From 0fb7e2c6470b73fe617abc87ca43f14cb9a9987f Mon Sep 17 00:00:00 2001 From: nupplaPhil Date: Wed, 29 Jan 2020 20:20:39 +0100 Subject: [PATCH 1/2] Fix invalid "emailer_prepare" Hook - Use IEmail instead of array data - Introduce "composer" based library for phpmailer --- phpmailer/composer.json | 22 + phpmailer/phpmailer.php | 69 +- phpmailer/phpmailer/VERSION | 1 - phpmailer/vendor/autoload.php | 7 + phpmailer/vendor/composer/ClassLoader.php | 445 ++++++ phpmailer/vendor/composer/LICENSE | 21 + .../vendor/composer/autoload_classmap.php | 14 + .../vendor/composer/autoload_namespaces.php | 9 + phpmailer/vendor/composer/autoload_psr4.php | 10 + phpmailer/vendor/composer/autoload_real.php | 52 + phpmailer/vendor/composer/autoload_static.php | 40 + phpmailer/vendor/composer/installed.json | 66 + .../vendor/phpmailer/phpmailer/COMMITMENT | 46 + .../{ => vendor/phpmailer}/phpmailer/LICENSE | 0 .../phpmailer}/phpmailer/README.md | 59 +- .../phpmailer}/phpmailer/SECURITY.md | 4 +- phpmailer/vendor/phpmailer/phpmailer/VERSION | 1 + .../vendor/phpmailer/phpmailer/composer.json | 51 + .../phpmailer}/phpmailer/get_oauth_token.php | 0 .../phpmailer/language/phpmailer.lang-af.php | 25 + .../phpmailer/language/phpmailer.lang-am.php | 0 .../phpmailer/language/phpmailer.lang-ar.php | 2 +- .../phpmailer/language/phpmailer.lang-az.php | 0 .../phpmailer/language/phpmailer.lang-ba.php | 0 .../phpmailer/language/phpmailer.lang-be.php | 0 .../phpmailer/language/phpmailer.lang-bg.php | 0 .../phpmailer/language/phpmailer.lang-ca.php | 0 .../phpmailer/language/phpmailer.lang-ch.php | 0 .../phpmailer/language/phpmailer.lang-cs.php | 0 .../phpmailer/language/phpmailer.lang-da.php | 0 .../phpmailer/language/phpmailer.lang-de.php | 0 .../phpmailer/language/phpmailer.lang-el.php | 0 .../phpmailer/language/phpmailer.lang-eo.php | 0 .../phpmailer/language/phpmailer.lang-es.php | 0 .../phpmailer/language/phpmailer.lang-et.php | 0 .../phpmailer/language/phpmailer.lang-fa.php | 2 +- .../phpmailer/language/phpmailer.lang-fi.php | 0 .../phpmailer/language/phpmailer.lang-fo.php | 0 .../phpmailer/language/phpmailer.lang-fr.php | 0 .../phpmailer/language/phpmailer.lang-gl.php | 0 .../phpmailer/language/phpmailer.lang-he.php | 0 .../phpmailer/language/phpmailer.lang-hi.php | 0 .../phpmailer/language/phpmailer.lang-hr.php | 0 .../phpmailer/language/phpmailer.lang-hu.php | 2 +- .../phpmailer/language/phpmailer.lang-id.php | 8 +- .../phpmailer/language/phpmailer.lang-it.php | 2 +- .../phpmailer/language/phpmailer.lang-ja.php | 0 .../phpmailer/language/phpmailer.lang-ka.php | 0 .../phpmailer/language/phpmailer.lang-ko.php | 0 .../phpmailer/language/phpmailer.lang-lt.php | 0 .../phpmailer/language/phpmailer.lang-lv.php | 0 .../phpmailer/language/phpmailer.lang-mg.php | 25 + .../phpmailer/language/phpmailer.lang-ms.php | 2 +- .../phpmailer/language/phpmailer.lang-nb.php | 2 +- .../phpmailer/language/phpmailer.lang-nl.php | 2 + .../phpmailer/language/phpmailer.lang-pl.php | 0 .../phpmailer/language/phpmailer.lang-pt.php | 0 .../language/phpmailer.lang-pt_br.php | 2 +- .../phpmailer/language/phpmailer.lang-ro.php | 0 .../phpmailer/language/phpmailer.lang-ru.php | 16 +- .../phpmailer/language/phpmailer.lang-sk.php | 3 +- .../phpmailer/language/phpmailer.lang-sl.php | 5 +- .../phpmailer/language/phpmailer.lang-sr.php} | 13 +- .../phpmailer/language/phpmailer.lang-sv.php | 0 .../phpmailer/language/phpmailer.lang-tl.php | 27 + .../phpmailer/language/phpmailer.lang-tr.php | 0 .../phpmailer/language/phpmailer.lang-uk.php | 22 +- .../phpmailer/language/phpmailer.lang-vi.php | 0 .../phpmailer/language/phpmailer.lang-zh.php | 0 .../language/phpmailer.lang-zh_cn.php | 0 .../phpmailer}/phpmailer/src/Exception.php | 2 +- .../phpmailer}/phpmailer/src/OAuth.php | 2 +- .../phpmailer}/phpmailer/src/PHPMailer.php | 1276 +++++++++++------ .../phpmailer}/phpmailer/src/POP3.php | 18 +- .../phpmailer}/phpmailer/src/SMTP.php | 136 +- securemail/securemail.php | 35 +- 76 files changed, 1906 insertions(+), 640 deletions(-) create mode 100644 phpmailer/composer.json delete mode 100644 phpmailer/phpmailer/VERSION create mode 100644 phpmailer/vendor/autoload.php create mode 100644 phpmailer/vendor/composer/ClassLoader.php create mode 100644 phpmailer/vendor/composer/LICENSE create mode 100644 phpmailer/vendor/composer/autoload_classmap.php create mode 100644 phpmailer/vendor/composer/autoload_namespaces.php create mode 100644 phpmailer/vendor/composer/autoload_psr4.php create mode 100644 phpmailer/vendor/composer/autoload_real.php create mode 100644 phpmailer/vendor/composer/autoload_static.php create mode 100644 phpmailer/vendor/composer/installed.json create mode 100644 phpmailer/vendor/phpmailer/phpmailer/COMMITMENT rename phpmailer/{ => vendor/phpmailer}/phpmailer/LICENSE (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/README.md (73%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/SECURITY.md (80%) create mode 100644 phpmailer/vendor/phpmailer/phpmailer/VERSION create mode 100644 phpmailer/vendor/phpmailer/phpmailer/composer.json rename phpmailer/{ => vendor/phpmailer}/phpmailer/get_oauth_token.php (100%) create mode 100644 phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-af.php rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-am.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ar.php (96%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-az.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ba.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-be.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-bg.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ca.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ch.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-cs.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-da.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-de.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-el.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-eo.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-es.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-et.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-fa.php (96%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-fi.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-fo.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-fr.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-gl.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-he.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-hi.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-hr.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-hu.php (95%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-id.php (87%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-it.php (96%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ja.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ka.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ko.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-lt.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-lv.php (100%) create mode 100644 phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-mg.php rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ms.php (96%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-nb.php (95%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-nl.php (92%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-pl.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-pt.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-pt_br.php (96%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ro.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-ru.php (68%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-sk.php (93%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-sl.php (87%) rename phpmailer/{phpmailer/language/phpmailer.lang-rs.php => vendor/phpmailer/phpmailer/language/phpmailer.lang-sr.php} (79%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-sv.php (100%) create mode 100644 phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tl.php rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-tr.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-uk.php (67%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-vi.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-zh.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/language/phpmailer.lang-zh_cn.php (100%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/src/Exception.php (95%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/src/OAuth.php (98%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/src/PHPMailer.php (78%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/src/POP3.php (95%) rename phpmailer/{ => vendor/phpmailer}/phpmailer/src/SMTP.php (91%) diff --git a/phpmailer/composer.json b/phpmailer/composer.json new file mode 100644 index 000000000..df8406d07 --- /dev/null +++ b/phpmailer/composer.json @@ -0,0 +1,22 @@ +{ + "name": "friendica-addons/phpmailer", + "description": "Replaces the default `mail()` function by the `PHPMailer` library", + "type": "friendica-addon", + "authors": [ + { + "name": "Marcus Mueller", + "role": "Developer" + } + ], + "require": { + "php": ">=7.0", + "phpmailer/phpmailer": "^6.1" + }, + "license": "3-clause BSD license", + "minimum-stability": "stable", + "config": { + "optimize-autoloader": true, + "autoloader-suffix": "PhpMailerAddon", + "preferred-install": "dist" + } +} diff --git a/phpmailer/phpmailer.php b/phpmailer/phpmailer.php index 5fab99d29..e9a3c66ea 100644 --- a/phpmailer/phpmailer.php +++ b/phpmailer/phpmailer.php @@ -10,10 +10,13 @@ use Friendica\App; use Friendica\Core\Hook; use Friendica\DI; +use Friendica\Object\EMail\IEmail; use Friendica\Util\ConfigFileLoader; use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\Exception; +require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php'; + function phpmailer_install() { Hook::register('load_config' , __FILE__, 'phpmailer_load_config'); @@ -27,78 +30,76 @@ function phpmailer_load_config(App $a, ConfigFileLoader $loader) /** * @param App $a - * @param array $b + * @param IEmail $email */ -function phpmailer_emailer_send_prepare(App $a, array &$b) +function phpmailer_emailer_send_prepare(App $a, IEmail &$email) { - require_once __DIR__ . '/phpmailer/src/PHPMailer.php'; - require_once __DIR__ . '/phpmailer/src/SMTP.php'; - require_once __DIR__ . '/phpmailer/src/Exception.php'; - // Passing `true` enables exceptions - $mail = new PHPMailer(true); + $mailer = new PHPMailer(true); try { if (DI::config()->get('phpmailer', 'smtp')) { // Set mailer to use SMTP - $mail->isSMTP(); + $mailer->isSMTP(); // Setup encoding. - $mail->CharSet = 'UTF-8'; - $mail->Encoding = 'base64'; + $mailer->CharSet = 'UTF-8'; + $mailer->Encoding = 'base64'; // Specify main and backup SMTP servers - $mail->Host = DI::config()->get('phpmailer', 'smtp_server'); - $mail->Port = DI::config()->get('phpmailer', 'smtp_port'); + $mailer->Host = DI::config()->get('phpmailer', 'smtp_server'); + $mailer->Port = DI::config()->get('phpmailer', 'smtp_port'); if (DI::config()->get('system', 'smtp_secure') && DI::config()->get('phpmailer', 'smtp_port_s')) { - $mail->SMTPSecure = DI::config()->get('phpmailer', 'smtp_secure'); - $mail->Port = DI::config()->get('phpmailer', 'smtp_port_s'); + $mailer->SMTPSecure = DI::config()->get('phpmailer', 'smtp_secure'); + $mailer->Port = DI::config()->get('phpmailer', 'smtp_port_s'); } if (DI::config()->get('phpmailer', 'smtp_username') && DI::config()->get('phpmailer', 'smtp_password')) { - $mail->SMTPAuth = true; - $mail->Username = DI::config()->get('phpmailer', 'smtp_username'); - $mail->Password = DI::config()->get('phpmailer', 'smtp_password'); + $mailer->SMTPAuth = true; + $mailer->Username = DI::config()->get('phpmailer', 'smtp_username'); + $mailer->Password = DI::config()->get('phpmailer', 'smtp_password'); } if (DI::config()->get('phpmailer', 'smtp_from')) { - $mail->setFrom(DI::config()->get('phpmailer', 'smtp_from'), $b['fromName']); + $mailer->setFrom(DI::config()->get('phpmailer', 'smtp_from'), $email->getFromName()); } } else { - $mail->setFrom($b['fromEmail'], $b['fromName']); + $mailer->setFrom($email->getFromAddress(), $email->getFromName()); } // subject - $mail->Subject = $b['messageSubject']; + $mailer->Subject = $email->getSubject(); - if (!empty($b['toEmail'])) { - $mail->addAddress($b['toEmail']); + if (!empty($email->getToAddress())) { + $mailer->addAddress($email->getToAddress()); } // html version - if (!empty($b['htmlVersion'])) { - $mail->isHTML(true); - $mail->Body = $b['htmlVersion']; - $mail->AltBody = $b['textVersion']; + if (!empty($email->getMessage())) { + $mailer->isHTML(true); + $mailer->Body = $email->getMessage(); + $mailer->AltBody = $email->getMessage(true); } else { // add text - $mail->Body = $b['textVersion']; + $mailer->Body = $email->getMessage(true); } - if (!empty($b['replyTo'])) { - $mail->addReplyTo($b['replyTo'], $b['fromName']); + if (!empty($email->getReplyTo())) { + $mailer->addReplyTo($email->getReplyTo(), $email->getFromName()); } // additional headers - if (!empty($b['additionalMailHeader'])) { - foreach (explode("\n", trim($b['additionalMailHeader'])) as $header_line) { + if (!empty($email->getAdditionalMailHeader())) { + foreach (explode("\n", trim($email->getAdditionalMailHeader())) as $header_line) { list($name, $value) = explode(':', $header_line, 2); - $mail->addCustomHeader(trim($name), trim($value)); + $mailer->addCustomHeader(trim($name), trim($value)); } } - $b['sent'] = $mail->send(); + if ($mailer->send()) { + $email = null; + } } catch (Exception $e) { - DI::logger()->error('PHPMailer error', ['ErrorInfo' => $mail->ErrorInfo, 'code' => $e->getCode(), 'message' => $e->getMessage()]); + DI::logger()->error('PHPMailer error', ['email' => $email, 'ErrorInfo' => $mailer->ErrorInfo, 'exception' => $e]); } } diff --git a/phpmailer/phpmailer/VERSION b/phpmailer/phpmailer/VERSION deleted file mode 100644 index 81f0c273c..000000000 --- a/phpmailer/phpmailer/VERSION +++ /dev/null @@ -1 +0,0 @@ -6.0.5 \ No newline at end of file diff --git a/phpmailer/vendor/autoload.php b/phpmailer/vendor/autoload.php new file mode 100644 index 000000000..60925835c --- /dev/null +++ b/phpmailer/vendor/autoload.php @@ -0,0 +1,7 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see http://www.php-fig.org/psr/psr-0/ + * @see http://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + private $classMapAuthoritative = false; + private $missingClasses = array(); + private $apcuPrefix; + + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', $this->prefixesPsr0); + } + + return array(); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath . '\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/phpmailer/vendor/composer/LICENSE b/phpmailer/vendor/composer/LICENSE new file mode 100644 index 000000000..f27399a04 --- /dev/null +++ b/phpmailer/vendor/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/phpmailer/vendor/composer/autoload_classmap.php b/phpmailer/vendor/composer/autoload_classmap.php new file mode 100644 index 000000000..6000382df --- /dev/null +++ b/phpmailer/vendor/composer/autoload_classmap.php @@ -0,0 +1,14 @@ + $vendorDir . '/phpmailer/phpmailer/src/Exception.php', + 'PHPMailer\\PHPMailer\\OAuth' => $vendorDir . '/phpmailer/phpmailer/src/OAuth.php', + 'PHPMailer\\PHPMailer\\PHPMailer' => $vendorDir . '/phpmailer/phpmailer/src/PHPMailer.php', + 'PHPMailer\\PHPMailer\\POP3' => $vendorDir . '/phpmailer/phpmailer/src/POP3.php', + 'PHPMailer\\PHPMailer\\SMTP' => $vendorDir . '/phpmailer/phpmailer/src/SMTP.php', +); diff --git a/phpmailer/vendor/composer/autoload_namespaces.php b/phpmailer/vendor/composer/autoload_namespaces.php new file mode 100644 index 000000000..b7fc0125d --- /dev/null +++ b/phpmailer/vendor/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ + array($vendorDir . '/phpmailer/phpmailer/src'), +); diff --git a/phpmailer/vendor/composer/autoload_real.php b/phpmailer/vendor/composer/autoload_real.php new file mode 100644 index 000000000..383787a1f --- /dev/null +++ b/phpmailer/vendor/composer/autoload_real.php @@ -0,0 +1,52 @@ += 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); + if ($useStaticLoader) { + require_once __DIR__ . '/autoload_static.php'; + + call_user_func(\Composer\Autoload\ComposerStaticInitPhpMailerAddon::getInitializer($loader)); + } else { + $map = require __DIR__ . '/autoload_namespaces.php'; + foreach ($map as $namespace => $path) { + $loader->set($namespace, $path); + } + + $map = require __DIR__ . '/autoload_psr4.php'; + foreach ($map as $namespace => $path) { + $loader->setPsr4($namespace, $path); + } + + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + } + + $loader->register(true); + + return $loader; + } +} diff --git a/phpmailer/vendor/composer/autoload_static.php b/phpmailer/vendor/composer/autoload_static.php new file mode 100644 index 000000000..20cd9684c --- /dev/null +++ b/phpmailer/vendor/composer/autoload_static.php @@ -0,0 +1,40 @@ + + array ( + 'PHPMailer\\PHPMailer\\' => 20, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'PHPMailer\\PHPMailer\\' => + array ( + 0 => __DIR__ . '/..' . '/phpmailer/phpmailer/src', + ), + ); + + public static $classMap = array ( + 'PHPMailer\\PHPMailer\\Exception' => __DIR__ . '/..' . '/phpmailer/phpmailer/src/Exception.php', + 'PHPMailer\\PHPMailer\\OAuth' => __DIR__ . '/..' . '/phpmailer/phpmailer/src/OAuth.php', + 'PHPMailer\\PHPMailer\\PHPMailer' => __DIR__ . '/..' . '/phpmailer/phpmailer/src/PHPMailer.php', + 'PHPMailer\\PHPMailer\\POP3' => __DIR__ . '/..' . '/phpmailer/phpmailer/src/POP3.php', + 'PHPMailer\\PHPMailer\\SMTP' => __DIR__ . '/..' . '/phpmailer/phpmailer/src/SMTP.php', + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInitPhpMailerAddon::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInitPhpMailerAddon::$prefixDirsPsr4; + $loader->classMap = ComposerStaticInitPhpMailerAddon::$classMap; + + }, null, ClassLoader::class); + } +} diff --git a/phpmailer/vendor/composer/installed.json b/phpmailer/vendor/composer/installed.json new file mode 100644 index 000000000..3d24ccbeb --- /dev/null +++ b/phpmailer/vendor/composer/installed.json @@ -0,0 +1,66 @@ +[ + { + "name": "phpmailer/phpmailer", + "version": "v6.1.4", + "version_normalized": "6.1.4.0", + "source": { + "type": "git", + "url": "https://github.com/PHPMailer/PHPMailer.git", + "reference": "c5e61d0729507049cec9673aa1a679f9adefd683" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/c5e61d0729507049cec9673aa1a679f9adefd683", + "reference": "c5e61d0729507049cec9673aa1a679f9adefd683", + "shasum": "" + }, + "require": { + "ext-ctype": "*", + "ext-filter": "*", + "php": ">=5.5.0" + }, + "require-dev": { + "doctrine/annotations": "^1.2", + "friendsofphp/php-cs-fixer": "^2.2", + "phpunit/phpunit": "^4.8 || ^5.7" + }, + "suggest": { + "ext-mbstring": "Needed to send email in multibyte encoding charset", + "hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication", + "league/oauth2-google": "Needed for Google XOAUTH2 authentication", + "psr/log": "For optional PSR-3 debug logging", + "stevenmaguire/oauth2-microsoft": "Needed for Microsoft XOAUTH2 authentication", + "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)" + }, + "time": "2019-12-10T11:17:38+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "PHPMailer\\PHPMailer\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-only" + ], + "authors": [ + { + "name": "Marcus Bointon", + "email": "phpmailer@synchromedia.co.uk" + }, + { + "name": "Jim Jagielski", + "email": "jimjag@gmail.com" + }, + { + "name": "Andy Prevost", + "email": "codeworxtech@users.sourceforge.net" + }, + { + "name": "Brent R. Matzelle" + } + ], + "description": "PHPMailer is a full-featured email creation and transfer class for PHP" + } +] diff --git a/phpmailer/vendor/phpmailer/phpmailer/COMMITMENT b/phpmailer/vendor/phpmailer/phpmailer/COMMITMENT new file mode 100644 index 000000000..a687e0ddb --- /dev/null +++ b/phpmailer/vendor/phpmailer/phpmailer/COMMITMENT @@ -0,0 +1,46 @@ +GPL Cooperation Commitment +Version 1.0 + +Before filing or continuing to prosecute any legal proceeding or claim +(other than a Defensive Action) arising from termination of a Covered +License, we commit to extend to the person or entity ('you') accused +of violating the Covered License the following provisions regarding +cure and reinstatement, taken from GPL version 3. As used here, the +term 'this License' refers to the specific Covered License being +enforced. + + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly + and finally terminates your license, and (b) permanently, if the + copyright holder fails to notify you of the violation by some + reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you + have received notice of violation of this License (for any work) + from that copyright holder, and you cure the violation prior to 30 + days after your receipt of the notice. + +We intend this Commitment to be irrevocable, and binding and +enforceable against us and assignees of or successors to our +copyrights. + +Definitions + +'Covered License' means the GNU General Public License, version 2 +(GPLv2), the GNU Lesser General Public License, version 2.1 +(LGPLv2.1), or the GNU Library General Public License, version 2 +(LGPLv2), all as published by the Free Software Foundation. + +'Defensive Action' means a legal proceeding or claim that We bring +against you in response to a prior proceeding or claim initiated by +you or your affiliate. + +'We' means each contributor to this repository as of the date of +inclusion of this file, including subsidiaries of a corporate +contributor. + +This work is available under a Creative Commons Attribution-ShareAlike +4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/). diff --git a/phpmailer/phpmailer/LICENSE b/phpmailer/vendor/phpmailer/phpmailer/LICENSE similarity index 100% rename from phpmailer/phpmailer/LICENSE rename to phpmailer/vendor/phpmailer/phpmailer/LICENSE diff --git a/phpmailer/phpmailer/README.md b/phpmailer/vendor/phpmailer/phpmailer/README.md similarity index 73% rename from phpmailer/phpmailer/README.md rename to phpmailer/vendor/phpmailer/phpmailer/README.md index f4e6658e1..d8a0f4e3b 100644 --- a/phpmailer/phpmailer/README.md +++ b/phpmailer/vendor/phpmailer/phpmailer/README.md @@ -6,7 +6,7 @@ Build status: [![Build Status](https://travis-ci.org/PHPMailer/PHPMailer.svg)](h [![Scrutinizer Quality Score](https://scrutinizer-ci.com/g/PHPMailer/PHPMailer/badges/quality-score.png?s=3758e21d279becdf847a557a56a3ed16dfec9d5d)](https://scrutinizer-ci.com/g/PHPMailer/PHPMailer/) [![Code Coverage](https://scrutinizer-ci.com/g/PHPMailer/PHPMailer/badges/coverage.png?s=3fe6ca5fe8cd2cdf96285756e42932f7ca256962)](https://scrutinizer-ci.com/g/PHPMailer/PHPMailer/) -[![Latest Stable Version](https://poser.pugx.org/phpmailer/phpmailer/v/stable.svg)](https://packagist.org/packages/phpmailer/phpmailer) [![Total Downloads](https://poser.pugx.org/phpmailer/phpmailer/downloads)](https://packagist.org/packages/phpmailer/phpmailer) [![Latest Unstable Version](https://poser.pugx.org/phpmailer/phpmailer/v/unstable.svg)](https://packagist.org/packages/phpmailer/phpmailer) [![License](https://poser.pugx.org/phpmailer/phpmailer/license.svg)](https://packagist.org/packages/phpmailer/phpmailer) +[![Latest Stable Version](https://poser.pugx.org/phpmailer/phpmailer/v/stable.svg)](https://packagist.org/packages/phpmailer/phpmailer) [![Total Downloads](https://poser.pugx.org/phpmailer/phpmailer/downloads)](https://packagist.org/packages/phpmailer/phpmailer) [![Latest Unstable Version](https://poser.pugx.org/phpmailer/phpmailer/v/unstable.svg)](https://packagist.org/packages/phpmailer/phpmailer) [![License](https://poser.pugx.org/phpmailer/phpmailer/license.svg)](https://packagist.org/packages/phpmailer/phpmailer) [![API Docs](https://github.com/phpmailer/phpmailer/workflows/Docs/badge.svg)](http://phpmailer.github.io/PHPMailer/) ## Class Features - Probably the world's most popular code for sending email from PHP! @@ -16,31 +16,31 @@ Build status: [![Build Status](https://travis-ci.org/PHPMailer/PHPMailer.svg)](h - Multipart/alternative emails for mail clients that do not read HTML email - Add attachments, including inline - Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings -- SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports +- SMTP authentication with LOGIN, PLAIN, CRAM-MD5, and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports - Validates email addresses automatically - Protect against header injection attacks -- Error messages in 47 languages! +- Error messages in over 50 languages! - DKIM and S/MIME signing support - Compatible with PHP 5.5 and later - Namespaced to prevent name clashes - Much more! ## Why you might need it -Many PHP developers utilize email in their code. The only PHP function that supports this is the `mail()` function. However, it does not provide any assistance for making use of popular features such as HTML-based emails and attachments. +Many PHP developers need to send email from their code. The only PHP function that supports this is [`mail()`](https://www.php.net/manual/en/function.mail.php). However, it does not provide any assistance for making use of popular features such as encryption, authentication, HTML messages, and attachments. -Formatting email correctly is surprisingly difficult. There are myriad overlapping RFCs, requiring tight adherence to horribly complicated formatting and encoding rules - the vast majority of code that you'll find online that uses the `mail()` function directly is just plain wrong! -*Please* don't be tempted to do it yourself - if you don't use PHPMailer, there are many other excellent libraries that you should look at before rolling your own - try [SwiftMailer](https://swiftmailer.symfony.com/), [Zend/Mail](https://zendframework.github.io/zend-mail/), [eZcomponents](https://github.com/zetacomponents/Mail) etc. +Formatting email correctly is surprisingly difficult. There are myriad overlapping RFCs, requiring tight adherence to horribly complicated formatting and encoding rules – the vast majority of code that you'll find online that uses the `mail()` function directly is just plain wrong! +*Please* don't be tempted to do it yourself – if you don't use PHPMailer, there are many other excellent libraries that you should look at before rolling your own. Try [SwiftMailer](https://swiftmailer.symfony.com/), [Zend/Mail](https://zendframework.github.io/zend-mail/), [ZetaComponents](https://github.com/zetacomponents/Mail) etc. -The PHP `mail()` function usually sends via a local mail server, typically fronted by a `sendmail` binary on Linux, BSD and OS X platforms, however, Windows usually doesn't include a local mail server; PHPMailer's integrated SMTP implementation allows email sending on Windows platforms without a local mail server. +The PHP `mail()` function usually sends via a local mail server, typically fronted by a `sendmail` binary on Linux, BSD, and macOS platforms, however, Windows usually doesn't include a local mail server; PHPMailer's integrated SMTP implementation allows email sending on Windows platforms without a local mail server. ## License -This software is distributed under the [LGPL 2.1](http://www.gnu.org/licenses/lgpl-2.1.html) license. Please read LICENSE for information on the software availability and distribution. +This software is distributed under the [LGPL 2.1](http://www.gnu.org/licenses/lgpl-2.1.html) license, along with the [GPL Cooperation Commitment](https://gplcc.github.io/gplcc/). Please read LICENSE for information on the software availability and distribution. ## Installation & loading PHPMailer is available on [Packagist](https://packagist.org/packages/phpmailer/phpmailer) (using semantic versioning), and installation via [Composer](https://getcomposer.org) is the recommended way to install PHPMailer. Just add this line to your `composer.json` file: ```json -"phpmailer/phpmailer": "~6.0" +"phpmailer/phpmailer": "~6.1" ``` or run @@ -70,13 +70,13 @@ If you're not using the `SMTP` class explicitly (you're probably not), you don't If you don't speak git or just want a tarball, click the 'zip' button on the right of the project page in GitHub, though note that docs and examples are not included in the tarball. ## Legacy versions -PHPMailer 5.2 (which is compatible with PHP 5.0 - 7.0) is no longer being supported for feature updates, and will only be receiving security updates from now on. You will find the latest version of 5.2 in the [5.2-stable branch](https://github.com/PHPMailer/PHPMailer/tree/5.2-stable), and future versions of 5.2 will be tagged with 5.2.x version numbers, so existing Composer configs should remain working. If you're using PHP 5.5 or later, we recommend you make the necessary changes to switch to the 6.0 release. +PHPMailer 5.2 (which is compatible with PHP 5.0 - 7.0) is no longer being supported, even for security updates. You will find the latest version of 5.2 in the [5.2-stable branch](https://github.com/PHPMailer/PHPMailer/tree/5.2-stable). If you're using PHP 5.5 or later (which you should be), switch to the 6.x releases. -## Upgrading from 5.2 +### Upgrading from 5.2 The biggest changes are that source files are now in the `src/` folder, and PHPMailer now declares the namespace `PHPMailer\PHPMailer`. This has several important effects – [read the upgrade guide](https://github.com/PHPMailer/PHPMailer/tree/master/UPGRADING.md) for more details. ### Minimal installation -While installing the entire package manually or with Composer is simple, convenient and reliable, you may want to include only vital files in your project. At the very least you will need [src/PHPMailer.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/PHPMailer.php). If you're using SMTP, you'll need [src/SMTP.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/SMTP.php), and if you're using POP-before SMTP, you'll need [src/POP3.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/POP3.php). You can skip the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder if you're not showing errors to users and can make do with English-only errors. If you're using XOAUTH2 you will need [src/OAuth.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/OAuth.php) as well as the Composer dependencies for the services you wish to authenticate with. Really, it's much easier to use Composer! +While installing the entire package manually or with Composer is simple, convenient, and reliable, you may want to include only vital files in your project. At the very least you will need [src/PHPMailer.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/PHPMailer.php). If you're using SMTP, you'll need [src/SMTP.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/SMTP.php), and if you're using POP-before SMTP, you'll need [src/POP3.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/POP3.php). You can skip the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder if you're not showing errors to users and can make do with English-only errors. If you're using XOAUTH2 you will need [src/OAuth.php](https://github.com/PHPMailer/PHPMailer/tree/master/src/OAuth.php) as well as the Composer dependencies for the services you wish to authenticate with. Really, it's much easier to use Composer! ## A Simple Example @@ -85,22 +85,25 @@ While installing the entire package manually or with Composer is simple, conveni // Import PHPMailer classes into the global namespace // These must be at the top of your script, not inside a function use PHPMailer\PHPMailer\PHPMailer; +use PHPMailer\PHPMailer\SMTP; use PHPMailer\PHPMailer\Exception; -//Load Composer's autoloader +// Load Composer's autoloader require 'vendor/autoload.php'; -$mail = new PHPMailer(true); // Passing `true` enables exceptions +// Instantiation and passing `true` enables exceptions +$mail = new PHPMailer(true); + try { //Server settings - $mail->SMTPDebug = 2; // Enable verbose debug output - $mail->isSMTP(); // Set mailer to use SMTP - $mail->Host = 'smtp1.example.com;smtp2.example.com'; // Specify main and backup SMTP servers - $mail->SMTPAuth = true; // Enable SMTP authentication - $mail->Username = 'user@example.com'; // SMTP username - $mail->Password = 'secret'; // SMTP password - $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted - $mail->Port = 587; // TCP port to connect to + $mail->SMTPDebug = SMTP::DEBUG_SERVER; // Enable verbose debug output + $mail->isSMTP(); // Send using SMTP + $mail->Host = 'smtp1.example.com'; // Set the SMTP server to send through + $mail->SMTPAuth = true; // Enable SMTP authentication + $mail->Username = 'user@example.com'; // SMTP username + $mail->Password = 'secret'; // SMTP password + $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` also accepted + $mail->Port = 587; // TCP port to connect to //Recipients $mail->setFrom('from@example.com', 'Mailer'); @@ -110,11 +113,11 @@ try { $mail->addCC('cc@example.com'); $mail->addBCC('bcc@example.com'); - //Attachments + // Attachments $mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments $mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name - //Content + // Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = 'Here is the subject'; $mail->Body = 'This is the HTML message body in bold!'; @@ -123,16 +126,18 @@ try { $mail->send(); echo 'Message has been sent'; } catch (Exception $e) { - echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo; + echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}"; } ``` You'll find plenty more to play with in the [examples](https://github.com/PHPMailer/PHPMailer/tree/master/examples) folder. +If you are re-using the instance (e.g. when sending to a mailing list), you may need to clear the recipient list to avoid sending duplicate messages. See [the mailing list example](https://github.com/PHPMailer/PHPMailer/blob/master/examples/mailing_list.phps) for further guidance. + That's it. You should now be ready to use PHPMailer! ## Localization -PHPMailer defaults to English, but in the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder you'll find numerous (47 at the time of writing!) translations for PHPMailer error messages that you may encounter. Their filenames contain [ISO 639-1](http://en.wikipedia.org/wiki/ISO_639-1) language code for the translations, for example `fr` for French. To specify a language, you need to tell PHPMailer which one to use, like this: +PHPMailer defaults to English, but in the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder you'll find many translations for PHPMailer error messages that you may encounter. Their filenames contain [ISO 639-1](http://en.wikipedia.org/wiki/ISO_639-1) language code for the translations, for example `fr` for French. To specify a language, you need to tell PHPMailer which one to use, like this: ```php // To load the French version @@ -150,7 +155,7 @@ Note that in order to reduce PHPMailer's deployed code footprint, the examples a Complete generated API documentation is [available online](http://phpmailer.github.io/PHPMailer/). -You can generate complete API-level documentation by running `phpdoc` in the top-level folder, and documentation will appear in teh `docs` folder, though you'll need to have [PHPDocumentor](http://www.phpdoc.org) installed. You may find [the unit tests](https://github.com/PHPMailer/PHPMailer/tree/master/test/phpmailerTest.php) a good source of how to do various operations such as encryption. +You can generate complete API-level documentation by running `phpdoc` in the top-level folder, and documentation will appear in the `docs` folder, though you'll need to have [PHPDocumentor](http://www.phpdoc.org) installed. You may find [the unit tests](https://github.com/PHPMailer/PHPMailer/tree/master/test/phpmailerTest.php) a good source of how to do various operations such as encryption. If the documentation doesn't cover what you need, search the [many questions on Stack Overflow](http://stackoverflow.com/questions/tagged/phpmailer), and before you ask a question about "SMTP Error: Could not connect to SMTP host.", [read the troubleshooting guide](https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting). diff --git a/phpmailer/phpmailer/SECURITY.md b/phpmailer/vendor/phpmailer/phpmailer/SECURITY.md similarity index 80% rename from phpmailer/phpmailer/SECURITY.md rename to phpmailer/vendor/phpmailer/phpmailer/SECURITY.md index 57a1f136f..5e917cd04 100644 --- a/phpmailer/phpmailer/SECURITY.md +++ b/phpmailer/vendor/phpmailer/phpmailer/SECURITY.md @@ -2,7 +2,9 @@ Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately. -PHPMailer versions prior to 5.2.24 (released July 26th 2017) have an XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project. +PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing `phar://` paths into `addAttachment()` and other functions that may receive unfiltered local paths, possibly leading to RCE. Recorded as [CVE-2018-19296](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19296). See [this article](https://knasmueller.net/5-answers-about-php-phar-exploitation) for more info on this type of vulnerability. Mitigated by blocking the use of paths containing URL-protocol style prefixes such as `phar://`. Reported by Sehun Oh of cyberone.kr. + +PHPMailer versions prior to 5.2.24 (released July 26th 2017) have an XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, and the file is not included when PHPMailer is loaded through composer, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project. PHPMailer versions prior to 5.2.22 (released January 9th 2017) have a local file disclosure vulnerability, [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223). If content passed into `msgHTML()` is sourced from unfiltered user input, relative paths can map to absolute local file paths and added as attachments. Also note that `addAttachment` (just like `file_get_contents`, `passthru`, `unlink`, etc) should not be passed user-sourced params either! Reported by Yongxiang Li of Asiasecurity. diff --git a/phpmailer/vendor/phpmailer/phpmailer/VERSION b/phpmailer/vendor/phpmailer/phpmailer/VERSION new file mode 100644 index 000000000..1879c1be0 --- /dev/null +++ b/phpmailer/vendor/phpmailer/phpmailer/VERSION @@ -0,0 +1 @@ +6.1.4 \ No newline at end of file diff --git a/phpmailer/vendor/phpmailer/phpmailer/composer.json b/phpmailer/vendor/phpmailer/phpmailer/composer.json new file mode 100644 index 000000000..fd0695c8a --- /dev/null +++ b/phpmailer/vendor/phpmailer/phpmailer/composer.json @@ -0,0 +1,51 @@ +{ + "name": "phpmailer/phpmailer", + "type": "library", + "description": "PHPMailer is a full-featured email creation and transfer class for PHP", + "authors": [ + { + "name": "Marcus Bointon", + "email": "phpmailer@synchromedia.co.uk" + }, + { + "name": "Jim Jagielski", + "email": "jimjag@gmail.com" + }, + { + "name": "Andy Prevost", + "email": "codeworxtech@users.sourceforge.net" + }, + { + "name": "Brent R. Matzelle" + } + ], + "require": { + "php": ">=5.5.0", + "ext-ctype": "*", + "ext-filter": "*" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "^2.2", + "phpunit/phpunit": "^4.8 || ^5.7", + "doctrine/annotations": "^1.2" + }, + "suggest": { + "psr/log": "For optional PSR-3 debug logging", + "league/oauth2-google": "Needed for Google XOAUTH2 authentication", + "hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication", + "stevenmaguire/oauth2-microsoft": "Needed for Microsoft XOAUTH2 authentication", + "ext-mbstring": "Needed to send email in multibyte encoding charset", + "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)" + }, + "autoload": { + "psr-4": { + "PHPMailer\\PHPMailer\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "PHPMailer\\Test\\": "test/" + } + }, + "license": "LGPL-2.1-only" +} diff --git a/phpmailer/phpmailer/get_oauth_token.php b/phpmailer/vendor/phpmailer/phpmailer/get_oauth_token.php similarity index 100% rename from phpmailer/phpmailer/get_oauth_token.php rename to phpmailer/vendor/phpmailer/phpmailer/get_oauth_token.php diff --git a/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-af.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-af.php new file mode 100644 index 000000000..3c42d78e1 --- /dev/null +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-af.php @@ -0,0 +1,25 @@ + + */ +$PHPMAILER_LANG['authenticate'] = 'Hadisoana SMTP: Tsy nahomby ny fanamarinana.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP Error: Tsy afaka mampifandray amin\'ny mpampiantrano SMTP.'; +$PHPMAILER_LANG['data_not_accepted'] = 'SMTP diso: tsy voarakitra ny angona.'; +$PHPMAILER_LANG['empty_message'] = 'Tsy misy ny votoaty mailaka.'; +$PHPMAILER_LANG['encoding'] = 'Tsy fantatra encoding: '; +$PHPMAILER_LANG['execute'] = 'Tsy afaka manatanteraka ity baiko manaraka ity: '; +$PHPMAILER_LANG['file_access'] = 'Tsy nahomby ny fidirana amin\'ity rakitra ity: '; +$PHPMAILER_LANG['file_open'] = 'Hadisoana diso: Tsy afaka nanokatra ity file manaraka ity: '; +$PHPMAILER_LANG['from_failed'] = 'Ny adiresy iraka manaraka dia diso: '; +$PHPMAILER_LANG['instantiate'] = 'Tsy afaka nanomboka ny hetsika mail.'; +$PHPMAILER_LANG['invalid_address'] = 'Tsy mety ny adiresy: '; +$PHPMAILER_LANG['mailer_not_supported'] = ' mailer tsy manohana.'; +$PHPMAILER_LANG['provide_address'] = 'Alefaso azafady iray adiresy iray farafahakeliny.'; +$PHPMAILER_LANG['recipients_failed'] = 'SMTP Error: Tsy mety ireo mpanaraka ireto: '; +$PHPMAILER_LANG['signing'] = 'Error nandritra ny sonia:'; +$PHPMAILER_LANG['smtp_connect_failed'] = 'Tsy nahomby ny fifandraisana tamin\'ny server SMTP.'; +$PHPMAILER_LANG['smtp_error'] = 'Fahadisoana tamin\'ny server SMTP: '; +$PHPMAILER_LANG['variable_set'] = 'Tsy azo atao ny mametraka na mamerina ny variable: '; +$PHPMAILER_LANG['extension_missing'] = 'Tsy hita ny ampahany: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-ms.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ms.php similarity index 96% rename from phpmailer/phpmailer/language/phpmailer.lang-ms.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ms.php index 4e2c34083..f12a6ad48 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-ms.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ms.php @@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing'] = 'Ralat pada tanda tangan: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() telah gagal.'; $PHPMAILER_LANG['smtp_error'] = 'Ralat pada pelayan SMTP: '; $PHPMAILER_LANG['variable_set'] = 'Tidak boleh menetapkan atau menetapkan semula pembolehubah: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Sambungan hilang: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-nb.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nb.php similarity index 95% rename from phpmailer/phpmailer/language/phpmailer.lang-nb.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nb.php index 446105422..97403e73c 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-nb.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nb.php @@ -7,7 +7,7 @@ $PHPMAILER_LANG['authenticate'] = 'SMTP Feil: Kunne ikke autentisere.'; $PHPMAILER_LANG['connect_host'] = 'SMTP Feil: Kunne ikke koble til SMTP tjener.'; $PHPMAILER_LANG['data_not_accepted'] = 'SMTP Feil: Datainnhold ikke akseptert.'; -$PHPMAILER_LANG['empty_message'] = 'Melding kropp tomt'; +$PHPMAILER_LANG['empty_message'] = 'Meldingsinnhold mangler'; $PHPMAILER_LANG['encoding'] = 'Ukjent koding: '; $PHPMAILER_LANG['execute'] = 'Kunne ikke utføre: '; $PHPMAILER_LANG['file_access'] = 'Får ikke tilgang til filen: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-nl.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nl.php similarity index 92% rename from phpmailer/phpmailer/language/phpmailer.lang-nl.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nl.php index 2fb01b2d8..f4d0e7cd3 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-nl.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nl.php @@ -16,6 +16,8 @@ $PHPMAILER_LANG['file_open'] = 'Bestandsfout: kon bestand niet openen $PHPMAILER_LANG['from_failed'] = 'Het volgende afzendersadres is mislukt: '; $PHPMAILER_LANG['instantiate'] = 'Kon mailfunctie niet initialiseren.'; $PHPMAILER_LANG['invalid_address'] = 'Ongeldig adres: '; +$PHPMAILER_LANG['invalid_hostentry'] = 'Ongeldige hostentry: '; +$PHPMAILER_LANG['invalid_host'] = 'Ongeldige host: '; $PHPMAILER_LANG['mailer_not_supported'] = ' mailer wordt niet ondersteund.'; $PHPMAILER_LANG['provide_address'] = 'Er moet minstens één ontvanger worden opgegeven.'; $PHPMAILER_LANG['recipients_failed'] = 'SMTP-fout: de volgende ontvangers zijn mislukt: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-pl.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pl.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-pl.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pl.php diff --git a/phpmailer/phpmailer/language/phpmailer.lang-pt.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pt.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-pt.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pt.php diff --git a/phpmailer/phpmailer/language/phpmailer.lang-pt_br.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pt_br.php similarity index 96% rename from phpmailer/phpmailer/language/phpmailer.lang-pt_br.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pt_br.php index 4ec10f777..62d692d42 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-pt_br.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pt_br.php @@ -26,4 +26,4 @@ $PHPMAILER_LANG['signing'] = 'Erro de Assinatura: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() falhou.'; $PHPMAILER_LANG['smtp_error'] = 'Erro de servidor SMTP: '; $PHPMAILER_LANG['variable_set'] = 'Não foi possível definir ou redefinir a variável: '; -$PHPMAILER_LANG['extension_missing'] = 'Extensão ausente: '; +$PHPMAILER_LANG['extension_missing'] = 'Extensão não existe: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-ro.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ro.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-ro.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ro.php diff --git a/phpmailer/phpmailer/language/phpmailer.lang-ru.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ru.php similarity index 68% rename from phpmailer/phpmailer/language/phpmailer.lang-ru.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ru.php index 4066f6b45..720e9a116 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-ru.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ru.php @@ -7,21 +7,21 @@ */ $PHPMAILER_LANG['authenticate'] = 'Ошибка SMTP: ошибка авторизации.'; -$PHPMAILER_LANG['connect_host'] = 'Ошибка SMTP: не удается подключиться к серверу SMTP.'; +$PHPMAILER_LANG['connect_host'] = 'Ошибка SMTP: не удается подключиться к SMTP-серверу.'; $PHPMAILER_LANG['data_not_accepted'] = 'Ошибка SMTP: данные не приняты.'; -$PHPMAILER_LANG['encoding'] = 'Неизвестный вид кодировки: '; +$PHPMAILER_LANG['encoding'] = 'Неизвестная кодировка: '; $PHPMAILER_LANG['execute'] = 'Невозможно выполнить команду: '; $PHPMAILER_LANG['file_access'] = 'Нет доступа к файлу: '; -$PHPMAILER_LANG['file_open'] = 'Файловая ошибка: не удается открыть файл: '; +$PHPMAILER_LANG['file_open'] = 'Файловая ошибка: не удаётся открыть файл: '; $PHPMAILER_LANG['from_failed'] = 'Неверный адрес отправителя: '; -$PHPMAILER_LANG['instantiate'] = 'Невозможно запустить функцию mail.'; -$PHPMAILER_LANG['provide_address'] = 'Пожалуйста, введите хотя бы один адрес e-mail получателя.'; +$PHPMAILER_LANG['instantiate'] = 'Невозможно запустить функцию mail().'; +$PHPMAILER_LANG['provide_address'] = 'Пожалуйста, введите хотя бы один email-адрес получателя.'; $PHPMAILER_LANG['mailer_not_supported'] = ' — почтовый сервер не поддерживается.'; -$PHPMAILER_LANG['recipients_failed'] = 'Ошибка SMTP: отправка по следующим адресам получателей не удалась: '; +$PHPMAILER_LANG['recipients_failed'] = 'Ошибка SMTP: не удалась отправка таким адресатам: '; $PHPMAILER_LANG['empty_message'] = 'Пустое сообщение'; -$PHPMAILER_LANG['invalid_address'] = 'Не отослано, неправильный формат email адреса: '; +$PHPMAILER_LANG['invalid_address'] = 'Не отправлено из-за неправильного формата email-адреса: '; $PHPMAILER_LANG['signing'] = 'Ошибка подписи: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Ошибка соединения с SMTP-сервером'; $PHPMAILER_LANG['smtp_error'] = 'Ошибка SMTP-сервера: '; -$PHPMAILER_LANG['variable_set'] = 'Невозможно установить или переустановить переменную: '; +$PHPMAILER_LANG['variable_set'] = 'Невозможно установить или сбросить переменную: '; $PHPMAILER_LANG['extension_missing'] = 'Расширение отсутствует: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-sk.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sk.php similarity index 93% rename from phpmailer/phpmailer/language/phpmailer.lang-sk.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sk.php index a38f4e52c..69cfb0fc1 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-sk.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sk.php @@ -3,6 +3,7 @@ * Slovak PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Michal Tinka + * @author Peter Orlický */ $PHPMAILER_LANG['authenticate'] = 'SMTP Error: Chyba autentifikácie.'; @@ -23,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'Chyba prihlasovania: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() zlyhalo.'; $PHPMAILER_LANG['smtp_error'] = 'SMTP chyba serveru: '; $PHPMAILER_LANG['variable_set'] = 'Nemožno nastaviť alebo resetovať premennú: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Chýba rozšírenie: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-sl.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sl.php similarity index 87% rename from phpmailer/phpmailer/language/phpmailer.lang-sl.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sl.php index 54c957250..1e3cb7fa9 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-sl.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sl.php @@ -3,10 +3,11 @@ * Slovene PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Klemen Tušar + * @author Filip Š */ $PHPMAILER_LANG['authenticate'] = 'SMTP napaka: Avtentikacija ni uspela.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP napaka: Ne morem vzpostaviti povezave s SMTP gostiteljem.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP napaka: Vzpostavljanje povezave s SMTP gostiteljem ni uspelo.'; $PHPMAILER_LANG['data_not_accepted'] = 'SMTP napaka: Strežnik zavrača podatke.'; $PHPMAILER_LANG['empty_message'] = 'E-poštno sporočilo nima vsebine.'; $PHPMAILER_LANG['encoding'] = 'Nepoznan tip kodiranja: '; @@ -23,4 +24,4 @@ $PHPMAILER_LANG['signing'] = 'Napaka pri podpisovanju: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Ne morem vzpostaviti povezave s SMTP strežnikom.'; $PHPMAILER_LANG['smtp_error'] = 'Napaka SMTP strežnika: '; $PHPMAILER_LANG['variable_set'] = 'Ne morem nastaviti oz. ponastaviti spremenljivke: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['extension_missing'] = 'Manjkajoča razširitev: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-rs.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sr.php similarity index 79% rename from phpmailer/phpmailer/language/phpmailer.lang-rs.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sr.php index 0502f0214..34c1e182a 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-rs.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sr.php @@ -3,24 +3,25 @@ * Serbian PHPMailer language file: refer to English translation for definitive list * @package PHPMailer * @author Александар Јевремовић + * @author Miloš Milanović */ $PHPMAILER_LANG['authenticate'] = 'SMTP грешка: аутентификација није успела.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP грешка: није могуће повезивање са SMTP сервером.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP грешка: повезивање са SMTP сервером није успело.'; $PHPMAILER_LANG['data_not_accepted'] = 'SMTP грешка: подаци нису прихваћени.'; $PHPMAILER_LANG['empty_message'] = 'Садржај поруке је празан.'; -$PHPMAILER_LANG['encoding'] = 'Непознато кодовање: '; +$PHPMAILER_LANG['encoding'] = 'Непознато кодирање: '; $PHPMAILER_LANG['execute'] = 'Није могуће извршити наредбу: '; $PHPMAILER_LANG['file_access'] = 'Није могуће приступити датотеци: '; $PHPMAILER_LANG['file_open'] = 'Није могуће отворити датотеку: '; $PHPMAILER_LANG['from_failed'] = 'SMTP грешка: слање са следећих адреса није успело: '; $PHPMAILER_LANG['recipients_failed'] = 'SMTP грешка: слање на следеће адресе није успело: '; $PHPMAILER_LANG['instantiate'] = 'Није могуће покренути mail функцију.'; -$PHPMAILER_LANG['invalid_address'] = 'Порука није послата због неисправне адресе: '; +$PHPMAILER_LANG['invalid_address'] = 'Порука није послата. Неисправна адреса: '; $PHPMAILER_LANG['mailer_not_supported'] = ' мејлер није подржан.'; -$PHPMAILER_LANG['provide_address'] = 'Потребно је задати најмање једну адресу.'; -$PHPMAILER_LANG['signing'] = 'Грешка приликом пријављивања: '; +$PHPMAILER_LANG['provide_address'] = 'Дефинишите бар једну адресу примаоца.'; +$PHPMAILER_LANG['signing'] = 'Грешка приликом пријаве: '; $PHPMAILER_LANG['smtp_connect_failed'] = 'Повезивање са SMTP сервером није успело.'; $PHPMAILER_LANG['smtp_error'] = 'Грешка SMTP сервера: '; -$PHPMAILER_LANG['variable_set'] = 'Није могуће задати променљиву, нити је вратити уназад: '; +$PHPMAILER_LANG['variable_set'] = 'Није могуће задати нити ресетовати променљиву: '; $PHPMAILER_LANG['extension_missing'] = 'Недостаје проширење: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-sv.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sv.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-sv.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sv.php diff --git a/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tl.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tl.php new file mode 100644 index 000000000..ed51d4c60 --- /dev/null +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tl.php @@ -0,0 +1,27 @@ + + */ + +$PHPMAILER_LANG['authenticate'] = 'SMTP Error: Hindi mapatotohanan.'; +$PHPMAILER_LANG['connect_host'] = 'SMTP Error: Hindi makakonekta sa SMTP host.'; +$PHPMAILER_LANG['data_not_accepted'] = 'SMTP Error: Ang datos ay hindi maaaring matatanggap.'; +$PHPMAILER_LANG['empty_message'] = 'Walang laman ang mensahe'; +$PHPMAILER_LANG['encoding'] = 'Hindi alam ang encoding: '; +$PHPMAILER_LANG['execute'] = 'Hindi maisasagawa: '; +$PHPMAILER_LANG['file_access'] = 'Hindi ma-access ang file: '; +$PHPMAILER_LANG['file_open'] = 'Hindi mabuksan ang file: '; +$PHPMAILER_LANG['from_failed'] = 'Ang sumusunod na address ay nabigo: '; +$PHPMAILER_LANG['instantiate'] = 'Hindi maaaring magbigay ng institusyon ang mail'; +$PHPMAILER_LANG['invalid_address'] = 'Hindi wasto ang address na naibigay: '; +$PHPMAILER_LANG['mailer_not_supported'] = 'Ang mailer ay hindi suportado'; +$PHPMAILER_LANG['provide_address'] = 'Kailangan mong magbigay ng kahit isang email address na tatanggap'; +$PHPMAILER_LANG['recipients_failed'] = 'SMTP Error: Ang mga sumusunod na tatanggap ay nabigo: '; +$PHPMAILER_LANG['signing'] = 'Hindi ma-sign'; +$PHPMAILER_LANG['smtp_connect_failed'] = 'Ang SMTP connect() ay nabigo'; +$PHPMAILER_LANG['smtp_error'] = 'Ang server ng SMTP ay nabigo'; +$PHPMAILER_LANG['variable_set'] = 'Hindi matatakda ang mga variables: '; +$PHPMAILER_LANG['extension_missing'] = 'Nawawala ang extension'; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-tr.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tr.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-tr.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tr.php diff --git a/phpmailer/phpmailer/language/phpmailer.lang-uk.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-uk.php similarity index 67% rename from phpmailer/phpmailer/language/phpmailer.lang-uk.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-uk.php index 9a7b34674..fcd77ade9 100644 --- a/phpmailer/phpmailer/language/phpmailer.lang-uk.php +++ b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-uk.php @@ -7,21 +7,21 @@ */ $PHPMAILER_LANG['authenticate'] = 'Помилка SMTP: помилка авторизації.'; -$PHPMAILER_LANG['connect_host'] = 'Помилка SMTP: не вдається під\'єднатися до серверу SMTP.'; -$PHPMAILER_LANG['data_not_accepted'] = 'Помилка SMTP: дані не прийняті.'; -$PHPMAILER_LANG['encoding'] = 'Невідомий тип кодування: '; +$PHPMAILER_LANG['connect_host'] = 'Помилка SMTP: не вдається під\'єднатися до SMTP-серверу.'; +$PHPMAILER_LANG['data_not_accepted'] = 'Помилка SMTP: дані не прийнято.'; +$PHPMAILER_LANG['encoding'] = 'Невідоме кодування: '; $PHPMAILER_LANG['execute'] = 'Неможливо виконати команду: '; $PHPMAILER_LANG['file_access'] = 'Немає доступу до файлу: '; $PHPMAILER_LANG['file_open'] = 'Помилка файлової системи: не вдається відкрити файл: '; $PHPMAILER_LANG['from_failed'] = 'Невірна адреса відправника: '; -$PHPMAILER_LANG['instantiate'] = 'Неможливо запустити функцію mail.'; -$PHPMAILER_LANG['provide_address'] = 'Будь-ласка, введіть хоча б одну адресу e-mail отримувача.'; +$PHPMAILER_LANG['instantiate'] = 'Неможливо запустити функцію mail().'; +$PHPMAILER_LANG['provide_address'] = 'Будь-ласка, введіть хоча б одну email-адресу отримувача.'; $PHPMAILER_LANG['mailer_not_supported'] = ' - поштовий сервер не підтримується.'; -$PHPMAILER_LANG['recipients_failed'] = 'Помилка SMTP: відправлення наступним отримувачам не вдалося: '; -$PHPMAILER_LANG['empty_message'] = 'Пусте тіло повідомлення'; -$PHPMAILER_LANG['invalid_address'] = 'Не відправлено, невірний формат адреси e-mail: '; +$PHPMAILER_LANG['recipients_failed'] = 'Помилка SMTP: не вдалося відправлення для таких отримувачів: '; +$PHPMAILER_LANG['empty_message'] = 'Пусте повідомлення'; +$PHPMAILER_LANG['invalid_address'] = 'Не відправлено через невірний формат email-адреси: '; $PHPMAILER_LANG['signing'] = 'Помилка підпису: '; -$PHPMAILER_LANG['smtp_connect_failed'] = 'Помилка з\'єднання із SMTP-сервером'; +$PHPMAILER_LANG['smtp_connect_failed'] = 'Помилка з\'єднання з SMTP-сервером'; $PHPMAILER_LANG['smtp_error'] = 'Помилка SMTP-сервера: '; -$PHPMAILER_LANG['variable_set'] = 'Неможливо встановити або перевстановити змінну: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['variable_set'] = 'Неможливо встановити або скинути змінну: '; +$PHPMAILER_LANG['extension_missing'] = 'Розширення відсутнє: '; diff --git a/phpmailer/phpmailer/language/phpmailer.lang-vi.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-vi.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-vi.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-vi.php diff --git a/phpmailer/phpmailer/language/phpmailer.lang-zh.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-zh.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh.php diff --git a/phpmailer/phpmailer/language/phpmailer.lang-zh_cn.php b/phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh_cn.php similarity index 100% rename from phpmailer/phpmailer/language/phpmailer.lang-zh_cn.php rename to phpmailer/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh_cn.php diff --git a/phpmailer/phpmailer/src/Exception.php b/phpmailer/vendor/phpmailer/phpmailer/src/Exception.php similarity index 95% rename from phpmailer/phpmailer/src/Exception.php rename to phpmailer/vendor/phpmailer/phpmailer/src/Exception.php index 9a05dec3c..b1e552f50 100644 --- a/phpmailer/phpmailer/src/Exception.php +++ b/phpmailer/vendor/phpmailer/phpmailer/src/Exception.php @@ -23,7 +23,7 @@ namespace PHPMailer\PHPMailer; /** * PHPMailer exception handler. * - * @author Marcus Bointon + * @author Marcus Bointon */ class Exception extends \Exception { diff --git a/phpmailer/phpmailer/src/OAuth.php b/phpmailer/vendor/phpmailer/phpmailer/src/OAuth.php similarity index 98% rename from phpmailer/phpmailer/src/OAuth.php rename to phpmailer/vendor/phpmailer/phpmailer/src/OAuth.php index 0bce7e346..0271963ce 100644 --- a/phpmailer/phpmailer/src/OAuth.php +++ b/phpmailer/vendor/phpmailer/phpmailer/src/OAuth.php @@ -123,7 +123,7 @@ class OAuth public function getOauth64() { // Get a new token if it's not available or has expired - if (null === $this->oauthToken or $this->oauthToken->hasExpired()) { + if (null === $this->oauthToken || $this->oauthToken->hasExpired()) { $this->oauthToken = $this->getToken(); } diff --git a/phpmailer/phpmailer/src/PHPMailer.php b/phpmailer/vendor/phpmailer/phpmailer/src/PHPMailer.php similarity index 78% rename from phpmailer/phpmailer/src/PHPMailer.php rename to phpmailer/vendor/phpmailer/phpmailer/src/PHPMailer.php index 528828cd2..127f2b79b 100644 --- a/phpmailer/phpmailer/src/PHPMailer.php +++ b/phpmailer/vendor/phpmailer/phpmailer/src/PHPMailer.php @@ -3,13 +3,13 @@ * PHPMailer - PHP email creation and transport class. * PHP Version 5.5. * - * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project + * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project * * @author Marcus Bointon (Synchro/coolbru) * @author Jim Jagielski (jimjag) * @author Andy Prevost (codeworxtech) * @author Brent R. Matzelle (original founder) - * @copyright 2012 - 2017 Marcus Bointon + * @copyright 2012 - 2019 Marcus Bointon * @copyright 2010 - 2012 Jim Jagielski * @copyright 2004 - 2009 Andy Prevost * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License @@ -23,13 +23,14 @@ namespace PHPMailer\PHPMailer; /** * PHPMailer - PHP email creation and transport class. * - * @author Marcus Bointon (Synchro/coolbru) - * @author Jim Jagielski (jimjag) - * @author Andy Prevost (codeworxtech) - * @author Brent R. Matzelle (original founder) + * @author Marcus Bointon (Synchro/coolbru) + * @author Jim Jagielski (jimjag) + * @author Andy Prevost (codeworxtech) + * @author Brent R. Matzelle (original founder) */ class PHPMailer { + const CHARSET_ASCII = 'us-ascii'; const CHARSET_ISO88591 = 'iso-8859-1'; const CHARSET_UTF8 = 'utf-8'; @@ -46,6 +47,18 @@ class PHPMailer const ENCODING_BINARY = 'binary'; const ENCODING_QUOTED_PRINTABLE = 'quoted-printable'; + const ENCRYPTION_STARTTLS = 'tls'; + const ENCRYPTION_SMTPS = 'ssl'; + + const ICAL_METHOD_REQUEST = 'REQUEST'; + const ICAL_METHOD_PUBLISH = 'PUBLISH'; + const ICAL_METHOD_REPLY = 'REPLY'; + const ICAL_METHOD_ADD = 'ADD'; + const ICAL_METHOD_CANCEL = 'CANCEL'; + const ICAL_METHOD_REFRESH = 'REFRESH'; + const ICAL_METHOD_COUNTER = 'COUNTER'; + const ICAL_METHOD_DECLINECOUNTER = 'DECLINECOUNTER'; + /** * Email priority. * Options: null (default), 1 = High, 3 = Normal, 5 = low. @@ -145,6 +158,22 @@ class PHPMailer */ public $Ical = ''; + /** + * Value-array of "method" in Contenttype header "text/calendar" + * + * @var string[] + */ + protected static $IcalMethods = [ + self::ICAL_METHOD_REQUEST, + self::ICAL_METHOD_PUBLISH, + self::ICAL_METHOD_REPLY, + self::ICAL_METHOD_ADD, + self::ICAL_METHOD_CANCEL, + self::ICAL_METHOD_REFRESH, + self::ICAL_METHOD_COUNTER, + self::ICAL_METHOD_DECLINECOUNTER, + ]; + /** * The complete compiled MIME message body. * @@ -212,6 +241,8 @@ class PHPMailer * $_SERVER['SERVER_NAME'], gethostname(), php_uname('n'), or the value * 'localhost.localdomain'. * + * @see PHPMailer::$Helo + * * @var string */ public $Hostname = ''; @@ -258,7 +289,7 @@ class PHPMailer public $Port = 25; /** - * The SMTP HELO of the message. + * The SMTP HELO/EHLO name used for the SMTP connection. * Default is $Hostname. If $Hostname is empty, PHPMailer attempts to find * one with the same method described above for $Hostname. * @@ -270,7 +301,7 @@ class PHPMailer /** * What kind of encryption to use on the SMTP connection. - * Options: '', 'ssl' or 'tls'. + * Options: '', static::ENCRYPTION_STARTTLS, or static::ENCRYPTION_SMTPS. * * @var string */ @@ -340,15 +371,28 @@ class PHPMailer */ public $Timeout = 300; + /** + * Comma separated list of DSN notifications + * 'NEVER' under no circumstances a DSN must be returned to the sender. + * If you use NEVER all other notifications will be ignored. + * 'SUCCESS' will notify you when your mail has arrived at its destination. + * 'FAILURE' will arrive if an error occurred during delivery. + * 'DELAY' will notify you if there is an unusual delay in delivery, but the actual + * delivery's outcome (success or failure) is not yet decided. + * + * @see https://tools.ietf.org/html/rfc3461 See section 4.1 for more information about NOTIFY + */ + public $dsn = ''; + /** * SMTP class debug output mode. * Debug output level. * Options: - * * `0` No output - * * `1` Commands - * * `2` Data and commands - * * `3` As 2 plus connection status - * * `4` Low-level data output. + * * SMTP::DEBUG_OFF: No output + * * SMTP::DEBUG_CLIENT: Client messages + * * SMTP::DEBUG_SERVER: Client and server messages + * * SMTP::DEBUG_CONNECTION: As SERVER plus connection status + * * SMTP::DEBUG_LOWLEVEL: Noisy, low-level data output, rarely needed * * @see SMTP::$do_debug * @@ -457,6 +501,22 @@ class PHPMailer */ public $DKIM_domain = ''; + /** + * DKIM Copy header field values for diagnostic use. + * + * @var bool + */ + public $DKIM_copyHeaderFields = true; + + /** + * DKIM Extra signing headers. + * + * @example ['List-Unsubscribe', 'List-Help'] + * + * @var array + */ + public $DKIM_extraHeaders = []; + /** * DKIM private key file path. * @@ -498,9 +558,9 @@ class PHPMailer /** * What to put in the X-Mailer header. - * Options: An empty string for PHPMailer default, whitespace for none, or a string to use. + * Options: An empty string for PHPMailer default, whitespace/null for none, or a string to use. * - * @var string + * @var string|null */ public $XMailer = ''; @@ -685,7 +745,7 @@ class PHPMailer * * @var string */ - const VERSION = '6.0.5'; + const VERSION = '6.1.4'; /** * Error severity: message only, continue processing. @@ -715,6 +775,16 @@ class PHPMailer */ protected static $LE = "\r\n"; + /** + * The maximum line length supported by mail(). + * + * Background: mail() will sometimes corrupt messages + * with headers headers longer than 65 chars, see #818. + * + * @var int + */ + const MAIL_MAX_LINE_LENGTH = 63; + /** * The maximum line length allowed by RFC 2822 section 2.1.1. * @@ -778,7 +848,7 @@ class PHPMailer $subject = $this->encodeHeader($this->secureHeader($subject)); } //Calling mail() with null params breaks - if (!$this->UseSendmailOptions or null === $params) { + if (!$this->UseSendmailOptions || null === $params) { $result = @mail($to, $subject, $body, $header); } else { $result = @mail($to, $subject, $body, $header, $params); @@ -808,7 +878,7 @@ class PHPMailer return; } //Avoid clash with built-in function names - if (!in_array($this->Debugoutput, ['error_log', 'html', 'echo']) and is_callable($this->Debugoutput)) { + if (is_callable($this->Debugoutput) && !in_array($this->Debugoutput, ['error_log', 'html', 'echo'])) { call_user_func($this->Debugoutput, $str, $this->SMTPDebug); return; @@ -829,12 +899,12 @@ class PHPMailer case 'echo': default: //Normalize line breaks - $str = preg_replace('/\r\n|\r/ms', "\n", $str); + $str = preg_replace('/\r\n|\r/m', "\n", $str); echo gmdate('Y-m-d H:i:s'), "\t", //Trim trailing space trim( - //Indent for readability, except for trailing break + //Indent for readability, except for trailing break str_replace( "\n", "\n \t ", @@ -911,6 +981,8 @@ class PHPMailer * @param string $address The email address to send to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addAddress($address, $name = '') @@ -924,6 +996,8 @@ class PHPMailer * @param string $address The email address to send to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addCC($address, $name = '') @@ -937,6 +1011,8 @@ class PHPMailer * @param string $address The email address to send to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addBCC($address, $name = '') @@ -950,6 +1026,8 @@ class PHPMailer * @param string $address The email address to reply to * @param string $name * + * @throws Exception + * * @return bool true on success, false if address already used or invalid in some way */ public function addReplyTo($address, $name = '') @@ -978,10 +1056,12 @@ class PHPMailer $pos = strrpos($address, '@'); if (false === $pos) { // At-sign is missing. - $error_message = sprintf('%s (%s): %s', + $error_message = sprintf( + '%s (%s): %s', $this->lang('invalid_address'), $kind, - $address); + $address + ); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -992,19 +1072,17 @@ class PHPMailer } $params = [$kind, $address, $name]; // Enqueue addresses with IDN until we know the PHPMailer::$CharSet. - if ($this->has8bitChars(substr($address, ++$pos)) and static::idnSupported()) { - if ('Reply-To' != $kind) { + if (static::idnSupported() && $this->has8bitChars(substr($address, ++$pos))) { + if ('Reply-To' !== $kind) { if (!array_key_exists($address, $this->RecipientsQueue)) { $this->RecipientsQueue[$address] = $params; return true; } - } else { - if (!array_key_exists($address, $this->ReplyToQueue)) { - $this->ReplyToQueue[$address] = $params; + } elseif (!array_key_exists($address, $this->ReplyToQueue)) { + $this->ReplyToQueue[$address] = $params; - return true; - } + return true; } return false; @@ -1029,9 +1107,11 @@ class PHPMailer protected function addAnAddress($kind, $address, $name = '') { if (!in_array($kind, ['to', 'cc', 'bcc', 'Reply-To'])) { - $error_message = sprintf('%s: %s', + $error_message = sprintf( + '%s: %s', $this->lang('Invalid recipient kind'), - $kind); + $kind + ); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1041,10 +1121,12 @@ class PHPMailer return false; } if (!static::validateAddress($address)) { - $error_message = sprintf('%s (%s): %s', + $error_message = sprintf( + '%s (%s): %s', $this->lang('invalid_address'), $kind, - $address); + $address + ); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1053,19 +1135,17 @@ class PHPMailer return false; } - if ('Reply-To' != $kind) { + if ('Reply-To' !== $kind) { if (!array_key_exists(strtolower($address), $this->all_recipients)) { $this->{$kind}[] = [$address, $name]; $this->all_recipients[strtolower($address)] = true; return true; } - } else { - if (!array_key_exists(strtolower($address), $this->ReplyTo)) { - $this->ReplyTo[strtolower($address)] = [$address, $name]; + } elseif (!array_key_exists(strtolower($address), $this->ReplyTo)) { + $this->ReplyTo[strtolower($address)] = [$address, $name]; - return true; - } + return true; } return false; @@ -1077,7 +1157,7 @@ class PHPMailer * Uses the imap_rfc822_parse_adrlist function if the IMAP extension is available. * Note that quotes in the name part are removed. * - * @see http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation + * @see http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation * * @param string $addrstr The address list string * @param bool $useimap Whether to use the IMAP extension to parse the list @@ -1087,17 +1167,17 @@ class PHPMailer public static function parseAddresses($addrstr, $useimap = true) { $addresses = []; - if ($useimap and function_exists('imap_rfc822_parse_adrlist')) { + if ($useimap && function_exists('imap_rfc822_parse_adrlist')) { //Use this built-in parser if it's available $list = imap_rfc822_parse_adrlist($addrstr, ''); foreach ($list as $address) { - if ('.SYNTAX-ERROR.' != $address->host) { - if (static::validateAddress($address->mailbox . '@' . $address->host)) { - $addresses[] = [ - 'name' => (property_exists($address, 'personal') ? $address->personal : ''), - 'address' => $address->mailbox . '@' . $address->host, - ]; - } + if (('.SYNTAX-ERROR.' !== $address->host) && static::validateAddress( + $address->mailbox . '@' . $address->host + )) { + $addresses[] = [ + 'name' => (property_exists($address, 'personal') ? $address->personal : ''), + 'address' => $address->mailbox . '@' . $address->host, + ]; } } } else { @@ -1147,12 +1227,15 @@ class PHPMailer $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim // Don't validate now addresses with IDN. Will be done in send(). $pos = strrpos($address, '@'); - if (false === $pos or - (!$this->has8bitChars(substr($address, ++$pos)) or !static::idnSupported()) and - !static::validateAddress($address)) { - $error_message = sprintf('%s (From): %s', + if ((false === $pos) + || ((!$this->has8bitChars(substr($address, ++$pos)) || !static::idnSupported()) + && !static::validateAddress($address)) + ) { + $error_message = sprintf( + '%s (From): %s', $this->lang('invalid_address'), - $address); + $address + ); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1163,10 +1246,8 @@ class PHPMailer } $this->From = $address; $this->FromName = $name; - if ($auto) { - if (empty($this->Sender)) { - $this->Sender = $address; - } + if ($auto && empty($this->Sender)) { + $this->Sender = $address; } return true; @@ -1215,10 +1296,10 @@ class PHPMailer $patternselect = static::$validator; } if (is_callable($patternselect)) { - return call_user_func($patternselect, $address); + return $patternselect($address); } //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321 - if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) { + if (strpos($address, "\n") !== false || strpos($address, "\r") !== false) { return false; } switch ($patternselect) { @@ -1265,7 +1346,7 @@ class PHPMailer ); case 'php': default: - return (bool) filter_var($address, FILTER_VALIDATE_EMAIL); + return filter_var($address, FILTER_VALIDATE_EMAIL) !== false; } } @@ -1277,7 +1358,7 @@ class PHPMailer */ public static function idnSupported() { - return function_exists('idn_to_ascii') and function_exists('mb_convert_encoding'); + return function_exists('idn_to_ascii') && function_exists('mb_convert_encoding'); } /** @@ -1288,7 +1369,7 @@ class PHPMailer * - Conversion to punycode is impossible (e.g. required PHP functions are not available) * or fails for any reason (e.g. domain contains characters not allowed in an IDN). * - * @see PHPMailer::$CharSet + * @see PHPMailer::$CharSet * * @param string $address The email address to convert * @@ -1298,17 +1379,23 @@ class PHPMailer { // Verify we have required functions, CharSet, and at-sign. $pos = strrpos($address, '@'); - if (static::idnSupported() and - !empty($this->CharSet) and - false !== $pos + if (!empty($this->CharSet) && + false !== $pos && + static::idnSupported() ) { $domain = substr($address, ++$pos); // Verify CharSet string is a valid one, and domain properly encoded in this CharSet. - if ($this->has8bitChars($domain) and @mb_check_encoding($domain, $this->CharSet)) { + if ($this->has8bitChars($domain) && @mb_check_encoding($domain, $this->CharSet)) { $domain = mb_convert_encoding($domain, 'UTF-8', $this->CharSet); //Ignore IDE complaints about this line - method signature changed in PHP 5.4 $errorcode = 0; - $punycode = idn_to_ascii($domain, $errorcode, INTL_IDNA_VARIANT_UTS46); + if (defined('INTL_IDNA_VARIANT_UTS46')) { + $punycode = idn_to_ascii($domain, $errorcode, INTL_IDNA_VARIANT_UTS46); + } elseif (defined('INTL_IDNA_VARIANT_2003')) { + $punycode = idn_to_ascii($domain, $errorcode, INTL_IDNA_VARIANT_2003); + } else { + $punycode = idn_to_ascii($domain, $errorcode); + } if (false !== $punycode) { return substr($address, 0, $pos) . $punycode; } @@ -1354,8 +1441,8 @@ class PHPMailer */ public function preSend() { - if ('smtp' == $this->Mailer or - ('mail' == $this->Mailer and stripos(PHP_OS, 'WIN') === 0) + if ('smtp' === $this->Mailer + || ('mail' === $this->Mailer && stripos(PHP_OS, 'WIN') === 0) ) { //SMTP mandates RFC-compliant line endings //and it's also used with mail() on Windows @@ -1365,13 +1452,11 @@ class PHPMailer static::setLE(PHP_EOL); } //Check for buggy PHP versions that add a header with an incorrect line break - if (ini_get('mail.add_x_header') == 1 - and 'mail' == $this->Mailer - and stripos(PHP_OS, 'WIN') === 0 - and ((version_compare(PHP_VERSION, '7.0.0', '>=') - and version_compare(PHP_VERSION, '7.0.17', '<')) - or (version_compare(PHP_VERSION, '7.1.0', '>=') - and version_compare(PHP_VERSION, '7.1.3', '<'))) + if ('mail' === $this->Mailer + && ((PHP_VERSION_ID >= 70000 && PHP_VERSION_ID < 70017) + || (PHP_VERSION_ID >= 70100 && PHP_VERSION_ID < 70103)) + && ini_get('mail.add_x_header') === '1' + && stripos(PHP_OS, 'WIN') === 0 ) { trigger_error( 'Your version of PHP is affected by a bug that may result in corrupted messages.' . @@ -1402,10 +1487,12 @@ class PHPMailer } $this->$address_kind = $this->punyencodeAddress($this->$address_kind); if (!static::validateAddress($this->$address_kind)) { - $error_message = sprintf('%s (%s): %s', + $error_message = sprintf( + '%s (%s): %s', $this->lang('invalid_address'), $address_kind, - $this->$address_kind); + $this->$address_kind + ); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { @@ -1423,7 +1510,7 @@ class PHPMailer $this->setMessageType(); // Refuse to send an empty message unless we are specifically allowing it - if (!$this->AllowEmpty and empty($this->Body)) { + if (!$this->AllowEmpty && empty($this->Body)) { throw new Exception($this->lang('empty_message'), self::STOP_CRITICAL); } @@ -1439,7 +1526,7 @@ class PHPMailer // To capture the complete message when using mail(), create // an extra header list which createHeader() doesn't fold in - if ('mail' == $this->Mailer) { + if ('mail' === $this->Mailer) { if (count($this->to) > 0) { $this->mailHeader .= $this->addrAppend('To', $this->to); } else { @@ -1453,9 +1540,12 @@ class PHPMailer // Sign with DKIM if enabled if (!empty($this->DKIM_domain) - and !empty($this->DKIM_selector) - and (!empty($this->DKIM_private_string) - or (!empty($this->DKIM_private) and file_exists($this->DKIM_private)) + && !empty($this->DKIM_selector) + && (!empty($this->DKIM_private_string) + || (!empty($this->DKIM_private) + && static::isPermittedPath($this->DKIM_private) + && file_exists($this->DKIM_private) + ) ) ) { $header_dkim = $this->DKIM_Add( @@ -1519,7 +1609,7 @@ class PHPMailer /** * Send mail using the $Sendmail program. * - * @see PHPMailer::$Sendmail + * @see PHPMailer::$Sendmail * * @param string $header The message headers * @param string $body The message body @@ -1530,19 +1620,19 @@ class PHPMailer */ protected function sendmailSend($header, $body) { + $header = rtrim($header, "\r\n ") . static::$LE . static::$LE; + // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. - if (!empty($this->Sender) and self::isShellSafe($this->Sender)) { - if ('qmail' == $this->Mailer) { + if (!empty($this->Sender) && self::isShellSafe($this->Sender)) { + if ('qmail' === $this->Mailer) { $sendmailFmt = '%s -f%s'; } else { $sendmailFmt = '%s -oi -f%s -t'; } + } elseif ('qmail' === $this->Mailer) { + $sendmailFmt = '%s'; } else { - if ('qmail' == $this->Mailer) { - $sendmailFmt = '%s'; - } else { - $sendmailFmt = '%s -oi -t'; - } + $sendmailFmt = '%s -oi -t'; } $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender); @@ -1558,7 +1648,7 @@ class PHPMailer fwrite($mail, $body); $result = pclose($mail); $this->doCallback( - ($result == 0), + ($result === 0), [$toAddr], $this->cc, $this->bcc, @@ -1580,7 +1670,7 @@ class PHPMailer fwrite($mail, $body); $result = pclose($mail); $this->doCallback( - ($result == 0), + ($result === 0), $this->to, $this->cc, $this->bcc, @@ -1611,7 +1701,7 @@ class PHPMailer { // Future-proof if (escapeshellcmd($string) !== $string - or !in_array(escapeshellarg($string), ["'$string'", "\"$string\""]) + || !in_array(escapeshellarg($string), ["'$string'", "\"$string\""]) ) { return false; } @@ -1632,10 +1722,24 @@ class PHPMailer return true; } + /** + * Check whether a file path is of a permitted type. + * Used to reject URLs and phar files from functions that access local file paths, + * such as addAttachment. + * + * @param string $path A relative or absolute path to a file + * + * @return bool + */ + protected static function isPermittedPath($path) + { + return !preg_match('#^[a-z]+://#i', $path); + } + /** * Send mail using the PHP mail() function. * - * @see http://www.php.net/manual/en/book.mail.php + * @see http://www.php.net/manual/en/book.mail.php * * @param string $header The message headers * @param string $body The message body @@ -1646,6 +1750,8 @@ class PHPMailer */ protected function mailSend($header, $body) { + $header = rtrim($header, "\r\n ") . static::$LE . static::$LE; + $toArr = []; foreach ($this->to as $toaddr) { $toArr[] = $this->addrFormat($toaddr); @@ -1654,24 +1760,22 @@ class PHPMailer $params = null; //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver - if (!empty($this->Sender) and static::validateAddress($this->Sender)) { - //A space after `-f` is optional, but there is a long history of its presence - //causing problems, so we don't use one - //Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html - //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html - //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html - //Example problem: https://www.drupal.org/node/1057954 - // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. - if (self::isShellSafe($this->Sender)) { - $params = sprintf('-f%s', $this->Sender); - } + //A space after `-f` is optional, but there is a long history of its presence + //causing problems, so we don't use one + //Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html + //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html + //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html + //Example problem: https://www.drupal.org/node/1057954 + // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. + if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) { + $params = sprintf('-f%s', $this->Sender); } - if (!empty($this->Sender) and static::validateAddress($this->Sender)) { + if (!empty($this->Sender) && static::validateAddress($this->Sender)) { $old_from = ini_get('sendmail_from'); ini_set('sendmail_from', $this->Sender); } $result = false; - if ($this->SingleTo and count($toArr) > 1) { + if ($this->SingleTo && count($toArr) > 1) { foreach ($toArr as $toAddr) { $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params); $this->doCallback($result, [$toAddr], $this->cc, $this->bcc, $this->Subject, $body, $this->From, []); @@ -1709,8 +1813,6 @@ class PHPMailer /** * Provide an instance to use for SMTP operations. * - * @param SMTP $smtp - * * @return SMTP */ public function setSMTPInstance(SMTP $smtp) @@ -1737,12 +1839,13 @@ class PHPMailer */ protected function smtpSend($header, $body) { + $header = rtrim($header, "\r\n ") . static::$LE . static::$LE; $bad_rcpt = []; if (!$this->smtpConnect($this->SMTPOptions)) { throw new Exception($this->lang('smtp_connect_failed'), self::STOP_CRITICAL); } //Sender already validated in preSend() - if ('' == $this->Sender) { + if ('' === $this->Sender) { $smtp_from = $this->From; } else { $smtp_from = $this->Sender; @@ -1756,7 +1859,7 @@ class PHPMailer // Attempt to send to all recipients foreach ([$this->to, $this->cc, $this->bcc] as $togroup) { foreach ($togroup as $to) { - if (!$this->smtp->recipient($to[0])) { + if (!$this->smtp->recipient($to[0], $this->dsn)) { $error = $this->smtp->getError(); $bad_rcpt[] = ['to' => $to[0], 'error' => $error['detail']]; $isSent = false; @@ -1769,7 +1872,7 @@ class PHPMailer } // Only send the DATA command if we have viable recipients - if ((count($this->all_recipients) > count($bad_rcpt)) and !$this->smtp->data($header . $body)) { + if ((count($this->all_recipients) > count($bad_rcpt)) && !$this->smtp->data($header . $body)) { throw new Exception($this->lang('data_not_accepted'), self::STOP_CRITICAL); } @@ -1801,10 +1904,7 @@ class PHPMailer foreach ($bad_rcpt as $bad) { $errstr .= $bad['to'] . ': ' . $bad['error']; } - throw new Exception( - $this->lang('recipients_failed') . $errstr, - self::STOP_CONTINUE - ); + throw new Exception($this->lang('recipients_failed') . $errstr, self::STOP_CONTINUE); } return true; @@ -1848,50 +1948,49 @@ class PHPMailer foreach ($hosts as $hostentry) { $hostinfo = []; if (!preg_match( - '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/', + '/^(?:(ssl|tls):\/\/)?(.+?)(?::(\d+))?$/', trim($hostentry), $hostinfo )) { - static::edebug($this->lang('connect_host') . ' ' . $hostentry); + $this->edebug($this->lang('invalid_hostentry') . ' ' . trim($hostentry)); // Not a valid host entry continue; } - // $hostinfo[2]: optional ssl or tls prefix - // $hostinfo[3]: the hostname - // $hostinfo[4]: optional port number + // $hostinfo[1]: optional ssl or tls prefix + // $hostinfo[2]: the hostname + // $hostinfo[3]: optional port number // The host string prefix can temporarily override the current setting for SMTPSecure // If it's not specified, the default value is used //Check the host name is a valid name or IP address before trying to use it - if (!static::isValidHost($hostinfo[3])) { - static::edebug($this->lang('connect_host') . ' ' . $hostentry); + if (!static::isValidHost($hostinfo[2])) { + $this->edebug($this->lang('invalid_host') . ' ' . $hostinfo[2]); continue; } $prefix = ''; $secure = $this->SMTPSecure; - $tls = ('tls' == $this->SMTPSecure); - if ('ssl' == $hostinfo[2] or ('' == $hostinfo[2] and 'ssl' == $this->SMTPSecure)) { + $tls = (static::ENCRYPTION_STARTTLS === $this->SMTPSecure); + if ('ssl' === $hostinfo[1] || ('' === $hostinfo[1] && static::ENCRYPTION_SMTPS === $this->SMTPSecure)) { $prefix = 'ssl://'; $tls = false; // Can't have SSL and TLS at the same time - $secure = 'ssl'; - } elseif ('tls' == $hostinfo[2]) { + $secure = static::ENCRYPTION_SMTPS; + } elseif ('tls' === $hostinfo[1]) { $tls = true; // tls doesn't use a prefix - $secure = 'tls'; + $secure = static::ENCRYPTION_STARTTLS; } //Do we need the OpenSSL extension? $sslext = defined('OPENSSL_ALGO_SHA256'); - if ('tls' === $secure or 'ssl' === $secure) { + if (static::ENCRYPTION_STARTTLS === $secure || static::ENCRYPTION_SMTPS === $secure) { //Check for an OpenSSL constant rather than using extension_loaded, which is sometimes disabled if (!$sslext) { throw new Exception($this->lang('extension_missing') . 'openssl', self::STOP_CRITICAL); } } - $host = $hostinfo[3]; + $host = $hostinfo[2]; $port = $this->Port; - $tport = (int) $hostinfo[4]; - if ($tport > 0 and $tport < 65536) { - $port = $tport; + if (array_key_exists(3, $hostinfo) && is_numeric($hostinfo[3]) && $hostinfo[3] > 0 && $hostinfo[3] < 65536) { + $port = (int) $hostinfo[3]; } if ($this->smtp->connect($prefix . $host, $port, $this->Timeout, $options)) { try { @@ -1906,7 +2005,7 @@ class PHPMailer // * we have openssl extension // * we are not already using SSL // * the server offers STARTTLS - if ($this->SMTPAutoTLS and $sslext and 'ssl' != $secure and $this->smtp->getServerExt('STARTTLS')) { + if ($this->SMTPAutoTLS && $sslext && 'ssl' !== $secure && $this->smtp->getServerExt('STARTTLS')) { $tls = true; } if ($tls) { @@ -1916,16 +2015,13 @@ class PHPMailer // We must resend EHLO after TLS negotiation $this->smtp->hello($hello); } - if ($this->SMTPAuth) { - if (!$this->smtp->authenticate( - $this->Username, - $this->Password, - $this->AuthType, - $this->oauth - ) - ) { - throw new Exception($this->lang('authenticate')); - } + if ($this->SMTPAuth && !$this->smtp->authenticate( + $this->Username, + $this->Password, + $this->AuthType, + $this->oauth + )) { + throw new Exception($this->lang('authenticate')); } return true; @@ -1940,7 +2036,7 @@ class PHPMailer // If we get here, all connection attempts have failed, so close connection hard $this->smtp->close(); // As we've caught all exceptions, just report whatever the last one was - if ($this->exceptions and null !== $lastexception) { + if ($this->exceptions && null !== $lastexception) { throw $lastexception; } @@ -1952,11 +2048,9 @@ class PHPMailer */ public function smtpClose() { - if (null !== $this->smtp) { - if ($this->smtp->connected()) { - $this->smtp->quit(); - $this->smtp->close(); - } + if ((null !== $this->smtp) && $this->smtp->connected()) { + $this->smtp->quit(); + $this->smtp->close(); } } @@ -1979,7 +2073,8 @@ class PHPMailer 'dk' => 'da', 'no' => 'nb', 'se' => 'sv', - 'sr' => 'rs', + 'rs' => 'sr', + 'tg' => 'tl', ]; if (isset($renamed_langcodes[$langcode])) { @@ -1999,6 +2094,8 @@ class PHPMailer 'from_failed' => 'The following From address failed: ', 'instantiate' => 'Could not instantiate mail function.', 'invalid_address' => 'Invalid address: ', + 'invalid_hostentry' => 'Invalid hostentry: ', + 'invalid_host' => 'Invalid host: ', 'mailer_not_supported' => ' mailer is not supported.', 'provide_address' => 'You must provide at least one recipient email address.', 'recipients_failed' => 'SMTP Error: The following recipients failed: ', @@ -2019,9 +2116,9 @@ class PHPMailer $foundlang = true; $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php'; // There is no English translation file - if ('en' != $langcode) { + if ('en' !== $langcode) { // Make sure language file path is readable - if (!file_exists($lang_file)) { + if (!static::isPermittedPath($lang_file) || !file_exists($lang_file)) { $foundlang = false; } else { // Overwrite language-specific strings. @@ -2079,9 +2176,8 @@ class PHPMailer return $this->secureHeader($addr[0]); } - return $this->encodeHeader($this->secureHeader($addr[1]), 'phrase') . ' <' . $this->secureHeader( - $addr[0] - ) . '>'; + return $this->encodeHeader($this->secureHeader($addr[1]), 'phrase') . + ' <' . $this->secureHeader($addr[0]) . '>'; } /** @@ -2105,13 +2201,13 @@ class PHPMailer } // If utf-8 encoding is used, we will need to make sure we don't // split multibyte characters when we wrap - $is_utf8 = 'utf-8' == strtolower($this->CharSet); + $is_utf8 = static::CHARSET_UTF8 === strtolower($this->CharSet); $lelen = strlen(static::$LE); $crlflen = strlen(static::$LE); $message = static::normalizeBreaks($message); //Remove a trailing line break - if (substr($message, -$lelen) == static::$LE) { + if (substr($message, -$lelen) === static::$LE) { $message = substr($message, 0, -$lelen); } @@ -2124,16 +2220,16 @@ class PHPMailer $buf = ''; $firstword = true; foreach ($words as $word) { - if ($qp_mode and (strlen($word) > $length)) { + if ($qp_mode && (strlen($word) > $length)) { $space_left = $length - strlen($buf) - $crlflen; if (!$firstword) { if ($space_left > 20) { $len = $space_left; if ($is_utf8) { $len = $this->utf8CharBoundary($word, $len); - } elseif ('=' == substr($word, $len - 1, 1)) { + } elseif ('=' === substr($word, $len - 1, 1)) { --$len; - } elseif ('=' == substr($word, $len - 2, 1)) { + } elseif ('=' === substr($word, $len - 2, 1)) { $len -= 2; } $part = substr($word, 0, $len); @@ -2145,22 +2241,22 @@ class PHPMailer } $buf = ''; } - while (strlen($word) > 0) { + while ($word !== '') { if ($length <= 0) { break; } $len = $length; if ($is_utf8) { $len = $this->utf8CharBoundary($word, $len); - } elseif ('=' == substr($word, $len - 1, 1)) { + } elseif ('=' === substr($word, $len - 1, 1)) { --$len; - } elseif ('=' == substr($word, $len - 2, 1)) { + } elseif ('=' === substr($word, $len - 2, 1)) { $len -= 2; } $part = substr($word, 0, $len); - $word = substr($word, $len); + $word = (string) substr($word, $len); - if (strlen($word) > 0) { + if ($word !== '') { $message .= $part . sprintf('=%s', static::$LE); } else { $buf = $part; @@ -2173,7 +2269,7 @@ class PHPMailer } $buf .= $word; - if (strlen($buf) > $length and '' != $buf_o) { + if ('' !== $buf_o && strlen($buf) > $length) { $message .= $buf_o . $soft_break; $buf = $word; } @@ -2268,23 +2364,21 @@ class PHPMailer { $result = ''; - $result .= $this->headerLine('Date', '' == $this->MessageDate ? self::rfcDate() : $this->MessageDate); + $result .= $this->headerLine('Date', '' === $this->MessageDate ? self::rfcDate() : $this->MessageDate); // To be created automatically by mail() if ($this->SingleTo) { - if ('mail' != $this->Mailer) { + if ('mail' !== $this->Mailer) { foreach ($this->to as $toaddr) { $this->SingleToArray[] = $this->addrFormat($toaddr); } } - } else { - if (count($this->to) > 0) { - if ('mail' != $this->Mailer) { - $result .= $this->addrAppend('To', $this->to); - } - } elseif (count($this->cc) == 0) { - $result .= $this->headerLine('To', 'undisclosed-recipients:;'); + } elseif (count($this->to) > 0) { + if ('mail' !== $this->Mailer) { + $result .= $this->addrAppend('To', $this->to); } + } elseif (count($this->cc) === 0) { + $result .= $this->headerLine('To', 'undisclosed-recipients:;'); } $result .= $this->addrAppend('From', [[trim($this->From), $this->FromName]]); @@ -2296,9 +2390,9 @@ class PHPMailer // sendmail and mail() extract Bcc from the header before sending if (( - 'sendmail' == $this->Mailer or 'qmail' == $this->Mailer or 'mail' == $this->Mailer + 'sendmail' === $this->Mailer || 'qmail' === $this->Mailer || 'mail' === $this->Mailer ) - and count($this->bcc) > 0 + && count($this->bcc) > 0 ) { $result .= $this->addrAppend('Bcc', $this->bcc); } @@ -2308,13 +2402,13 @@ class PHPMailer } // mail() sets the subject itself - if ('mail' != $this->Mailer) { + if ('mail' !== $this->Mailer) { $result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject))); } // Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4 // https://tools.ietf.org/html/rfc5322#section-3.6.4 - if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) { + if ('' !== $this->MessageID && preg_match('/^<.*@.*>$/', $this->MessageID)) { $this->lastMessageID = $this->MessageID; } else { $this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname()); @@ -2323,7 +2417,7 @@ class PHPMailer if (null !== $this->Priority) { $result .= $this->headerLine('X-Priority', $this->Priority); } - if ('' == $this->XMailer) { + if ('' === $this->XMailer) { $result .= $this->headerLine( 'X-Mailer', 'PHPMailer ' . self::VERSION . ' (https://github.com/PHPMailer/PHPMailer)' @@ -2335,7 +2429,7 @@ class PHPMailer } } - if ('' != $this->ConfirmReadingTo) { + if ('' !== $this->ConfirmReadingTo) { $result .= $this->headerLine('Disposition-Notification-To', '<' . $this->ConfirmReadingTo . '>'); } @@ -2366,19 +2460,19 @@ class PHPMailer switch ($this->message_type) { case 'inline': $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); - $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); + $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; case 'attach': case 'inline_attach': case 'alt_attach': case 'alt_inline_attach': $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_MIXED . ';'); - $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); + $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; case 'alt': case 'alt_inline': $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); - $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); + $result .= $this->textLine(' boundary="' . $this->boundary[1] . '"'); break; default: // Catches case 'plain': and case '': @@ -2387,10 +2481,10 @@ class PHPMailer break; } // RFC1341 part 5 says 7bit is assumed if not specified - if (static::ENCODING_7BIT != $this->Encoding) { + if (static::ENCODING_7BIT !== $this->Encoding) { // RFC 2045 section 6.4 says multipart MIME parts may only use 7bit, 8bit or binary CTE if ($ismultipart) { - if (static::ENCODING_8BIT == $this->Encoding) { + if (static::ENCODING_8BIT === $this->Encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', static::ENCODING_8BIT); } // The only remaining alternatives are quoted-printable and base64, which are both 7bit compatible @@ -2399,8 +2493,8 @@ class PHPMailer } } - if ('mail' != $this->Mailer) { - $result .= static::$LE; + if ('mail' !== $this->Mailer) { +// $result .= static::$LE; } return $result; @@ -2428,11 +2522,19 @@ class PHPMailer protected function generateId() { $len = 32; //32 bytes = 256 bits + $bytes = ''; if (function_exists('random_bytes')) { - $bytes = random_bytes($len); + try { + $bytes = random_bytes($len); + } catch (\Exception $e) { + //Do nothing + } } elseif (function_exists('openssl_random_pseudo_bytes')) { + /** @noinspection CryptographicallySecureRandomnessInspection */ $bytes = openssl_random_pseudo_bytes($len); - } else { + } + if ($bytes === '') { + //We failed to produce a proper random string, so make do. //Use a hash to force the length to the same as the other methods $bytes = hash('sha256', uniqid((string) mt_rand(), true), true); } @@ -2467,28 +2569,28 @@ class PHPMailer $bodyEncoding = $this->Encoding; $bodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? - if (static::ENCODING_8BIT == $bodyEncoding and !$this->has8bitChars($this->Body)) { + if (static::ENCODING_8BIT === $bodyEncoding && !$this->has8bitChars($this->Body)) { $bodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit - $bodyCharSet = 'us-ascii'; + $bodyCharSet = static::CHARSET_ASCII; } //If lines are too long, and we're not already using an encoding that will shorten them, //change to quoted-printable transfer encoding for the body part only - if (static::ENCODING_BASE64 != $this->Encoding and static::hasLineLongerThanMax($this->Body)) { + if (static::ENCODING_BASE64 !== $this->Encoding && static::hasLineLongerThanMax($this->Body)) { $bodyEncoding = static::ENCODING_QUOTED_PRINTABLE; } $altBodyEncoding = $this->Encoding; $altBodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? - if (static::ENCODING_8BIT == $altBodyEncoding and !$this->has8bitChars($this->AltBody)) { + if (static::ENCODING_8BIT === $altBodyEncoding && !$this->has8bitChars($this->AltBody)) { $altBodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit - $altBodyCharSet = 'us-ascii'; + $altBodyCharSet = static::CHARSET_ASCII; } //If lines are too long, and we're not already using an encoding that will shorten them, //change to quoted-printable transfer encoding for the alt body part only - if (static::ENCODING_BASE64 != $altBodyEncoding and static::hasLineLongerThanMax($this->AltBody)) { + if (static::ENCODING_BASE64 !== $altBodyEncoding && static::hasLineLongerThanMax($this->AltBody)) { $altBodyEncoding = static::ENCODING_QUOTED_PRINTABLE; } //Use this as a preamble in all multipart message types @@ -2512,7 +2614,8 @@ class PHPMailer $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '";'); + $body .= $this->textLine(' type="' . static::CONTENT_TYPE_TEXT_HTML . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, '', $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); @@ -2523,14 +2626,36 @@ class PHPMailer break; case 'alt': $body .= $mimepre; - $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); + $body .= $this->getBoundary( + $this->boundary[1], + $altBodyCharSet, + static::CONTENT_TYPE_PLAINTEXT, + $altBodyEncoding + ); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); + $body .= $this->getBoundary( + $this->boundary[1], + $bodyCharSet, + static::CONTENT_TYPE_TEXT_HTML, + $bodyEncoding + ); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; if (!empty($this->Ical)) { - $body .= $this->getBoundary($this->boundary[1], '', static::CONTENT_TYPE_TEXT_CALENDAR . '; method=REQUEST', ''); + $method = static::ICAL_METHOD_REQUEST; + foreach (static::$IcalMethods as $imethod) { + if (stripos($this->Ical, 'METHOD:' . $imethod) !== false) { + $method = $imethod; + break; + } + } + $body .= $this->getBoundary( + $this->boundary[1], + '', + static::CONTENT_TYPE_TEXT_CALENDAR . '; method=' . $method, + '' + ); $body .= $this->encodeString($this->Ical, $this->Encoding); $body .= static::$LE; } @@ -2538,14 +2663,25 @@ class PHPMailer break; case 'alt_inline': $body .= $mimepre; - $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); + $body .= $this->getBoundary( + $this->boundary[1], + $altBodyCharSet, + static::CONTENT_TYPE_PLAINTEXT, + $altBodyEncoding + ); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '";'); + $body .= $this->textLine(' type="' . static::CONTENT_TYPE_TEXT_HTML . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); + $body .= $this->getBoundary( + $this->boundary[2], + $bodyCharSet, + static::CONTENT_TYPE_TEXT_HTML, + $bodyEncoding + ); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[2]); @@ -2556,16 +2692,38 @@ class PHPMailer $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); + $body .= $this->getBoundary( + $this->boundary[2], + $altBodyCharSet, + static::CONTENT_TYPE_PLAINTEXT, + $altBodyEncoding + ); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); + $body .= $this->getBoundary( + $this->boundary[2], + $bodyCharSet, + static::CONTENT_TYPE_TEXT_HTML, + $bodyEncoding + ); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; if (!empty($this->Ical)) { - $body .= $this->getBoundary($this->boundary[2], '', static::CONTENT_TYPE_TEXT_CALENDAR . '; method=REQUEST', ''); + $method = static::ICAL_METHOD_REQUEST; + foreach (static::$IcalMethods as $imethod) { + if (stripos($this->Ical, 'METHOD:' . $imethod) !== false) { + $method = $imethod; + break; + } + } + $body .= $this->getBoundary( + $this->boundary[2], + '', + static::CONTENT_TYPE_TEXT_CALENDAR . '; method=' . $method, + '' + ); $body .= $this->encodeString($this->Ical, $this->Encoding); } $body .= $this->endBoundary($this->boundary[2]); @@ -2576,16 +2734,27 @@ class PHPMailer $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); + $body .= $this->textLine(' boundary="' . $this->boundary[2] . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); + $body .= $this->getBoundary( + $this->boundary[2], + $altBodyCharSet, + static::CONTENT_TYPE_PLAINTEXT, + $altBodyEncoding + ); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->textLine('--' . $this->boundary[2]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); - $body .= $this->textLine("\tboundary=\"" . $this->boundary[3] . '"'); + $body .= $this->textLine(' boundary="' . $this->boundary[3] . '";'); + $body .= $this->textLine(' type="' . static::CONTENT_TYPE_TEXT_HTML . '"'); $body .= static::$LE; - $body .= $this->getBoundary($this->boundary[3], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); + $body .= $this->getBoundary( + $this->boundary[3], + $bodyCharSet, + static::CONTENT_TYPE_TEXT_HTML, + $bodyEncoding + ); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[3]); @@ -2612,12 +2781,11 @@ class PHPMailer if (!defined('PKCS7_TEXT')) { throw new Exception($this->lang('extension_missing') . 'openssl'); } - // @TODO would be nice to use php://temp streams here - $file = tempnam(sys_get_temp_dir(), 'mail'); - if (false === file_put_contents($file, $body)) { - throw new Exception($this->lang('signing') . ' Could not write temp file'); - } - $signed = tempnam(sys_get_temp_dir(), 'signed'); + + $file = tempnam(sys_get_temp_dir(), 'srcsign'); + $signed = tempnam(sys_get_temp_dir(), 'mailsign'); + file_put_contents($file, $body); + //Workaround for PHP bug https://bugs.php.net/bug.php?id=69197 if (empty($this->sign_extracerts_file)) { $sign = @openssl_pkcs7_sign( @@ -2638,6 +2806,7 @@ class PHPMailer $this->sign_extracerts_file ); } + @unlink($file); if ($sign) { $body = file_get_contents($signed); @@ -2674,20 +2843,20 @@ class PHPMailer protected function getBoundary($boundary, $charSet, $contentType, $encoding) { $result = ''; - if ('' == $charSet) { + if ('' === $charSet) { $charSet = $this->CharSet; } - if ('' == $contentType) { + if ('' === $contentType) { $contentType = $this->ContentType; } - if ('' == $encoding) { + if ('' === $encoding) { $encoding = $this->Encoding; } $result .= $this->textLine('--' . $boundary); $result .= sprintf('Content-Type: %s; charset=%s', $contentType, $charSet); $result .= static::$LE; // RFC1341 part 5 says 7bit is assumed if not specified - if (static::ENCODING_7BIT != $encoding) { + if (static::ENCODING_7BIT !== $encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', $encoding); } $result .= static::$LE; @@ -2724,7 +2893,7 @@ class PHPMailer $type[] = 'attach'; } $this->message_type = implode('_', $type); - if ('' == $this->message_type) { + if ('' === $this->message_type) { //The 'plain' message_type refers to the message having a single body element, not that it is plain-text $this->message_type = 'plain'; } @@ -2759,6 +2928,8 @@ class PHPMailer * Add an attachment from a path on the filesystem. * Never use a user-supplied path to a file! * Returns false if the file could not be found or read. + * Explicitly *does not* support passing URLs; PHPMailer is not an HTTP client. + * If you need to do that, fetch the resource yourself and pass it in via a local file or string. * * @param string $path Path to the attachment * @param string $name Overrides the attachment name @@ -2770,23 +2941,32 @@ class PHPMailer * * @return bool */ - public function addAttachment($path, $name = '', $encoding = self::ENCODING_BASE64, $type = '', $disposition = 'attachment') - { + public function addAttachment( + $path, + $name = '', + $encoding = self::ENCODING_BASE64, + $type = '', + $disposition = 'attachment' + ) { try { - if (!@is_file($path)) { + if (!static::isPermittedPath($path) || !@is_file($path)) { throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); } // If a MIME type is not specified, try to work it out from the file name - if ('' == $type) { + if ('' === $type) { $type = static::filenameToType($path); } - $filename = basename($path); - if ('' == $name) { + $filename = (string) static::mb_pathinfo($path, PATHINFO_BASENAME); + if ('' === $name) { $name = $filename; } + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + $this->attachment[] = [ 0 => $path, 1 => $filename, @@ -2827,6 +3007,8 @@ class PHPMailer * @param string $disposition_type * @param string $boundary * + * @throws Exception + * * @return string */ protected function attachAll($disposition_type, $boundary) @@ -2839,7 +3021,7 @@ class PHPMailer // Add all attachments foreach ($this->attachment as $attachment) { // Check if it is a valid disposition_filter - if ($attachment[6] == $disposition_type) { + if ($attachment[6] === $disposition_type) { // Check for string attachment $string = ''; $path = ''; @@ -2851,7 +3033,7 @@ class PHPMailer } $inclhash = hash('sha256', serialize($attachment)); - if (in_array($inclhash, $incl)) { + if (in_array($inclhash, $incl, true)) { continue; } $incl[] = $inclhash; @@ -2860,7 +3042,7 @@ class PHPMailer $type = $attachment[4]; $disposition = $attachment[6]; $cid = $attachment[7]; - if ('inline' == $disposition and array_key_exists($cid, $cidUniq)) { + if ('inline' === $disposition && array_key_exists($cid, $cidUniq)) { continue; } $cidUniq[$cid] = true; @@ -2882,42 +3064,41 @@ class PHPMailer ); } // RFC1341 part 5 says 7bit is assumed if not specified - if (static::ENCODING_7BIT != $encoding) { + if (static::ENCODING_7BIT !== $encoding) { $mime[] = sprintf('Content-Transfer-Encoding: %s%s', $encoding, static::$LE); } - if (!empty($cid)) { - $mime[] = sprintf('Content-ID: <%s>%s', $cid, static::$LE); + //Only set Content-IDs on inline attachments + if ((string) $cid !== '' && $disposition === 'inline') { + $mime[] = 'Content-ID: <' . $this->encodeHeader($this->secureHeader($cid)) . '>' . static::$LE; } // If a filename contains any of these chars, it should be quoted, // but not otherwise: RFC2183 & RFC2045 5.1 // Fixes a warning in IETF's msglint MIME checker // Allow for bypassing the Content-Disposition header totally - if (!(empty($disposition))) { + if (!empty($disposition)) { $encoded_name = $this->encodeHeader($this->secureHeader($name)); - if (preg_match('/[ \(\)<>@,;:\\"\/\[\]\?=]/', $encoded_name)) { + if (preg_match('/[ ()<>@,;:"\/\[\]?=]/', $encoded_name)) { $mime[] = sprintf( 'Content-Disposition: %s; filename="%s"%s', $disposition, $encoded_name, static::$LE . static::$LE ); + } elseif (!empty($encoded_name)) { + $mime[] = sprintf( + 'Content-Disposition: %s; filename=%s%s', + $disposition, + $encoded_name, + static::$LE . static::$LE + ); } else { - if (!empty($encoded_name)) { - $mime[] = sprintf( - 'Content-Disposition: %s; filename=%s%s', - $disposition, - $encoded_name, - static::$LE . static::$LE - ); - } else { - $mime[] = sprintf( - 'Content-Disposition: %s%s', - $disposition, - static::$LE . static::$LE - ); - } + $mime[] = sprintf( + 'Content-Disposition: %s%s', + $disposition, + static::$LE . static::$LE + ); } } else { $mime[] = static::$LE; @@ -2948,14 +3129,12 @@ class PHPMailer * @param string $path The full path to the file * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable' * - * @throws Exception - * * @return string */ protected function encodeFile($path, $encoding = self::ENCODING_BASE64) { try { - if (!file_exists($path)) { + if (!static::isPermittedPath($path) || !file_exists($path)) { throw new Exception($this->lang('file_open') . $path, self::STOP_CONTINUE); } $file_buffer = file_get_contents($path); @@ -2979,6 +3158,8 @@ class PHPMailer * @param string $str The text to encode * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable' * + * @throws Exception + * * @return string */ public function encodeString($str, $encoding = self::ENCODING_BASE64) @@ -2996,7 +3177,7 @@ class PHPMailer case static::ENCODING_8BIT: $encoded = static::normalizeBreaks($str); // Make sure it ends with a line break - if (substr($encoded, -(strlen(static::$LE))) != static::$LE) { + if (substr($encoded, -(strlen(static::$LE))) !== static::$LE) { $encoded .= static::$LE; } break; @@ -3008,6 +3189,9 @@ class PHPMailer break; default: $this->setError($this->lang('encoding') . $encoding); + if ($this->exceptions) { + throw new Exception($this->lang('encoding') . $encoding); + } break; } @@ -3032,7 +3216,7 @@ class PHPMailer if (!preg_match('/[\200-\377]/', $str)) { // Can't use addslashes as we don't know the value of magic_quotes_sybase $encoded = addcslashes($str, "\0..\37\177\\\""); - if (($str == $encoded) and !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { + if (($str === $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { return $encoded; } @@ -3050,51 +3234,57 @@ class PHPMailer break; } - //RFCs specify a maximum line length of 78 chars, however mail() will sometimes - //corrupt messages with headers longer than 65 chars. See #818 - $lengthsub = 'mail' == $this->Mailer ? 13 : 0; - $maxlen = static::STD_LINE_LENGTH - $lengthsub; - // Try to select the encoding which should produce the shortest output - if ($matchcount > strlen($str) / 3) { - // More than a third of the content will need encoding, so B encoding will be most efficient - $encoding = 'B'; - //This calculation is: - // max line length - // - shorten to avoid mail() corruption - // - Q/B encoding char overhead ("` =??[QB]??=`") - // - charset name length - $maxlen = static::STD_LINE_LENGTH - $lengthsub - 8 - strlen($this->CharSet); - if ($this->hasMultiBytes($str)) { - // Use a custom function which correctly encodes and wraps long - // multibyte strings without breaking lines within a character - $encoded = $this->base64EncodeWrapMB($str, "\n"); - } else { - $encoded = base64_encode($str); - $maxlen -= $maxlen % 4; - $encoded = trim(chunk_split($encoded, $maxlen, "\n")); - } - $encoded = preg_replace('/^(.*)$/m', ' =?' . $this->CharSet . "?$encoding?\\1?=", $encoded); - } elseif ($matchcount > 0) { - //1 or more chars need encoding, use Q-encode - $encoding = 'Q'; - //Recalc max line length for Q encoding - see comments on B encode - $maxlen = static::STD_LINE_LENGTH - $lengthsub - 8 - strlen($this->CharSet); - $encoded = $this->encodeQ($str, $position); - $encoded = $this->wrapText($encoded, $maxlen, true); - $encoded = str_replace('=' . static::$LE, "\n", trim($encoded)); - $encoded = preg_replace('/^(.*)$/m', ' =?' . $this->CharSet . "?$encoding?\\1?=", $encoded); - } elseif (strlen($str) > $maxlen) { - //No chars need encoding, but line is too long, so fold it - $encoded = trim($this->wrapText($str, $maxlen, false)); - if ($str == $encoded) { - //Wrapping nicely didn't work, wrap hard instead - $encoded = trim(chunk_split($str, static::STD_LINE_LENGTH, static::$LE)); - } - $encoded = str_replace(static::$LE, "\n", trim($encoded)); - $encoded = preg_replace('/^(.*)$/m', ' \\1', $encoded); + if ($this->has8bitChars($str)) { + $charset = $this->CharSet; } else { - //No reformatting needed - return $str; + $charset = static::CHARSET_ASCII; + } + + // Q/B encoding adds 8 chars and the charset ("` =??[QB]??=`"). + $overhead = 8 + strlen($charset); + + if ('mail' === $this->Mailer) { + $maxlen = static::MAIL_MAX_LINE_LENGTH - $overhead; + } else { + $maxlen = static::MAX_LINE_LENGTH - $overhead; + } + + // Select the encoding that produces the shortest output and/or prevents corruption. + if ($matchcount > strlen($str) / 3) { + // More than 1/3 of the content needs encoding, use B-encode. + $encoding = 'B'; + } elseif ($matchcount > 0) { + // Less than 1/3 of the content needs encoding, use Q-encode. + $encoding = 'Q'; + } elseif (strlen($str) > $maxlen) { + // No encoding needed, but value exceeds max line length, use Q-encode to prevent corruption. + $encoding = 'Q'; + } else { + // No reformatting needed + $encoding = false; + } + + switch ($encoding) { + case 'B': + if ($this->hasMultiBytes($str)) { + // Use a custom function which correctly encodes and wraps long + // multibyte strings without breaking lines within a character + $encoded = $this->base64EncodeWrapMB($str, "\n"); + } else { + $encoded = base64_encode($str); + $maxlen -= $maxlen % 4; + $encoded = trim(chunk_split($encoded, $maxlen, "\n")); + } + $encoded = preg_replace('/^(.*)$/m', ' =?' . $charset . "?$encoding?\\1?=", $encoded); + break; + case 'Q': + $encoded = $this->encodeQ($str, $position); + $encoded = $this->wrapText($encoded, $maxlen, true); + $encoded = str_replace('=' . static::$LE, "\n", trim($encoded)); + $encoded = preg_replace('/^(.*)$/m', ' =?' . $charset . "?$encoding?\\1?=", $encoded); + break; + default: + return $str; } return trim(static::normalizeBreaks($encoded)); @@ -3158,6 +3348,7 @@ class PHPMailer // Base64 has a 4:3 ratio $avgLength = floor($length * $ratio * .75); + $offset = 0; for ($i = 0; $i < $mb_length; $i += $offset) { $lookBack = 0; do { @@ -3218,7 +3409,6 @@ class PHPMailer default: // RFC 2047 section 5.1 // Replace every high ascii, control, =, ? and _ characters - /** @noinspection SuspiciousAssignmentsInspection */ $pattern = '\000-\011\013\014\016-\037\075\077\137\177-\377' . $pattern; break; } @@ -3226,7 +3416,7 @@ class PHPMailer if (preg_match_all("/[{$pattern}]/", $encoded, $matches)) { // If the string contains an '=', make sure it's the first thing we replace // so as to avoid double-encoding - $eqkey = array_search('=', $matches[0]); + $eqkey = array_search('=', $matches[0], true); if (false !== $eqkey) { unset($matches[0][$eqkey]); array_unshift($matches[0], '='); @@ -3250,6 +3440,10 @@ class PHPMailer * @param string $encoding File encoding (see $Encoding) * @param string $type File extension (MIME) type * @param string $disposition Disposition to use + * + * @throws Exception + * + * @return bool True on successfully adding an attachment */ public function addStringAttachment( $string, @@ -3258,21 +3452,38 @@ class PHPMailer $type = '', $disposition = 'attachment' ) { - // If a MIME type is not specified, try to work it out from the file name - if ('' == $type) { - $type = static::filenameToType($filename); + try { + // If a MIME type is not specified, try to work it out from the file name + if ('' === $type) { + $type = static::filenameToType($filename); + } + + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + + // Append to $attachment array + $this->attachment[] = [ + 0 => $string, + 1 => $filename, + 2 => static::mb_pathinfo($filename, PATHINFO_BASENAME), + 3 => $encoding, + 4 => $type, + 5 => true, // isStringAttachment + 6 => $disposition, + 7 => 0, + ]; + } catch (Exception $exc) { + $this->setError($exc->getMessage()); + $this->edebug($exc->getMessage()); + if ($this->exceptions) { + throw $exc; + } + + return false; } - // Append to $attachment array - $this->attachment[] = [ - 0 => $string, - 1 => $filename, - 2 => basename($filename), - 3 => $encoding, - 4 => $type, - 5 => true, // isStringAttachment - 6 => $disposition, - 7 => 0, - ]; + + return true; } /** @@ -3292,38 +3503,58 @@ class PHPMailer * @param string $type File MIME type * @param string $disposition Disposition to use * + * @throws Exception + * * @return bool True on successfully adding an attachment */ - public function addEmbeddedImage($path, $cid, $name = '', $encoding = self::ENCODING_BASE64, $type = '', $disposition = 'inline') - { - if (!@is_file($path)) { - $this->setError($this->lang('file_access') . $path); + public function addEmbeddedImage( + $path, + $cid, + $name = '', + $encoding = self::ENCODING_BASE64, + $type = '', + $disposition = 'inline' + ) { + try { + if (!static::isPermittedPath($path) || !@is_file($path)) { + throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); + } + + // If a MIME type is not specified, try to work it out from the file name + if ('' === $type) { + $type = static::filenameToType($path); + } + + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + + $filename = (string) static::mb_pathinfo($path, PATHINFO_BASENAME); + if ('' === $name) { + $name = $filename; + } + + // Append to $attachment array + $this->attachment[] = [ + 0 => $path, + 1 => $filename, + 2 => $name, + 3 => $encoding, + 4 => $type, + 5 => false, // isStringAttachment + 6 => $disposition, + 7 => $cid, + ]; + } catch (Exception $exc) { + $this->setError($exc->getMessage()); + $this->edebug($exc->getMessage()); + if ($this->exceptions) { + throw $exc; + } return false; } - // If a MIME type is not specified, try to work it out from the file name - if ('' == $type) { - $type = static::filenameToType($path); - } - - $filename = basename($path); - if ('' == $name) { - $name = $filename; - } - - // Append to $attachment array - $this->attachment[] = [ - 0 => $path, - 1 => $filename, - 2 => $name, - 3 => $encoding, - 4 => $type, - 5 => false, // isStringAttachment - 6 => $disposition, - 7 => $cid, - ]; - return true; } @@ -3342,6 +3573,8 @@ class PHPMailer * @param string $type MIME type - will be used in preference to any automatically derived type * @param string $disposition Disposition to use * + * @throws Exception + * * @return bool True on successfully adding an attachment */ public function addStringEmbeddedImage( @@ -3352,26 +3585,62 @@ class PHPMailer $type = '', $disposition = 'inline' ) { - // If a MIME type is not specified, try to work it out from the name - if ('' == $type and !empty($name)) { - $type = static::filenameToType($name); + try { + // If a MIME type is not specified, try to work it out from the name + if ('' === $type && !empty($name)) { + $type = static::filenameToType($name); + } + + if (!$this->validateEncoding($encoding)) { + throw new Exception($this->lang('encoding') . $encoding); + } + + // Append to $attachment array + $this->attachment[] = [ + 0 => $string, + 1 => $name, + 2 => $name, + 3 => $encoding, + 4 => $type, + 5 => true, // isStringAttachment + 6 => $disposition, + 7 => $cid, + ]; + } catch (Exception $exc) { + $this->setError($exc->getMessage()); + $this->edebug($exc->getMessage()); + if ($this->exceptions) { + throw $exc; + } + + return false; } - // Append to $attachment array - $this->attachment[] = [ - 0 => $string, - 1 => $name, - 2 => $name, - 3 => $encoding, - 4 => $type, - 5 => true, // isStringAttachment - 6 => $disposition, - 7 => $cid, - ]; - return true; } + /** + * Validate encodings. + * + * @param string $encoding + * + * @return bool + */ + protected function validateEncoding($encoding) + { + return in_array( + $encoding, + [ + self::ENCODING_7BIT, + self::ENCODING_QUOTED_PRINTABLE, + self::ENCODING_BASE64, + self::ENCODING_8BIT, + self::ENCODING_BINARY, + ], + true + ); + } + /** * Check if an embedded attachment is present with this cid. * @@ -3382,7 +3651,7 @@ class PHPMailer protected function cidExists($cid) { foreach ($this->attachment as $attachment) { - if ('inline' == $attachment[6] and $cid == $attachment[7]) { + if ('inline' === $attachment[6] && $cid === $attachment[7]) { return true; } } @@ -3398,7 +3667,7 @@ class PHPMailer public function inlineImageExists() { foreach ($this->attachment as $attachment) { - if ('inline' == $attachment[6]) { + if ('inline' === $attachment[6]) { return true; } } @@ -3414,7 +3683,7 @@ class PHPMailer public function attachmentExists() { foreach ($this->attachment as $attachment) { - if ('attachment' == $attachment[6]) { + if ('attachment' === $attachment[6]) { return true; } } @@ -3441,8 +3710,8 @@ class PHPMailer { $this->RecipientsQueue = array_filter( $this->RecipientsQueue, - function ($params) use ($kind) { - return $params[0] != $kind; + static function ($params) use ($kind) { + return $params[0] !== $kind; } ); } @@ -3528,7 +3797,7 @@ class PHPMailer protected function setError($msg) { ++$this->error_count; - if ('smtp' == $this->Mailer and null !== $this->smtp) { + if ('smtp' === $this->Mailer && null !== $this->smtp) { $lasterror = $this->smtp->getError(); if (!empty($lasterror['error'])) { $msg .= $this->lang('smtp_error') . $lasterror['error']; @@ -3571,9 +3840,9 @@ class PHPMailer $result = ''; if (!empty($this->Hostname)) { $result = $this->Hostname; - } elseif (isset($_SERVER) and array_key_exists('SERVER_NAME', $_SERVER)) { + } elseif (isset($_SERVER) && array_key_exists('SERVER_NAME', $_SERVER)) { $result = $_SERVER['SERVER_NAME']; - } elseif (function_exists('gethostname') and gethostname() !== false) { + } elseif (function_exists('gethostname') && gethostname() !== false) { $result = gethostname(); } elseif (php_uname('n') !== false) { $result = php_uname('n'); @@ -3597,22 +3866,23 @@ class PHPMailer { //Simple syntax limits if (empty($host) - or !is_string($host) - or strlen($host) > 256 + || !is_string($host) + || strlen($host) > 256 + || !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+])$/', $host) ) { return false; } //Looks like a bracketed IPv6 address - if (trim($host, '[]') != $host) { - return (bool) filter_var(trim($host, '[]'), FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + if (strlen($host) > 2 && substr($host, 0, 1) === '[' && substr($host, -1, 1) === ']') { + return filter_var(substr($host, 1, -1), FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false; } //If removing all the dots results in a numeric string, it must be an IPv4 address. //Need to check this first because otherwise things like `999.0.0.0` are considered valid host names if (is_numeric(str_replace('.', '', $host))) { //Is it a valid IPv4 address? - return (bool) filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + return filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false; } - if (filter_var('http://' . $host, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) { + if (filter_var('http://' . $host, FILTER_VALIDATE_URL) !== false) { //Is it a syntactically valid hostname? return true; } @@ -3630,11 +3900,11 @@ class PHPMailer protected function lang($key) { if (count($this->language) < 1) { - $this->setLanguage('en'); // set the default language + $this->setLanguage(); // set the default language } if (array_key_exists($key, $this->language)) { - if ('smtp_connect_failed' == $key) { + if ('smtp_connect_failed' === $key) { //Include a link to troubleshooting docs on SMTP connection failure //this is by far the biggest cause of support questions //but it's usually not PHPMailer's fault. @@ -3700,15 +3970,17 @@ class PHPMailer * @param string $message HTML message string * @param string $basedir Absolute path to a base directory to prepend to relative paths to images * @param bool|callable $advanced Whether to use the internal HTML to text converter - * or your own custom converter @see PHPMailer::html2text() + * or your own custom converter @return string $message The transformed message Body * - * @return string $message The transformed message Body + * @throws Exception + * + * @see PHPMailer::html2text() */ public function msgHTML($message, $basedir = '', $advanced = false) { - preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images); + preg_match_all('/(? 1 && '/' != substr($basedir, -1)) { + if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) { // Ensure $basedir has a trailing / $basedir .