External Libraries: Upgrade PHPMailer to version 6.3.0.

This is a maintenance release. Changes include:

* Handle early connection errors such as 421 during connection and EHLO states.
* Make the `mail()` and sendmail transports set the envelope sender the same way as SMTP does, i.e. use whatever `From` is set to, only falling back to the `sendmail_from` php.ini setting if `From` is unset. This avoids errors from the `mail()` function if `Sender` is not set explicitly and php.ini is not configured. This is a minor functionality change, so bumps the minor version number.
* Extend `parseAddresses` to decode encoded names.

Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.3.0

For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.2.0...v6.3.0

Props ayeshrajans.
Fixes #52577.
Built from https://develop.svn.wordpress.org/trunk@50397


git-svn-id: http://core.svn.wordpress.org/trunk@50008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-02-21 09:34:05 +00:00
parent eac91ec9c5
commit 0d8da2d665
3 changed files with 287 additions and 213 deletions

File diff suppressed because it is too large Load Diff

View File

@ -35,7 +35,7 @@ class SMTP
* *
* @var string * @var string
*/ */
const VERSION = '6.2.0'; const VERSION = '6.3.0';
/** /**
* SMTP line break constant. * SMTP line break constant.
@ -312,11 +312,11 @@ class SMTP
*/ */
public function connect($host, $port = null, $timeout = 30, $options = []) public function connect($host, $port = null, $timeout = 30, $options = [])
{ {
// Clear errors to avoid confusion //Clear errors to avoid confusion
$this->setError(''); $this->setError('');
// Make sure we are __not__ connected //Make sure we are __not__ connected
if ($this->connected()) { if ($this->connected()) {
// Already connected, generate error //Already connected, generate error
$this->setError('Already connected to a server'); $this->setError('Already connected to a server');
return false; return false;
@ -324,7 +324,7 @@ class SMTP
if (empty($port)) { if (empty($port)) {
$port = self::DEFAULT_PORT; $port = self::DEFAULT_PORT;
} }
// Connect to the SMTP server //Connect to the SMTP server
$this->edebug( $this->edebug(
"Connection: opening to $host:$port, timeout=$timeout, options=" . "Connection: opening to $host:$port, timeout=$timeout, options=" .
(count($options) > 0 ? var_export($options, true) : 'array()'), (count($options) > 0 ? var_export($options, true) : 'array()'),
@ -340,11 +340,23 @@ class SMTP
$this->edebug('Connection: opened', self::DEBUG_CONNECTION); $this->edebug('Connection: opened', self::DEBUG_CONNECTION);
// Get any announcement //Get any announcement
$this->last_reply = $this->get_lines(); $this->last_reply = $this->get_lines();
$this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER); $this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER);
$responseCode = (int)substr($this->last_reply, 0, 3);
return true; if ($responseCode === 220) {
return true;
}
//Anything other than a 220 response means something went wrong
//RFC 5321 says the server will wait for us to send a QUIT in response to a 554 error
//https://tools.ietf.org/html/rfc5321#section-3.1
if ($responseCode === 554) {
$this->quit();
}
//This will handle 421 responses which may not wait for a QUIT (e.g. if the server is being shut down)
$this->edebug('Connection: closing due to error', self::DEBUG_CONNECTION);
$this->close();
return false;
} }
/** /**
@ -397,7 +409,7 @@ class SMTP
restore_error_handler(); restore_error_handler();
} }
// Verify we connected properly //Verify we connected properly
if (!is_resource($connection)) { if (!is_resource($connection)) {
$this->setError( $this->setError(
'Failed to connect to server', 'Failed to connect to server',
@ -414,11 +426,11 @@ class SMTP
return false; return false;
} }
// SMTP server can take longer to respond, give longer timeout for first read //SMTP server can take longer to respond, give longer timeout for first read
// Windows does not have support for this timeout function //Windows does not have support for this timeout function
if (strpos(PHP_OS, 'WIN') !== 0) { if (strpos(PHP_OS, 'WIN') !== 0) {
$max = (int)ini_get('max_execution_time'); $max = (int)ini_get('max_execution_time');
// Don't bother if unlimited, or if set_time_limit is disabled //Don't bother if unlimited, or if set_time_limit is disabled
if (0 !== $max && $timeout > $max && strpos(ini_get('disable_functions'), 'set_time_limit') === false) { if (0 !== $max && $timeout > $max && strpos(ini_get('disable_functions'), 'set_time_limit') === false) {
@set_time_limit($timeout); @set_time_limit($timeout);
} }
@ -449,7 +461,7 @@ class SMTP
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
} }
// Begin encrypted connection //Begin encrypted connection
set_error_handler([$this, 'errorHandler']); set_error_handler([$this, 'errorHandler']);
$crypto_ok = stream_socket_enable_crypto( $crypto_ok = stream_socket_enable_crypto(
$this->smtp_conn, $this->smtp_conn,
@ -487,11 +499,11 @@ class SMTP
} }
if (array_key_exists('EHLO', $this->server_caps)) { if (array_key_exists('EHLO', $this->server_caps)) {
// SMTP extensions are available; try to find a proper authentication method //SMTP extensions are available; try to find a proper authentication method
if (!array_key_exists('AUTH', $this->server_caps)) { if (!array_key_exists('AUTH', $this->server_caps)) {
$this->setError('Authentication is not allowed at this stage'); $this->setError('Authentication is not allowed at this stage');
// 'at this stage' means that auth may be allowed after the stage changes //'at this stage' means that auth may be allowed after the stage changes
// e.g. after STARTTLS //e.g. after STARTTLS
return false; return false;
} }
@ -535,11 +547,11 @@ class SMTP
} }
switch ($authtype) { switch ($authtype) {
case 'PLAIN': case 'PLAIN':
// Start authentication //Start authentication
if (!$this->sendCommand('AUTH', 'AUTH PLAIN', 334)) { if (!$this->sendCommand('AUTH', 'AUTH PLAIN', 334)) {
return false; return false;
} }
// Send encoded username and password //Send encoded username and password
if ( if (
!$this->sendCommand( !$this->sendCommand(
'User & Password', 'User & Password',
@ -551,7 +563,7 @@ class SMTP
} }
break; break;
case 'LOGIN': case 'LOGIN':
// Start authentication //Start authentication
if (!$this->sendCommand('AUTH', 'AUTH LOGIN', 334)) { if (!$this->sendCommand('AUTH', 'AUTH LOGIN', 334)) {
return false; return false;
} }
@ -563,17 +575,17 @@ class SMTP
} }
break; break;
case 'CRAM-MD5': case 'CRAM-MD5':
// Start authentication //Start authentication
if (!$this->sendCommand('AUTH CRAM-MD5', 'AUTH CRAM-MD5', 334)) { if (!$this->sendCommand('AUTH CRAM-MD5', 'AUTH CRAM-MD5', 334)) {
return false; return false;
} }
// Get the challenge //Get the challenge
$challenge = base64_decode(substr($this->last_reply, 4)); $challenge = base64_decode(substr($this->last_reply, 4));
// Build the response //Build the response
$response = $username . ' ' . $this->hmac($challenge, $password); $response = $username . ' ' . $this->hmac($challenge, $password);
// send encoded credentials //send encoded credentials
return $this->sendCommand('Username', base64_encode($response), 235); return $this->sendCommand('Username', base64_encode($response), 235);
case 'XOAUTH2': case 'XOAUTH2':
//The OAuth instance must be set up prior to requesting auth. //The OAuth instance must be set up prior to requesting auth.
@ -582,7 +594,7 @@ class SMTP
} }
$oauth = $OAuth->getOauth64(); $oauth = $OAuth->getOauth64();
// Start authentication //Start authentication
if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 ' . $oauth, 235)) { if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 ' . $oauth, 235)) {
return false; return false;
} }
@ -612,15 +624,15 @@ class SMTP
return hash_hmac('md5', $data, $key); return hash_hmac('md5', $data, $key);
} }
// The following borrowed from //The following borrowed from
// http://php.net/manual/en/function.mhash.php#27225 //http://php.net/manual/en/function.mhash.php#27225
// RFC 2104 HMAC implementation for php. //RFC 2104 HMAC implementation for php.
// Creates an md5 HMAC. //Creates an md5 HMAC.
// Eliminates the need to install mhash to compute a HMAC //Eliminates the need to install mhash to compute a HMAC
// by Lance Rushing //by Lance Rushing
$bytelen = 64; // byte length for md5 $bytelen = 64; //byte length for md5
if (strlen($key) > $bytelen) { if (strlen($key) > $bytelen) {
$key = pack('H*', md5($key)); $key = pack('H*', md5($key));
} }
@ -643,7 +655,7 @@ class SMTP
if (is_resource($this->smtp_conn)) { if (is_resource($this->smtp_conn)) {
$sock_status = stream_get_meta_data($this->smtp_conn); $sock_status = stream_get_meta_data($this->smtp_conn);
if ($sock_status['eof']) { if ($sock_status['eof']) {
// The socket is valid but we are not connected //The socket is valid but we are not connected
$this->edebug( $this->edebug(
'SMTP NOTICE: EOF caught while checking if connected', 'SMTP NOTICE: EOF caught while checking if connected',
self::DEBUG_CLIENT self::DEBUG_CLIENT
@ -653,7 +665,7 @@ class SMTP
return false; return false;
} }
return true; // everything looks good return true; //everything looks good
} }
return false; return false;
@ -671,7 +683,7 @@ class SMTP
$this->server_caps = null; $this->server_caps = null;
$this->helo_rply = null; $this->helo_rply = null;
if (is_resource($this->smtp_conn)) { if (is_resource($this->smtp_conn)) {
// close the connection and cleanup //Close the connection and cleanup
fclose($this->smtp_conn); fclose($this->smtp_conn);
$this->smtp_conn = null; //Makes for cleaner serialization $this->smtp_conn = null; //Makes for cleaner serialization
$this->edebug('Connection: closed', self::DEBUG_CONNECTION); $this->edebug('Connection: closed', self::DEBUG_CONNECTION);
