External libraries: Improve attachment handling in PHPMailer
Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown. Partially merges [50799] to the 5.3 branch. Built from https://develop.svn.wordpress.org/branches/5.3@50851 git-svn-id: http://core.svn.wordpress.org/branches/5.3@50460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
abd76c1779
commit
13bd3963a0
|
@ -1475,7 +1475,28 @@ class PHPMailer
|
|||
*/
|
||||
protected static function isPermittedPath($path)
|
||||
{
|
||||
return !preg_match('#^[a-z]+://#i', $path);
|
||||
//Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1
|
||||
return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether a file path is safe, accessible, and readable.
|
||||
*
|
||||
* @param string $path A relative or absolute path to a file
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected static function fileIsAccessible($path)
|
||||
{
|
||||
if (!static::isPermittedPath($path)) {
|
||||
return false;
|
||||
}
|
||||
$readable = file_exists($path);
|
||||
//If not a UNC path (expected to start with \\), check read permission, see #2069
|
||||
if (strpos($path, '\\\\') !== 0) {
|
||||
$readable = $readable && is_readable($path);
|
||||
}
|
||||
return $readable;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1807,7 +1828,7 @@ class PHPMailer
|
|||
// There is no English translation file
|
||||
if ($langcode != 'en') {
|
||||
// Make sure language file path is readable
|
||||
if (!self::isPermittedPath($lang_file) or !is_readable($lang_file)) {
|
||||
if (!static::fileIsAccessible($lang_file)) {
|
||||
$foundlang = false;
|
||||
} else {
|
||||
// Overwrite language-specific strings.
|
||||
|
@ -2528,7 +2549,7 @@ class PHPMailer
|
|||
public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment')
|
||||
{
|
||||
try {
|
||||
if (!self::isPermittedPath($path) or !@is_file($path)) {
|
||||
if (!static::fileIsAccessible($path)) {
|
||||
throw new phpmailerException($this->lang('file_access') . $path, self::STOP_CONTINUE);
|
||||
}
|
||||
|
||||
|
@ -2709,7 +2730,7 @@ class PHPMailer
|
|||
protected function encodeFile($path, $encoding = 'base64')
|
||||
{
|
||||
try {
|
||||
if (!self::isPermittedPath($path) or !file_exists($path)) {
|
||||
if (!static::fileIsAccessible($path)) {
|
||||
throw new phpmailerException($this->lang('file_open') . $path, self::STOP_CONTINUE);
|
||||
}
|
||||
$magic_quotes = ( PHP_VERSION_ID < 70400 && get_magic_quotes_runtime() ); // WP: Patched for PHP 7.4.
|
||||
|
@ -3053,7 +3074,7 @@ class PHPMailer
|
|||
*/
|
||||
public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline')
|
||||
{
|
||||
if (!self::isPermittedPath($path) or !@is_file($path)) {
|
||||
if (!static::fileIsAccessible($path)) {
|
||||
$this->setError($this->lang('file_access') . $path);
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue