External Libraries: Upgrade PHPMailer from 6.3.0 to 6.4.0.
6.4.0 reverts a change that made the `mail()` and sendmail transports set the envelope sender if one isn't explicitly provided, as it was causing problems in specific PHP/server configurations. Release post: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.0 Changelog: https://github.com/PHPMailer/PHPMailer/compare/v6.3.0...v6.4.0 Props Synchro, tigertech, ayeshrajans, galbaras, audrasjb, SergeyBiryukov, desrosj, ocean90. Merges [50628] to the 5.7 branch. Fixes #52822. Built from https://develop.svn.wordpress.org/branches/5.7@50630 git-svn-id: http://core.svn.wordpress.org/branches/5.7@50242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
35592e1ffa
commit
4fa46b8d14
|
@ -748,7 +748,7 @@ class PHPMailer
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.3.0';
|
||||
const VERSION = '6.4.0';
|
||||
|
||||
/**
|
||||
* Error severity: message only, continue processing.
|
||||
|
@ -1199,7 +1199,11 @@ class PHPMailer
|
|||
)
|
||||
) {
|
||||
//Decode the name part if it's present and encoded
|
||||
if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) {
|
||||
if (
|
||||
property_exists($address, 'personal') &&
|
||||
extension_loaded('mbstring') &&
|
||||
preg_match('/^=\?.*\?=$/', $address->personal)
|
||||
) {
|
||||
$address->personal = mb_decode_mimeheader($address->personal);
|
||||
}
|
||||
|
||||
|
@ -1682,16 +1686,11 @@ class PHPMailer
|
|||
//Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html
|
||||
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
|
||||
//Example problem: https://www.drupal.org/node/1057954
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
if ('' === $this->Sender) {
|
||||
$this->Sender = $this->From;
|
||||
}
|
||||
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
|
||||
//PHP config has a sender address we can use
|
||||
$this->Sender = ini_get('sendmail_from');
|
||||
}
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
//But sendmail requires this param, so fail without it
|
||||
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
|
||||
if ($this->Mailer === 'qmail') {
|
||||
$sendmailFmt = '%s -f%s';
|
||||
|
@ -1699,8 +1698,12 @@ class PHPMailer
|
|||
$sendmailFmt = '%s -oi -f%s -t';
|
||||
}
|
||||
} else {
|
||||
$this->edebug('Sender address unusable or missing: ' . $this->Sender);
|
||||
return false;
|
||||
//allow sendmail to choose a default envelope sender. It may
|
||||
//seem preferable to force it to use the From header as with
|
||||
//SMTP, but that introduces new problems (see
|
||||
//<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
|
||||
//it has historically worked this way.
|
||||
$sendmailFmt = '%s -oi -t';
|
||||
}
|
||||
|
||||
$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
|
||||
|
@ -1860,9 +1863,6 @@ class PHPMailer
|
|||
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
|
||||
//Example problem: https://www.drupal.org/node/1057954
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
if ('' === $this->Sender) {
|
||||
$this->Sender = $this->From;
|
||||
}
|
||||
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
|
||||
//PHP config has a sender address we can use
|
||||
$this->Sender = ini_get('sendmail_from');
|
||||
|
|
|
@ -35,7 +35,7 @@ class SMTP
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.3.0';
|
||||
const VERSION = '6.4.0';
|
||||
|
||||
/**
|
||||
* SMTP line break constant.
|
||||
|
@ -553,6 +553,8 @@ class SMTP
|
|||
}
|
||||
//Send encoded username and password
|
||||
if (
|
||||
//Format from https://tools.ietf.org/html/rfc4616#section-2
|
||||
//We skip the first field (it's forgery), so the string starts with a null byte
|
||||
!$this->sendCommand(
|
||||
'User & Password',
|
||||
base64_encode("\0" . $username . "\0" . $password),
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.7.1-alpha-50609';
|
||||
$wp_version = '5.7.1-alpha-50630';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue