMEHeader; $this->MIMEHeader = $this->createHeader(); $this->MIMEHeader .= $tempheaders; - // To capture the complete message when using mail(), create - // an extra header list which createHeader() doesn't fold in + //To capture the complete message when using mail(), create + //an extra header list which createHeader() doesn't fold in if ('mail' === $this->Mailer) { if (count($this->to) > 0) { $this->mailHeader .= $this->addrAppend('To', $this->to); @@ -1561,7 +1583,7 @@ class PHPMailer ); } - // Sign with DKIM if enabled + //Sign with DKIM if enabled if ( !empty($this->DKIM_domain) && !empty($this->DKIM_selector) @@ -1602,7 +1624,7 @@ class PHPMailer public function postSend() { try { - // Choose the mailer and send through it + //Choose the mailer and send through it switch ($this->Mailer) { case 'sendmail': case 'qmail': @@ -1647,22 +1669,45 @@ class PHPMailer */ protected function sendmailSend($header, $body) { + if ($this->Mailer === 'qmail') { + $this->edebug('Sending with qmail'); + } else { + $this->edebug('Sending with sendmail'); + } $header = static::stripTrailingWSP($header) . static::$LE . static::$LE; - - // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. - if (!empty($this->Sender) && self::isShellSafe($this->Sender)) { - if ('qmail' === $this->Mailer) { + //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver + //A space after `-f` is optional, but there is a long history of its presence + //causing problems, so we don't use one + //Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html + //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html + //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html + //Example problem: https://www.drupal.org/node/1057954 + //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. + if ('' === $this->Sender) { + $this->Sender = $this->From; + } + if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) { + //PHP config has a sender address we can use + $this->Sender = ini_get('sendmail_from'); + } + //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. + //But sendmail requires this param, so fail without it + if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) { + if ($this->Mailer === 'qmail') { $sendmailFmt = '%s -f%s'; } else { $sendmailFmt = '%s -oi -f%s -t'; } - } elseif ('qmail' === $this->Mailer) { - $sendmailFmt = '%s'; } else { - $sendmailFmt = '%s -oi -t'; + $this->edebug('Sender address unusable or missing: ' . $this->Sender); + return false; } $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender); + $this->edebug('Sendmail path: ' . $this->Sendmail); + $this->edebug('Sendmail command: ' . $sendmail); + $this->edebug('Envelope sender: ' . $this->Sender); + $this->edebug("Headers: {$header}"); if ($this->SingleTo) { foreach ($this->SingleToArray as $toAddr) { @@ -1670,6 +1715,7 @@ class PHPMailer if (!$mail) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } + $this->edebug("To: {$toAddr}"); fwrite($mail, 'To: ' . $toAddr . "\n"); fwrite($mail, $header); fwrite($mail, $body); @@ -1684,6 +1730,7 @@ class PHPMailer $this->From, [] ); + $this->edebug("Result: " . ($result === 0 ? 'true' : 'false')); if (0 !== $result) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } @@ -1706,6 +1753,7 @@ class PHPMailer $this->From, [] ); + $this->edebug("Result: " . ($result === 0 ? 'true' : 'false')); if (0 !== $result) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } @@ -1726,7 +1774,7 @@ class PHPMailer */ protected static function isShellSafe($string) { - // Future-proof + //Future-proof if ( escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), ["'$string'", "\"$string\""]) @@ -1739,9 +1787,9 @@ class PHPMailer for ($i = 0; $i < $length; ++$i) { $c = $string[$i]; - // All other characters have a special meaning in at least one common shell, including = and +. - // Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here. - // Note that this does permit non-Latin alphanumeric characters based on the current locale. + //All other characters have a special meaning in at least one common shell, including = and +. + //Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here. + //Note that this does permit non-Latin alphanumeric characters based on the current locale. if (!ctype_alnum($c) && strpos('@_-.', $c) === false) { return false; } @@ -1811,11 +1859,18 @@ class PHPMailer //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html //Example problem: https://www.drupal.org/node/1057954 - // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. - if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) { - $params = sprintf('-f%s', $this->Sender); + //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. + if ('' === $this->Sender) { + $this->Sender = $this->From; + } + if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) { + //PHP config has a sender address we can use + $this->Sender = ini_get('sendmail_from'); } if (!empty($this->Sender) && static::validateAddress($this->Sender)) { + if (self::isShellSafe($this->Sender)) { + $params = sprintf('-f%s', $this->Sender); + } $old_from = ini_get('sendmail_from'); ini_set('sendmail_from', $this->Sender); } @@ -1901,7 +1956,7 @@ class PHPMailer } $callbacks = []; - // Attempt to send to all recipients + //Attempt to send to all recipients foreach ([$this->to, $this->cc, $this->bcc] as $togroup) { foreach ($togroup as $to) { if (!$this->smtp->recipient($to[0], $this->dsn)) { @@ -1916,7 +1971,7 @@ class PHPMailer } } - // Only send the DATA command if we have viable recipients + //Only send the DATA command if we have viable recipients if ((count($this->all_recipients) > count($bad_rcpt)) && !$this->smtp->data($header . $body)) { throw new Exception($this->lang('data_not_accepted'), self::STOP_CRITICAL); } @@ -1978,7 +2033,7 @@ class PHPMailer $options = $this->SMTPOptions; } - // Already connected? + //Already connected? if ($this->smtp->connected()) { return true; } @@ -2000,14 +2055,14 @@ class PHPMailer ) ) { $this->edebug($this->lang('invalid_hostentry') . ' ' . trim($hostentry)); - // Not a valid host entry + //Not a valid host entry continue; } - // $hostinfo[1]: optional ssl or tls prefix - // $hostinfo[2]: the hostname - // $hostinfo[3]: optional port number - // The host string prefix can temporarily override the current setting for SMTPSecure - // If it's not specified, the default value is used + //$hostinfo[1]: optional ssl or tls prefix + //$hostinfo[2]: the hostname + //$hostinfo[3]: optional port number + //The host string prefix can temporarily override the current setting for SMTPSecure + //If it's not specified, the default value is used //Check the host name is a valid name or IP address before trying to use it if (!static::isValidHost($hostinfo[2])) { @@ -2019,11 +2074,11 @@ class PHPMailer $tls = (static::ENCRYPTION_STARTTLS === $this->SMTPSecure); if ('ssl' === $hostinfo[1] || ('' === $hostinfo[1] && static::ENCRYPTION_SMTPS === $this->SMTPSecure)) { $prefix = 'ssl://'; - $tls = false; // Can't have SSL and TLS at the same time + $tls = false; //Can't have SSL and TLS at the same time $secure = static::ENCRYPTION_SMTPS; } elseif ('tls' === $hostinfo[1]) { $tls = true; - // tls doesn't use a prefix + //TLS doesn't use a prefix $secure = static::ENCRYPTION_STARTTLS; } //Do we need the OpenSSL extension? @@ -2053,10 +2108,10 @@ class PHPMailer } $this->smtp->hello($hello); //Automatically enable TLS encryption if: - // * it's not disabled - // * we have openssl extension - // * we are not already using SSL - // * the server offers STARTTLS + //* it's not disabled + //* we have openssl extension + //* we are not already using SSL + //* the server offers STARTTLS if ($this->SMTPAutoTLS && $sslext && 'ssl' !== $secure && $this->smtp->getServerExt('STARTTLS')) { $tls = true; } @@ -2064,7 +2119,7 @@ class PHPMailer if (!$this->smtp->startTLS()) { throw new Exception($this->lang('connect_host')); } - // We must resend EHLO after TLS negotiation + //We must resend EHLO after TLS negotiation $this->smtp->hello($hello); } if ( @@ -2082,14 +2137,14 @@ class PHPMailer } catch (Exception $exc) { $lastexception = $exc; $this->edebug($exc->getMessage()); - // We must have connected, but then failed TLS or Auth, so close connection nicely + //We must have connected, but then failed TLS or Auth, so close connection nicely $this->smtp->quit(); } } } - // If we get here, all connection attempts have failed, so close connection hard + //If we get here, all connection attempts have failed, so close connection hard $this->smtp->close(); - // As we've caught all exceptions, just report whatever the last one was + //As we've caught all exceptions, just report whatever the last one was if ($this->exceptions && null !== $lastexception) { throw $lastexception; } @@ -2120,7 +2175,7 @@ class PHPMailer */ public function setLanguage($langcode = 'en', $lang_path = '') { - // Backwards compatibility for renamed language codes + //Backwards compatibility for renamed language codes $renamed_langcodes = [ 'br' => 'pt_br', 'cz' => 'cs', @@ -2136,7 +2191,7 @@ class PHPMailer $langcode = $renamed_langcodes[$langcode]; } - // Define full set of translatable strings in English + //Define full set of translatable strings in English $PHPMAILER_LANG = [ 'authenticate' => 'SMTP Error: Could not authenticate.', 'connect_host' => 'SMTP Error: Could not connect to SMTP host.', @@ -2161,7 +2216,7 @@ class PHPMailer 'extension_missing' => 'Extension missing: ', ]; if (empty($lang_path)) { - // Calculate an absolute path so it can work if CWD is not here + //Calculate an absolute path so it can work if CWD is not here $lang_path = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR; } //Validate $langcode @@ -2170,20 +2225,20 @@ class PHPMailer } $foundlang = true; $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php'; - // There is no English translation file + //There is no English translation file if ('en' !== $langcode) { - // Make sure language file path is readable + //Make sure language file path is readable if (!static::fileIsAccessible($lang_file)) { $foundlang = false; } else { - // Overwrite language-specific strings. - // This way we'll never have missing translation keys. + //Overwrite language-specific strings. + //This way we'll never have missing translation keys. $foundlang = include $lang_file; } } $this->language = $PHPMAILER_LANG; - return (bool) $foundlang; // Returns false if language not found + return (bool) $foundlang; //Returns false if language not found } /** @@ -2227,7 +2282,7 @@ class PHPMailer */ public function addrFormat($addr) { - if (empty($addr[1])) { // No name provided + if (empty($addr[1])) { //No name provided return $this->secureHeader($addr[0]); } @@ -2254,8 +2309,8 @@ class PHPMailer } else { $soft_break = static::$LE; } - // If utf-8 encoding is used, we will need to make sure we don't - // split multibyte characters when we wrap + //If utf-8 encoding is used, we will need to make sure we don't + //split multibyte characters when we wrap $is_utf8 = static::CHARSET_UTF8 === strtolower($this->CharSet); $lelen = strlen(static::$LE); $crlflen = strlen(static::$LE); @@ -2355,29 +2410,29 @@ class PHPMailer $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack); $encodedCharPos = strpos($lastChunk, '='); if (false !== $encodedCharPos) { - // Found start of encoded character byte within $lookBack block. - // Check the encoded byte value (the 2 chars after the '=') + //Found start of encoded character byte within $lookBack block. + //Check the encoded byte value (the 2 chars after the '=') $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2); $dec = hexdec($hex); if ($dec < 128) { - // Single byte character. - // If the encoded char was found at pos 0, it will fit - // otherwise reduce maxLength to start of the encoded char + //Single byte character. + //If the encoded char was found at pos 0, it will fit + //otherwise reduce maxLength to start of the encoded char if ($encodedCharPos > 0) { $maxLength -= $lookBack - $encodedCharPos; } $foundSplitPos = true; } elseif ($dec >= 192) { - // First byte of a multi byte character - // Reduce maxLength to split at start of character + //First byte of a multi byte character + //Reduce maxLength to split at start of character $maxLength -= $lookBack - $encodedCharPos; $foundSplitPos = true; } elseif ($dec < 192) { - // Middle byte of a multi byte character, look further back + //Middle byte of a multi byte character, look further back $lookBack += 3; } } else { - // No encoded character found + //No encoded character found $foundSplitPos = true; } } @@ -2421,7 +2476,7 @@ class PHPMailer $result .= $this->headerLine('Date', '' === $this->MessageDate ? self::rfcDate() : $this->MessageDate); - // The To header is created automatically by mail(), so needs to be omitted here + //The To header is created automatically by mail(), so needs to be omitted here if ('mail' !== $this->Mailer) { if ($this->SingleTo) { foreach ($this->to as $toaddr) { @@ -2435,12 +2490,12 @@ class PHPMailer } $result .= $this->addrAppend('From', [[trim($this->From), $this->FromName]]); - // sendmail and mail() extract Cc from the header before sending + //sendmail and mail() extract Cc from the header before sending if (count($this->cc) > 0) { $result .= $this->addrAppend('Cc', $this->cc); } - // sendmail and mail() extract Bcc from the header before sending + //sendmail and mail() extract Bcc from the header before sending if ( ( 'sendmail' === $this->Mailer || 'qmail' === $this->Mailer || 'mail' === $this->Mailer @@ -2454,13 +2509,13 @@ class PHPMailer $result .= $this->addrAppend('Reply-To', $this->ReplyTo); } - // mail() sets the subject itself + //mail() sets the subject itself if ('mail' !== $this->Mailer) { $result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject))); } - // Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4 - // https://tools.ietf.org/html/rfc5322#section-3.6.4 + //Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4 + //https://tools.ietf.org/html/rfc5322#section-3.6.4 if ('' !== $this->MessageID && preg_match('/^<.*@.*>$/', $this->MessageID)) { $this->lastMessageID = $this->MessageID; } else { @@ -2486,7 +2541,7 @@ class PHPMailer $result .= $this->headerLine('Disposition-Notification-To', '<' . $this->ConfirmReadingTo . '>'); } - // Add custom headers + //Add custom headers foreach ($this->CustomHeader as $header) { $result .= $this->headerLine( trim($header[0]), @@ -2528,28 +2583,24 @@ class PHPMailer $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; default: - // Catches case 'plain': and case '': + //Catches case 'plain': and case '': $result .= $this->textLine('Content-Type: ' . $this->ContentType . '; charset=' . $this->CharSet); $ismultipart = false; break; } - // RFC1341 part 5 says 7bit is assumed if not specified + //RFC1341 part 5 says 7bit is assumed if not specified if (static::ENCODING_7BIT !== $this->Encoding) { - // RFC 2045 section 6.4 says multipart MIME parts may only use 7bit, 8bit or binary CTE + //RFC 2045 section 6.4 says multipart MIME parts may only use 7bit, 8bit or binary CTE if ($ismultipart) { if (static::ENCODING_8BIT === $this->Encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', static::ENCODING_8BIT); } - // The only remaining alternatives are quoted-printable and base64, which are both 7bit compatible + //The only remaining alternatives are quoted-printable and base64, which are both 7bit compatible } else { $result .= $this->headerLine('Content-Transfer-Encoding', $this->Encoding); } } - if ('mail' !== $this->Mailer) { -// $result .= static::$LE; - } - return $result; } @@ -2818,7 +2869,7 @@ class PHPMailer $body .= $this->attachAll('attachment', $this->boundary[1]); break; default: - // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types + //Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types //Reset the `Encoding` property in case we changed it for line length reasons $this->Encoding = $bodyEncoding; $body .= $this->encodeString($this->Body, $this->Encoding); @@ -2909,7 +2960,7 @@ class PHPMailer $result .= $this->textLine('--' . $boundary); $result .= sprintf('Content-Type: %s; charset=%s', $contentType, $charSet); $result .= static::$LE; - // RFC1341 part 5 says 7bit is assumed if not specified + //RFC1341 part 5 says 7bit is assumed if not specified if (static::ENCODING_7BIT !== $encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', $encoding); } @@ -3007,7 +3058,7 @@ class PHPMailer throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); } - // If a MIME type is not specified, try to work it out from the file name + //If a MIME type is not specified, try to work it out from the file name if ('' === $type) { $type = static::filenameToType($path); } @@ -3026,7 +3077,7 @@ class PHPMailer 2 => $name, 3 => $encoding, 4 => $type, - 5 => false, // isStringAttachment + 5 => false, //isStringAttachment 6 => $disposition, 7 => $name, ]; @@ -3066,16 +3117,16 @@ class PHPMailer */ protected function attachAll($disposition_type, $boundary) { - // Return text of body + //Return text of body $mime = []; $cidUniq = []; $incl = []; - // Add all attachments + //Add all attachments foreach ($this->attachment as $attachment) { - // Check if it is a valid disposition_filter + //Check if it is a valid disposition_filter if ($attachment[6] === $disposition_type) { - // Check for string attachment + //Check for string attachment $string = ''; $path = ''; $bString = $attachment[5]; @@ -3116,7 +3167,7 @@ class PHPMailer static::$LE ); } - // RFC1341 part 5 says 7bit is assumed if not specified + //RFC1341 part 5 says 7bit is assumed if not specified if (static::ENCODING_7BIT !== $encoding) { $mime[] = sprintf('Content-Transfer-Encoding: %s%s', $encoding, static::$LE); } @@ -3126,7 +3177,7 @@ class PHPMailer $mime[] = 'Content-ID: <' . $this->encodeHeader($this->secureHeader($cid)) . '>' . static::$LE; } - // Allow for bypassing the Content-Disposition header + //Allow for bypassing the Content-Disposition header if (!empty($disposition)) { $encoded_name = $this->encodeHeader($this->secureHeader($name)); if (!empty($encoded_name)) { @@ -3147,7 +3198,7 @@ class PHPMailer $mime[] = static::$LE; } - // Encode as string attachment + //Encode as string attachment if ($bString) { $mime[] = $this->encodeString($string, $encoding); } else { @@ -3223,7 +3274,7 @@ class PHPMailer case static::ENCODING_7BIT: case static::ENCODING_8BIT: $encoded = static::normalizeBreaks($str); - // Make sure it ends with a line break + //Make sure it ends with a line break if (substr($encoded, -(strlen(static::$LE))) !== static::$LE) { $encoded .= static::$LE; } @@ -3261,7 +3312,7 @@ class PHPMailer switch (strtolower($position)) { case 'phrase': if (!preg_match('/[\200-\377]/', $str)) { - // Can't use addslashes as we don't know the value of magic_quotes_sybase + //Can't use addslashes as we don't know the value of magic_quotes_sybase $encoded = addcslashes($str, "\0..\37\177\\\""); if (($str === $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { return $encoded; @@ -3287,7 +3338,7 @@ class PHPMailer $charset = static::CHARSET_ASCII; } - // Q/B encoding adds 8 chars and the charset ("` =??[QB]??=`"). + //Q/B encoding adds 8 chars and the charset ("` =??[QB]??=`"). $overhead = 8 + strlen($charset); if ('mail' === $this->Mailer) { @@ -3296,26 +3347,26 @@ class PHPMailer $maxlen = static::MAX_LINE_LENGTH - $overhead; } - // Select the encoding that produces the shortest output and/or prevents corruption. + //Select the encoding that produces the shortest output and/or prevents corruption. if ($matchcount > strlen($str) / 3) { - // More than 1/3 of the content needs encoding, use B-encode. + //More than 1/3 of the content needs encoding, use B-encode. $encoding = 'B'; } elseif ($matchcount > 0) { - // Less than 1/3 of the content needs encoding, use Q-encode. + //Less than 1/3 of the content needs encoding, use Q-encode. $encoding = 'Q'; } elseif (strlen($str) > $maxlen) { - // No encoding needed, but value exceeds max line length, use Q-encode to prevent corruption. + //No encoding needed, but value exceeds max line length, use Q-encode to prevent corruption. $encoding = 'Q'; } else { - // No reformatting needed + //No reformatting needed $encoding = false; } switch ($encoding) { case 'B': if ($this->hasMultiBytes($str)) { - // Use a custom function which correctly encodes and wraps long - // multibyte strings without breaking lines within a character + //Use a custom function which correctly encodes and wraps long + //multibyte strings without breaking lines within a character $encoded = $this->base64EncodeWrapMB($str, "\n"); } else { $encoded = base64_encode($str); @@ -3350,7 +3401,7 @@ class PHPMailer return strlen($str) > mb_strlen($str, $this->CharSet); } - // Assume no multibytes (we can't handle without mbstring functions anyway) + //Assume no multibytes (we can't handle without mbstring functions anyway) return false; } @@ -3388,11 +3439,11 @@ class PHPMailer } $mb_length = mb_strlen($str, $this->CharSet); - // Each line must have length <= 75, including $start and $end + //Each line must have length <= 75, including $start and $end $length = 75 - strlen($start) - strlen($end); - // Average multi-byte ratio + //Average multi-byte ratio $ratio = $mb_length / strlen($str); - // Base64 has a 4:3 ratio + //Base64 has a 4:3 ratio $avgLength = floor($length * $ratio * .75); $offset = 0; @@ -3407,7 +3458,7 @@ class PHPMailer $encoded .= $chunk . $linebreak; } - // Chomp the last linefeed + //Chomp the last linefeed return substr($encoded, 0, -strlen($linebreak)); } @@ -3436,12 +3487,12 @@ class PHPMailer */ public function encodeQ($str, $position = 'text') { - // There should not be any EOL in the string + //There should not be any EOL in the string $pattern = ''; $encoded = str_replace(["\r", "\n"], '', $str); switch (strtolower($position)) { case 'phrase': - // RFC 2047 section 5.3 + //RFC 2047 section 5.3 $pattern = '^A-Za-z0-9!*+\/ -'; break; /* @@ -3454,15 +3505,15 @@ class PHPMailer /* Intentional fall through */ case 'text': default: - // RFC 2047 section 5.1 - // Replace every high ascii, control, =, ? and _ characters + //RFC 2047 section 5.1 + //Replace every high ascii, control, =, ? and _ characters $pattern = '\000-\011\013\014\016-\037\075\077\137\177-\377' . $pattern; break; } $matches = []; if (preg_match_all("/[{$pattern}]/", $encoded, $matches)) { - // If the string contains an '=', make sure it's the first thing we replace - // so as to avoid double-encoding + //If the string contains an '=', make sure it's the first thing we replace + //so as to avoid double-encoding $eqkey = array_search('=', $matches[0], true); if (false !== $eqkey) { unset($matches[0][$eqkey]); @@ -3472,8 +3523,8 @@ class PHPMailer $encoded = str_replace($char, '=' . sprintf('%02X', ord($char)), $encoded); } } - // Replace spaces with _ (more readable than =20) - // RFC 2047 section 4.2(2) + //Replace spaces with _ (more readable than =20) + //RFC 2047 section 4.2(2) return str_replace(' ', '_', $encoded); } @@ -3500,7 +3551,7 @@ class PHPMailer $disposition = 'attachment' ) { try { - // If a MIME type is not specified, try to work it out from the file name + //If a MIME type is not specified, try to work it out from the file name if ('' === $type) { $type = static::filenameToType($filename); } @@ -3509,14 +3560,14 @@ class PHPMailer throw new Exception($this->lang('encoding') . $encoding); } - // Append to $attachment array + //Append to $attachment array $this->attachment[] = [ 0 => $string, 1 => $filename, 2 => static::mb_pathinfo($filename, PATHINFO_BASENAME), 3 => $encoding, 4 => $type, - 5 => true, // isStringAttachment + 5 => true, //isStringAttachment 6 => $disposition, 7 => 0, ]; @@ -3567,7 +3618,7 @@ class PHPMailer throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); } - // If a MIME type is not specified, try to work it out from the file name + //If a MIME type is not specified, try to work it out from the file name if ('' === $type) { $type = static::filenameToType($path); } @@ -3581,14 +3632,14 @@ class PHPMailer $name = $filename; } - // Append to $attachment array + //Append to $attachment array $this->attachment[] = [ 0 => $path, 1 => $filename, 2 => $name, 3 => $encoding, 4 => $type, - 5 => false, // isStringAttachment + 5 => false, //isStringAttachment 6 => $disposition, 7 => $cid, ]; @@ -3633,7 +3684,7 @@ class PHPMailer $disposition = 'inline' ) { try { - // If a MIME type is not specified, try to work it out from the name + //If a MIME type is not specified, try to work it out from the name if ('' === $type && !empty($name)) { $type = static::filenameToType($name); } @@ -3642,14 +3693,14 @@ class PHPMailer throw new Exception($this->lang('encoding') . $encoding); } - // Append to $attachment array + //Append to $attachment array $this->attachment[] = [ 0 => $string, 1 => $name, 2 => $name, 3 => $encoding, 4 => $type, - 5 => true, // isStringAttachment + 5 => true, //isStringAttachment 6 => $disposition, 7 => $cid, ]; @@ -3869,8 +3920,8 @@ class PHPMailer */ public static function rfcDate() { - // Set the time zone to whatever the default is to avoid 500 errors - // Will default to UTC if it's not set properly in php.ini + //Set the time zone to whatever the default is to avoid 500 errors + //Will default to UTC if it's not set properly in php.ini date_default_timezone_set(@date_default_timezone_get()); return date('D, j M Y H:i:s O'); @@ -3948,13 +3999,13 @@ class PHPMailer protected function lang($key) { if (count($this->language) < 1) { - $this->setLanguage(); // set the default language + $this->setLanguage(); //Set the default language } if (array_key_exists($key, $this->language)) { if ('smtp_connect_failed' === $key) { - //Include a link to troubleshooting docs on SMTP connection failure - //this is by far the biggest cause of support questions + //Include a link to troubleshooting docs on SMTP connection failure. + //This is by far the biggest cause of support questions //but it's usually not PHPMailer's fault. return $this->language[$key] . ' https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting'; } @@ -3989,7 +4040,7 @@ class PHPMailer public function addCustomHeader($name, $value = null) { if (null === $value && strpos($name, ':') !== false) { - // Value passed in as name:value + //Value passed in as name:value list($name, $value) = explode(':', $name, 2); } $name = trim($name); @@ -4043,11 +4094,11 @@ class PHPMailer preg_match_all('/(? 1 && '/' !== substr($basedir, -1)) { - // Ensure $basedir has a trailing / + //Ensure $basedir has a trailing / $basedir .= '/'; } foreach ($images[2] as $imgindex => $url) { - // Convert data URIs into embedded images + //Convert data URIs into embedded images //e.g. "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" $match = []; if (preg_match('#^data:(image/(?:jpe?g|gif|png));?(base64)?,(.+)#', $url, $match)) { @@ -4061,7 +4112,7 @@ class PHPMailer } //Hash the decoded data, not the URL, so that the same data-URI image used in multiple places //will only be embedded once, even if it used a different encoding - $cid = substr(hash('sha256', $data), 0, 32) . '@phpmailer.0'; // RFC2392 S 2 + $cid = substr(hash('sha256', $data), 0, 32) . '@phpmailer.0'; //RFC2392 S 2 if (!$this->cidExists($cid)) { $this->addStringEmbeddedImage( @@ -4080,13 +4131,13 @@ class PHPMailer continue; } if ( - // Only process relative URLs if a basedir is provided (i.e. no absolute local paths) + //Only process relative URLs if a basedir is provided (i.e. no absolute local paths) !empty($basedir) - // Ignore URLs containing parent dir traversal (..) + //Ignore URLs containing parent dir traversal (..) && (strpos($url, '..') === false) - // Do not change urls that are already inline images + //Do not change urls that are already inline images && 0 !== strpos($url, 'cid:') - // Do not change absolute URLs, including anonymous protocol + //Do not change absolute URLs, including anonymous protocol && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) ) { $filename = static::mb_pathinfo($url, PATHINFO_BASENAME); @@ -4094,7 +4145,7 @@ class PHPMailer if ('.' === $directory) { $directory = ''; } - // RFC2392 S 2 + //RFC2392 S 2 $cid = substr(hash('sha256', $url), 0, 32) . '@phpmailer.0'; if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) { $basedir .= '/'; @@ -4121,7 +4172,7 @@ class PHPMailer } } $this->isHTML(); - // Convert all message body line breaks to LE, makes quoted-printable encoding work much better + //Convert all message body line breaks to LE, makes quoted-printable encoding work much better $this->Body = static::normalizeBreaks($message); $this->AltBody = static::normalizeBreaks($this->html2text($message, $advanced)); if (!$this->alternativeExists()) { @@ -4140,9 +4191,9 @@ class PHPMailer * Example usage: * * ```php - * // Use default conversion + * //Use default conversion * $plain = $mail->html2text($html); - * // Use your own custom converter + * //Use your own custom converter * $plain = $mail->html2text($html, function($html) { * $converter = new MyHtml2text($html); * return $converter->get_text(); @@ -4309,7 +4360,7 @@ class PHPMailer */ public static function filenameToType($filename) { - // In case the path is a URL, strip any query string before getting extension + //In case the path is a URL, strip any query string before getting extension $qpos = strpos($filename, '?'); if (false !== $qpos) { $filename = substr($filename, 0, $qpos); @@ -4420,9 +4471,9 @@ class PHPMailer if (null === $breaktype) { $breaktype = static::$LE; } - // Normalise to \n + //Normalise to \n $text = str_replace([self::CRLF, "\r"], "\n", $text); - // Now convert LE as needed + //Now convert LE as needed if ("\n" !== $breaktype) { $text = str_replace("\n", $breaktype, $text); } @@ -4528,13 +4579,13 @@ class PHPMailer $privKey = openssl_pkey_get_private($privKeyStr); } if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { - if (PHP_MAJOR_VERSION < 8) { + if (\PHP_MAJOR_VERSION < 8) { openssl_pkey_free($privKey); } return base64_encode($signature); } - if (PHP_MAJOR_VERSION < 8) { + if (\PHP_MAJOR_VERSION < 8) { openssl_pkey_free($privKey); } @@ -4601,7 +4652,7 @@ class PHPMailer if (empty($body)) { return self::CRLF; } - // Normalize line endings to CRLF + //Normalize line endings to CRLF $body = static::normalizeBreaks($body, self::CRLF); //Reduce multiple trailing line breaks to a single one @@ -4621,9 +4672,9 @@ class PHPMailer */ public function DKIM_Add($headers_line, $subject, $body) { - $DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms - $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization methods of header & body - $DKIMquery = 'dns/txt'; // Query method + $DKIMsignatureType = 'rsa-sha256'; //Signature & hash algorithms + $DKIMcanonicalization = 'relaxed/simple'; //Canonicalization methods of header & body + $DKIMquery = 'dns/txt'; //Query method $DKIMtime = time(); //Always sign these headers without being asked //Recommended list from https://tools.ietf.org/html/rfc6376#section-5.4.1 @@ -4724,7 +4775,8 @@ class PHPMailer $headerKeys = ' h=' . implode(':', $headersToSignKeys) . ';' . static::$LE; $headerValues = implode(static::$LE, $headersToSign); $body = $this->DKIM_BodyC($body); - $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body + //Base64 of packed binary SHA-256 hash of body + $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); $ident = ''; if ('' !== $this->DKIM_identity) { $ident = ' i=' . $this->DKIM_identity . ';' . static::$LE; diff --git a/wp-includes/PHPMailer/SMTP.php b/wp-includes/PHPMailer/SMTP.php index ab7f46e4c8..68f3aeccc5 100644 --- a/wp-includes/PHPMailer/SMTP.php +++ b/wp-includes/PHPMailer/SMTP.php @@ -35,7 +35,7 @@ class SMTP * * @var string */ - const VERSION = '6.2.0'; + const VERSION = '6.3.0'; /** * SMTP line break constant. @@ -312,11 +312,11 @@ class SMTP */ public function connect($host, $port = null, $timeout = 30, $options = []) { - // Clear errors to avoid confusion + //Clear errors to avoid confusion $this->setError(''); - // Make sure we are __not__ connected + //Make sure we are __not__ connected if ($this->connected()) { - // Already connected, generate error + //Already connected, generate error $this->setError('Already connected to a server'); return false; @@ -324,7 +324,7 @@ class SMTP if (empty($port)) { $port = self::DEFAULT_PORT; } - // Connect to the SMTP server + //Connect to the SMTP server $this->edebug( "Connection: opening to $host:$port, timeout=$timeout, options=" . (count($options) > 0 ? var_export($options, true) : 'array()'), @@ -340,11 +340,23 @@ class SMTP $this->edebug('Connection: opened', self::DEBUG_CONNECTION); - // Get any announcement + //Get any announcement $this->last_reply = $this->get_lines(); $this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER); - - return true; + $responseCode = (int)substr($this->last_reply, 0, 3); + if ($responseCode === 220) { + return true; + } + //Anything other than a 220 response means something went wrong + //RFC 5321 says the server will wait for us to send a QUIT in response to a 554 error + //https://tools.ietf.org/html/rfc5321#section-3.1 + if ($responseCode === 554) { + $this->quit(); + } + //This will handle 421 responses which may not wait for a QUIT (e.g. if the server is being shut down) + $this->edebug('Connection: closing due to error', self::DEBUG_CONNECTION); + $this->close(); + return false; } /** @@ -397,7 +409,7 @@ class SMTP restore_error_handler(); } - // Verify we connected properly + //Verify we connected properly if (!is_resource($connection)) { $this->setError( 'Failed to connect to server', @@ -414,11 +426,11 @@ class SMTP return false; } - // SMTP server can take longer to respond, give longer timeout for first read - // Windows does not have support for this timeout function + //SMTP server can take longer to respond, give longer timeout for first read + //Windows does not have support for this timeout function if (strpos(PHP_OS, 'WIN') !== 0) { $max = (int)ini_get('max_execution_time'); - // Don't bother if unlimited, or if set_time_limit is disabled + //Don't bother if unlimited, or if set_time_limit is disabled if (0 !== $max && $timeout > $max && strpos(ini_get('disable_functions'), 'set_time_limit') === false) { @set_time_limit($timeout); } @@ -449,7 +461,7 @@ class SMTP $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; } - // Begin encrypted connection + //Begin encrypted connection set_error_handler([$this, 'errorHandler']); $crypto_ok = stream_socket_enable_crypto( $this->smtp_conn, @@ -487,11 +499,11 @@ class SMTP } if (array_key_exists('EHLO', $this->server_caps)) { - // SMTP extensions are available; try to find a proper authentication method + //SMTP extensions are available; try to find a proper authentication method if (!array_key_exists('AUTH', $this->server_caps)) { $this->setError('Authentication is not allowed at this stage'); - // 'at this stage' means that auth may be allowed after the stage changes - // e.g. after STARTTLS + //'at this stage' means that auth may be allowed after the stage changes + //e.g. after STARTTLS return false; } @@ -535,11 +547,11 @@ class SMTP } switch ($authtype) { case 'PLAIN': - // Start authentication + //Start authentication if (!$this->sendCommand('AUTH', 'AUTH PLAIN', 334)) { return false; } - // Send encoded username and password + //Send encoded username and password if ( !$this->sendCommand( 'User & Password', @@ -551,7 +563,7 @@ class SMTP } break; case 'LOGIN': - // Start authentication + //Start authentication if (!$this->sendCommand('AUTH', 'AUTH LOGIN', 334)) { return false; } @@ -563,17 +575,17 @@ class SMTP } break; case 'CRAM-MD5': - // Start authentication + //Start authentication if (!$this->sendCommand('AUTH CRAM-MD5', 'AUTH CRAM-MD5', 334)) { return false; } - // Get the challenge + //Get the challenge $challenge = base64_decode(substr($this->last_reply, 4)); - // Build the response + //Build the response $response = $username . ' ' . $this->hmac($challenge, $password); - // send encoded credentials + //send encoded credentials return $this->sendCommand('Username', base64_encode($response), 235); case 'XOAUTH2': //The OAuth instance must be set up prior to requesting auth. @@ -582,7 +594,7 @@ class SMTP } $oauth = $OAuth->getOauth64(); - // Start authentication + //Start authentication if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 ' . $oauth, 235)) { return false; } @@ -612,15 +624,15 @@ class SMTP return hash_hmac('md5', $data, $key); } - // The following borrowed from - // http://php.net/manual/en/function.mhash.php#27225 + //The following borrowed from + //http://php.net/manual/en/function.mhash.php#27225 - // RFC 2104 HMAC implementation for php. - // Creates an md5 HMAC. - // Eliminates the need to install mhash to compute a HMAC - // by Lance Rushing + //RFC 2104 HMAC implementation for php. + //Creates an md5 HMAC. + //Eliminates the need to install mhash to compute a HMAC + //by Lance Rushing - $bytelen = 64; // byte length for md5 + $bytelen = 64; //byte length for md5 if (strlen($key) > $bytelen) { $key = pack('H*', md5($key)); } @@ -643,7 +655,7 @@ class SMTP if (is_resource($this->smtp_conn)) { $sock_status = stream_get_meta_data($this->smtp_conn); if ($sock_status['eof']) { - // The socket is valid but we are not connected + //The socket is valid but we are not connected $this->edebug( 'SMTP NOTICE: EOF caught while checking if connected', self::DEBUG_CLIENT @@ -653,7 +665,7 @@ class SMTP return false; } - return true; // everything looks good + return true; //everything looks good } return false; @@ -671,7 +683,7 @@ class SMTP $this->server_caps = null; $this->helo_rply = null; if (is_resource($this->smtp_conn)) { - // close the connection and cleanup + //Close the connection and cleanup fclose($this->smtp_conn); $this->smtp_conn = null; //Makes for cleaner serialization $this->edebug('Connection: closed', self::DEBUG_CONNECTION); @@ -706,7 +718,7 @@ class SMTP * NOTE: this does not count towards line-length limit. */ - // Normalize line breaks before exploding + //Normalize line breaks before exploding $lines = explode("\n", str_replace(["\r\n", "\r"], "\n", $msg_data)); /* To distinguish between a complete RFC822 message and a plain message body, we check if the first field @@ -752,7 +764,8 @@ class SMTP //Send the lines to the server foreach ($lines_out as $line_out) { - //RFC2821 section 4.5.2 + //Dot-stuffing as per RFC5321 section 4.5.2 + //https://tools.ietf.org/html/rfc5321#section-4.5.2 if (!empty($line_out) && $line_out[0] === '.') { $line_out = '.' . $line_out; } @@ -786,7 +799,16 @@ class SMTP public function hello($host = '') { //Try extended hello first (RFC 2821) - return $this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host); + if ($this->sendHello('EHLO', $host)) { + return true; + } + + //Some servers shut down the SMTP service here (RFC 5321) + if (substr($this->helo_rply, 0, 3) == '421') { + return false; + } + + return $this->sendHello('HELO', $host); } /** @@ -976,12 +998,12 @@ class SMTP $this->client_send($commandstring . static::LE, $command); $this->last_reply = $this->get_lines(); - // Fetch SMTP code and possible error code explanation + //Fetch SMTP code and possible error code explanation $matches = []; if (preg_match('/^([\d]{3})[ -](?:([\d]\\.[\d]\\.[\d]{1,2}) )?/', $this->last_reply, $matches)) { $code = (int) $matches[1]; $code_ex = (count($matches) > 2 ? $matches[2] : null); - // Cut off error code from each response line + //Cut off error code from each response line $detail = preg_replace( "/{$code}[ -]" . ($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . '/m', @@ -989,7 +1011,7 @@ class SMTP $this->last_reply ); } else { - // Fall back to simple parsing if regex fails + //Fall back to simple parsing if regex fails $code = (int) substr($this->last_reply, 0, 3); $code_ex = null; $detail = substr($this->last_reply, 4); @@ -1184,7 +1206,7 @@ class SMTP */ protected function get_lines() { - // If the connection is bad, give up straight away + //If the connection is bad, give up straight away if (!is_resource($this->smtp_conn)) { return ''; } @@ -1237,13 +1259,13 @@ class SMTP $str = @fgets($this->smtp_conn, self::MAX_REPLY_LENGTH); $this->edebug('SMTP INBOUND: "' . trim($str) . '"', self::DEBUG_LOWLEVEL); $data .= $str; - // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled), - // or 4th character is a space or a line break char, we are done reading, break the loop. - // String array access is a significant micro-optimisation over strlen + //If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled), + //or 4th character is a space or a line break char, we are done reading, break the loop. + //String array access is a significant micro-optimisation over strlen if (!isset($str[3]) || $str[3] === ' ' || $str[3] === "\r" || $str[3] === "\n") { break; } - // Timed-out? Log and break + //Timed-out? Log and break $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { $this->edebug( @@ -1252,7 +1274,7 @@ class SMTP ); break; } - // Now check if reads took too long + //Now check if reads took too long if ($endtime && time() > $endtime) { $this->edebug( 'SMTP -> get_lines(): timelimit reached (' . diff --git a/wp-includes/version.php b/wp-includes/version.php index 1b847b7854..53bc05faaf 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.7-beta3-50396'; +$wp_version = '5.7-beta3-50397'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.