@ -706,7 +718,7 @@ class SMTP
* NOTE: this does not count towards line-length limit. * NOTE: this does not count towards line-length limit.
*/ */
// Normalize line breaks before exploding //Normalize line breaks before exploding
$lines = explode("\n", str_replace(["\r\n", "\r"], "\n", $msg_data)); $lines = explode("\n", str_replace(["\r\n", "\r"], "\n", $msg_data));
/* To distinguish between a complete RFC822 message and a plain message body, we check if the first field /* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
@ -752,7 +764,8 @@ class SMTP
//Send the lines to the server //Send the lines to the server
foreach ($lines_out as $line_out) { foreach ($lines_out as $line_out) {
//RFC2821 section 4.5.2 //Dot-stuffing as per RFC5321 section 4.5.2
//https://tools.ietf.org/html/rfc5321#section-4.5.2
if (!empty($line_out) && $line_out[0] === '.') { if (!empty($line_out) && $line_out[0] === '.') {
$line_out = '.' . $line_out; $line_out = '.' . $line_out;
} }
@ -786,7 +799,16 @@ class SMTP
public function hello($host = '') public function hello($host = '')
{ {
//Try extended hello first (RFC 2821) //Try extended hello first (RFC 2821)
return $this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host); if ($this->sendHello('EHLO', $host)) {
return true;
}
//Some servers shut down the SMTP service here (RFC 5321)
if (substr($this->helo_rply, 0, 3) == '421') {
return false;
}
return $this->sendHello('HELO', $host);
} }
/** /**
@ -976,12 +998,12 @@ class SMTP
$this->client_send($commandstring . static::LE, $command); $this->client_send($commandstring . static::LE, $command);
$this->last_reply = $this->get_lines(); $this->last_reply = $this->get_lines();
// Fetch SMTP code and possible error code explanation //Fetch SMTP code and possible error code explanation
$matches = []; $matches = [];
if (preg_match('/^([\d]{3})[ -](?:([\d]\\.[\d]\\.[\d]{1,2}) )?/', $this->last_reply, $matches)) { if (preg_match('/^([\d]{3})[ -](?:([\d]\\.[\d]\\.[\d]{1,2}) )?/', $this->last_reply, $matches)) {
$code = (int) $matches[1]; $code = (int) $matches[1];
$code_ex = (count($matches) > 2 ? $matches[2] : null); $code_ex = (count($matches) > 2 ? $matches[2] : null);
// Cut off error code from each response line //Cut off error code from each response line
$detail = preg_replace( $detail = preg_replace(
"/{$code}[ -]" . "/{$code}[ -]" .
($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . '/m', ($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . '/m',
@ -989,7 +1011,7 @@ class SMTP
$this->last_reply $this->last_reply
); );
} else { } else {
// Fall back to simple parsing if regex fails //Fall back to simple parsing if regex fails
$code = (int) substr($this->last_reply, 0, 3); $code = (int) substr($this->last_reply, 0, 3);
$code_ex = null; $code_ex = null;
$detail = substr($this->last_reply, 4); $detail = substr($this->last_reply, 4);
@ -1184,7 +1206,7 @@ class SMTP
*/ */
protected function get_lines() protected function get_lines()
{ {
// If the connection is bad, give up straight away //If the connection is bad, give up straight away
if (!is_resource($this->smtp_conn)) { if (!is_resource($this->smtp_conn)) {
return ''; return '';
} }
@ -1237,13 +1259,13 @@ class SMTP
$str = @fgets($this->smtp_conn, self::MAX_REPLY_LENGTH); $str = @fgets($this->smtp_conn, self::MAX_REPLY_LENGTH);
$this->edebug('SMTP INBOUND: "' . trim($str) . '"', self::DEBUG_LOWLEVEL); $this->edebug('SMTP INBOUND: "' . trim($str) . '"', self::DEBUG_LOWLEVEL);
$data .= $str; $data .= $str;
// If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled), //If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
// or 4th character is a space or a line break char, we are done reading, break the loop. //or 4th character is a space or a line break char, we are done reading, break the loop.
// String array access is a significant micro-optimisation over strlen //String array access is a significant micro-optimisation over strlen
if (!isset($str[3]) || $str[3] === ' ' || $str[3] === "\r" || $str[3] === "\n") { if (!isset($str[3]) || $str[3] === ' ' || $str[3] === "\r" || $str[3] === "\n") {
break; break;
} }
// Timed-out? Log and break //Timed-out? Log and break
$info = stream_get_meta_data($this->smtp_conn); $info = stream_get_meta_data($this->smtp_conn);
if ($info['timed_out']) { if ($info['timed_out']) {
$this->edebug( $this->edebug(
@ -1252,7 +1274,7 @@ class SMTP
); );
break; break;
} }
// Now check if reads took too long //Now check if reads took too long
if ($endtime && time() > $endtime) { if ($endtime && time() > $endtime) {
$this->edebug( $this->edebug(
'SMTP -> get_lines(): timelimit reached (' . 'SMTP -> get_lines(): timelimit reached (' .

View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.7-beta3-50396'; $wp_version = '5.7-beta3-50397';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.