= '/'; } @@ -3716,20 +3988,26 @@ class PHPMailer // Convert data URIs into embedded images //e.g. "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" if (preg_match('#^data:(image/(?:jpe?g|gif|png));?(base64)?,(.+)#', $url, $match)) { - if (count($match) == 4 and static::ENCODING_BASE64 == $match[2]) { + if (count($match) === 4 && static::ENCODING_BASE64 === $match[2]) { $data = base64_decode($match[3]); - } elseif ('' == $match[2]) { + } elseif ('' === $match[2]) { $data = rawurldecode($match[3]); } else { //Not recognised so leave it alone continue; } - //Hash the decoded data, not the URL so that the same data-URI image used in multiple places + //Hash the decoded data, not the URL, so that the same data-URI image used in multiple places //will only be embedded once, even if it used a different encoding - $cid = hash('sha256', $data) . '@phpmailer.0'; // RFC2392 S 2 + $cid = substr(hash('sha256', $data), 0, 32) . '@phpmailer.0'; // RFC2392 S 2 if (!$this->cidExists($cid)) { - $this->addStringEmbeddedImage($data, $cid, 'embed' . $imgindex, static::ENCODING_BASE64, $match[1]); + $this->addStringEmbeddedImage( + $data, + $cid, + 'embed' . $imgindex, + static::ENCODING_BASE64, + $match[1] + ); } $message = str_replace( $images[0][$imgindex], @@ -3741,22 +4019,23 @@ class PHPMailer if (// Only process relative URLs if a basedir is provided (i.e. no absolute local paths) !empty($basedir) // Ignore URLs containing parent dir traversal (..) - and (strpos($url, '..') === false) + && (strpos($url, '..') === false) // Do not change urls that are already inline images - and 0 !== strpos($url, 'cid:') + && 0 !== strpos($url, 'cid:') // Do not change absolute URLs, including anonymous protocol - and !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) + && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) ) { - $filename = basename($url); + $filename = static::mb_pathinfo($url, PATHINFO_BASENAME); $directory = dirname($url); - if ('.' == $directory) { + if ('.' === $directory) { $directory = ''; } - $cid = hash('sha256', $url) . '@phpmailer.0'; // RFC2392 S 2 - if (strlen($basedir) > 1 and '/' != substr($basedir, -1)) { + // RFC2392 S 2 + $cid = substr(hash('sha256', $url), 0, 32) . '@phpmailer.0'; + if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) { $basedir .= '/'; } - if (strlen($directory) > 1 and '/' != substr($directory, -1)) { + if (strlen($directory) > 1 && '/' !== substr($directory, -1)) { $directory .= '/'; } if ($this->addEmbeddedImage( @@ -3776,7 +4055,7 @@ class PHPMailer } } } - $this->isHTML(true); + $this->isHTML(); // Convert all message body line breaks to LE, makes quoted-printable encoding work much better $this->Body = static::normalizeBreaks($message); $this->AltBody = static::normalizeBreaks($this->html2text($message, $advanced)); @@ -3814,7 +4093,7 @@ class PHPMailer public function html2text($html, $advanced = false) { if (is_callable($advanced)) { - return call_user_func($advanced, $html); + return $advanced($html); } return html_entity_decode( @@ -3978,7 +4257,7 @@ class PHPMailer * Multi-byte-safe pathinfo replacement. * Drop-in replacement for pathinfo(), but multibyte- and cross-platform-safe. * - * @see http://www.php.net/manual/en/function.pathinfo.php#107461 + * @see http://www.php.net/manual/en/function.pathinfo.php#107461 * * @param string $path A filename or path, does not need to exist as a file * @param int|string $options Either a PATHINFO_* constant, @@ -3990,7 +4269,7 @@ class PHPMailer { $ret = ['dirname' => '', 'basename' => '', 'extension' => '', 'filename' => '']; $pathinfo = []; - if (preg_match('#^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^\.\\\\/]+?)|))[\\\\/\.]*$#im', $path, $pathinfo)) { + if (preg_match('#^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^.\\\\/]+?)|))[\\\\/.]*$#m', $path, $pathinfo)) { if (array_key_exists(1, $pathinfo)) { $ret['dirname'] = $pathinfo[1]; } @@ -4027,9 +4306,9 @@ class PHPMailer * You should avoid this function - it's more verbose, less efficient, more error-prone and * harder to debug than setting properties directly. * Usage Example: - * `$mail->set('SMTPSecure', 'tls');` + * `$mail->set('SMTPSecure', static::ENCRYPTION_STARTTLS);` * is the same as: - * `$mail->SMTPSecure = 'tls';`. + * `$mail->SMTPSecure = static::ENCRYPTION_STARTTLS;`. * * @param string $name The property name to set * @param mixed $value The value to set the property to @@ -4134,7 +4413,7 @@ class PHPMailer $len = strlen($txt); for ($i = 0; $i < $len; ++$i) { $ord = ord($txt[$i]); - if (((0x21 <= $ord) and ($ord <= 0x3A)) or $ord == 0x3C or ((0x3E <= $ord) and ($ord <= 0x7E))) { + if (((0x21 <= $ord) && ($ord <= 0x3A)) || $ord === 0x3C || ((0x3E <= $ord) && ($ord <= 0x7E))) { $line .= $txt[$i]; } else { $line .= '=' . sprintf('%02X', $ord); @@ -4165,7 +4444,7 @@ class PHPMailer $privKeyStr = !empty($this->DKIM_private_string) ? $this->DKIM_private_string : file_get_contents($this->DKIM_private); - if ('' != $this->DKIM_passphrase) { + if ('' !== $this->DKIM_passphrase) { $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase); } else { $privKey = openssl_pkey_get_private($privKeyStr); @@ -4185,7 +4464,7 @@ class PHPMailer * Uses the 'relaxed' algorithm from RFC6376 section 3.4.2. * Canonicalized headers should *always* use CRLF, regardless of mailer setting. * - * @see https://tools.ietf.org/html/rfc6376#section-3.4.2 + * @see https://tools.ietf.org/html/rfc6376#section-3.4.2 * * @param string $signHeader Header * @@ -4193,12 +4472,12 @@ class PHPMailer */ public function DKIM_HeaderC($signHeader) { - //Unfold all header continuation lines - //Also collapses folded whitespace. //Note PCRE \s is too broad a definition of whitespace; RFC5322 defines it as `[ \t]` //@see https://tools.ietf.org/html/rfc5322#section-2.2 //That means this may break if you do something daft like put vertical tabs in your headers. + //Unfold header lines $signHeader = preg_replace('/\r\n[ \t]+/', ' ', $signHeader); + //Break headers out into an array $lines = explode("\r\n", $signHeader); foreach ($lines as $key => $line) { //If the header is missing a :, skip it as it's invalid @@ -4210,12 +4489,12 @@ class PHPMailer list($heading, $value) = explode(':', $line, 2); //Lower-case header name $heading = strtolower($heading); - //Collapse white space within the value - $value = preg_replace('/[ \t]{2,}/', ' ', $value); + //Collapse white space within the value, also convert WSP to space + $value = preg_replace('/[ \t]+/', ' ', $value); //RFC6376 is slightly unclear here - it says to delete space at the *end* of each value //But then says to delete space before and after the colon. //Net result is the same as trimming both ends of the value. - //by elimination, the same applies to the field name + //By elimination, the same applies to the field name $lines[$key] = trim($heading, " \t") . ':' . trim($value, " \t"); } @@ -4227,7 +4506,7 @@ class PHPMailer * Uses the 'simple' algorithm from RFC6376 section 3.4.3. * Canonicalized bodies should *always* use CRLF, regardless of mailer setting. * - * @see https://tools.ietf.org/html/rfc6376#section-3.4.3 + * @see https://tools.ietf.org/html/rfc6376#section-3.4.3 * * @param string $body Message Body * @@ -4252,79 +4531,144 @@ class PHPMailer * @param string $subject Subject * @param string $body Body * + * @throws Exception + * * @return string */ public function DKIM_Add($headers_line, $subject, $body) { $DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms - $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization of header/body + $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization methods of header & body $DKIMquery = 'dns/txt'; // Query method - $DKIMtime = time(); // Signature Timestamp = seconds since 00:00:00 - Jan 1, 1970 (UTC time zone) - $subject_header = "Subject: $subject"; - $headers = explode(static::$LE, $headers_line); - $from_header = ''; - $to_header = ''; - $date_header = ''; - $current = ''; - foreach ($headers as $header) { - if (strpos($header, 'From:') === 0) { - $from_header = $header; - $current = 'from_header'; - } elseif (strpos($header, 'To:') === 0) { - $to_header = $header; - $current = 'to_header'; - } elseif (strpos($header, 'Date:') === 0) { - $date_header = $header; - $current = 'date_header'; - } else { - if (!empty($$current) and strpos($header, ' =?') === 0) { - $$current .= $header; - } else { - $current = ''; + $DKIMtime = time(); + //Always sign these headers without being asked + $autoSignHeaders = [ + 'From', + 'To', + 'CC', + 'Date', + 'Subject', + 'Reply-To', + 'Message-ID', + 'Content-Type', + 'Mime-Version', + 'X-Mailer', + ]; + if (stripos($headers_line, 'Subject') === false) { + $headers_line .= 'Subject: ' . $subject . static::$LE; + } + $headerLines = explode(static::$LE, $headers_line); + $currentHeaderLabel = ''; + $currentHeaderValue = ''; + $parsedHeaders = []; + $headerLineIndex = 0; + $headerLineCount = count($headerLines); + foreach ($headerLines as $headerLine) { + $matches = []; + if (preg_match('/^([^ \t]*?)(?::[ \t]*)(.*)$/', $headerLine, $matches)) { + if ($currentHeaderLabel !== '') { + //We were previously in another header; This is the start of a new header, so save the previous one + $parsedHeaders[] = ['label' => $currentHeaderLabel, 'value' => $currentHeaderValue]; + } + $currentHeaderLabel = $matches[1]; + $currentHeaderValue = $matches[2]; + } elseif (preg_match('/^[ \t]+(.*)$/', $headerLine, $matches)) { + //This is a folded continuation of the current header, so unfold it + $currentHeaderValue .= ' ' . $matches[1]; + } + ++$headerLineIndex; + if ($headerLineIndex >= $headerLineCount) { + //This was the last line, so finish off this header + $parsedHeaders[] = ['label' => $currentHeaderLabel, 'value' => $currentHeaderValue]; + } + } + $copiedHeaders = []; + $headersToSignKeys = []; + $headersToSign = []; + foreach ($parsedHeaders as $header) { + //Is this header one that must be included in the DKIM signature? + if (in_array($header['label'], $autoSignHeaders, true)) { + $headersToSignKeys[] = $header['label']; + $headersToSign[] = $header['label'] . ': ' . $header['value']; + if ($this->DKIM_copyHeaderFields) { + $copiedHeaders[] = $header['label'] . ':' . //Note no space after this, as per RFC + str_replace('|', '=7C', $this->DKIM_QP($header['value'])); + } + continue; + } + //Is this an extra custom header we've been asked to sign? + if (in_array($header['label'], $this->DKIM_extraHeaders, true)) { + //Find its value in custom headers + foreach ($this->CustomHeader as $customHeader) { + if ($customHeader[0] === $header['label']) { + $headersToSignKeys[] = $header['label']; + $headersToSign[] = $header['label'] . ': ' . $header['value']; + if ($this->DKIM_copyHeaderFields) { + $copiedHeaders[] = $header['label'] . ':' . //Note no space after this, as per RFC + str_replace('|', '=7C', $this->DKIM_QP($header['value'])); + } + //Skip straight to the next header + continue 2; + } } } } - $from = str_replace('|', '=7C', $this->DKIM_QP($from_header)); - $to = str_replace('|', '=7C', $this->DKIM_QP($to_header)); - $date = str_replace('|', '=7C', $this->DKIM_QP($date_header)); - $subject = str_replace( - '|', - '=7C', - $this->DKIM_QP($subject_header) - ); // Copied header fields (dkim-quoted-printable) + $copiedHeaderFields = ''; + if ($this->DKIM_copyHeaderFields && count($copiedHeaders) > 0) { + //Assemble a DKIM 'z' tag + $copiedHeaderFields = ' z='; + $first = true; + foreach ($copiedHeaders as $copiedHeader) { + if (!$first) { + $copiedHeaderFields .= static::$LE . ' |'; + } + //Fold long values + if (strlen($copiedHeader) > self::STD_LINE_LENGTH - 3) { + $copiedHeaderFields .= substr( + chunk_split($copiedHeader, self::STD_LINE_LENGTH - 3, static::$LE . ' '), + 0, + -strlen(static::$LE . ' ') + ); + } else { + $copiedHeaderFields .= $copiedHeader; + } + $first = false; + } + $copiedHeaderFields .= ';' . static::$LE; + } + $headerKeys = ' h=' . implode(':', $headersToSignKeys) . ';' . static::$LE; + $headerValues = implode(static::$LE, $headersToSign); $body = $this->DKIM_BodyC($body); $DKIMlen = strlen($body); // Length of body $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body - if ('' == $this->DKIM_identity) { - $ident = ''; - } else { - $ident = ' i=' . $this->DKIM_identity . ';'; + $ident = ''; + if ('' !== $this->DKIM_identity) { + $ident = ' i=' . $this->DKIM_identity . ';' . static::$LE; } - $dkimhdrs = 'DKIM-Signature: v=1; a=' . - $DKIMsignatureType . '; q=' . - $DKIMquery . '; l=' . - $DKIMlen . '; s=' . - $this->DKIM_selector . - ";\r\n" . - "\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" . - "\th=From:To:Date:Subject;\r\n" . - "\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" . - "\tz=$from\r\n" . - "\t|$to\r\n" . - "\t|$date\r\n" . - "\t|$subject;\r\n" . - "\tbh=" . $DKIMb64 . ";\r\n" . - "\tb="; - $toSign = $this->DKIM_HeaderC( - $from_header . "\r\n" . - $to_header . "\r\n" . - $date_header . "\r\n" . - $subject_header . "\r\n" . - $dkimhdrs + //The DKIM-Signature header is included in the signature *except for* the value of the `b` tag + //which is appended after calculating the signature + //https://tools.ietf.org/html/rfc6376#section-3.5 + $dkimSignatureHeader = 'DKIM-Signature: v=1;' . + ' d=' . $this->DKIM_domain . ';' . + ' s=' . $this->DKIM_selector . ';' . static::$LE . + ' a=' . $DKIMsignatureType . ';' . + ' q=' . $DKIMquery . ';' . + ' l=' . $DKIMlen . ';' . + ' t=' . $DKIMtime . ';' . + ' c=' . $DKIMcanonicalization . ';' . static::$LE . + $headerKeys . + $ident . + $copiedHeaderFields . + ' bh=' . $DKIMb64 . ';' . static::$LE . + ' b='; + //Canonicalize the set of headers + $canonicalizedHeaders = $this->DKIM_HeaderC( + $headerValues . static::$LE . $dkimSignatureHeader ); - $signed = $this->DKIM_Sign($toSign); + $signature = $this->DKIM_Sign($canonicalizedHeaders); + $signature = trim(chunk_split($signature, self::STD_LINE_LENGTH - 3, static::$LE . ' ')); - return static::normalizeBreaks($dkimhdrs . $signed) . static::$LE; + return static::normalizeBreaks($dkimSignatureHeader . $signature) . static::$LE; } /** @@ -4409,7 +4753,7 @@ class PHPMailer */ protected function doCallback($isSent, $to, $cc, $bcc, $subject, $body, $from, $extra) { - if (!empty($this->action_function) and is_callable($this->action_function)) { + if (!empty($this->action_function) && is_callable($this->action_function)) { call_user_func($this->action_function, $isSent, $to, $cc, $bcc, $subject, $body, $from, $extra); } } @@ -4426,8 +4770,6 @@ class PHPMailer /** * Set an OAuth instance. - * - * @param OAuth $oauth */ public function setOAuth(OAuth $oauth) { diff --git a/phpmailer/phpmailer/src/POP3.php b/phpmailer/vendor/phpmailer/phpmailer/src/POP3.php similarity index 95% rename from phpmailer/phpmailer/src/POP3.php rename to phpmailer/vendor/phpmailer/phpmailer/src/POP3.php index 9b51c8ac5..50d5f0c2b 100644 --- a/phpmailer/phpmailer/src/POP3.php +++ b/phpmailer/vendor/phpmailer/phpmailer/src/POP3.php @@ -3,13 +3,13 @@ * PHPMailer POP-Before-SMTP Authentication Class. * PHP Version 5.5. * - * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project + * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project * * @author Marcus Bointon (Synchro/coolbru) * @author Jim Jagielski (jimjag) * @author Andy Prevost (codeworxtech) * @author Brent R. Matzelle (original founder) - * @copyright 2012 - 2017 Marcus Bointon + * @copyright 2012 - 2019 Marcus Bointon * @copyright 2010 - 2012 Jim Jagielski * @copyright 2004 - 2009 Andy Prevost * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License @@ -29,14 +29,14 @@ namespace PHPMailer\PHPMailer; * and then loop through your mail sending script. Providing this process doesn't * take longer than the verification period lasts on your POP3 server, you should be fine. * 3) This is really ancient technology; you should only need to use it to talk to very old systems. - * 4) This POP3 class is deliberately lightweight and incomplete, and implements just + * 4) This POP3 class is deliberately lightweight and incomplete, implementing just * enough to do authentication. * If you want a more complete class there are other POP3 classes for PHP available. * - * @author Richard Davey (original author) - * @author Marcus Bointon (Synchro/coolbru) - * @author Jim Jagielski (jimjag) - * @author Andy Prevost (codeworxtech) + * @author Richard Davey (original author) + * @author Marcus Bointon (Synchro/coolbru) + * @author Jim Jagielski (jimjag) + * @author Andy Prevost (codeworxtech) */ class POP3 { @@ -45,7 +45,7 @@ class POP3 * * @var string */ - const VERSION = '6.0.5'; + const VERSION = '6.1.4'; /** * Default POP3 port number. @@ -364,7 +364,7 @@ class POP3 */ protected function checkResponse($string) { - if (substr($string, 0, 3) !== '+OK') { + if (strpos($string, '+OK') !== 0) { $this->setError("Server reported an error: $string"); return false; diff --git a/phpmailer/phpmailer/src/SMTP.php b/phpmailer/vendor/phpmailer/phpmailer/src/SMTP.php similarity index 91% rename from phpmailer/phpmailer/src/SMTP.php rename to phpmailer/vendor/phpmailer/phpmailer/src/SMTP.php index 13d2ebe7e..c693f4d46 100644 --- a/phpmailer/phpmailer/src/SMTP.php +++ b/phpmailer/vendor/phpmailer/phpmailer/src/SMTP.php @@ -9,7 +9,7 @@ * @author Jim Jagielski (jimjag) * @author Andy Prevost (codeworxtech) * @author Brent R. Matzelle (original founder) - * @copyright 2012 - 2017 Marcus Bointon + * @copyright 2012 - 2019 Marcus Bointon * @copyright 2010 - 2012 Jim Jagielski * @copyright 2004 - 2009 Andy Prevost * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License @@ -24,8 +24,8 @@ namespace PHPMailer\PHPMailer; * PHPMailer RFC821 SMTP email transport class. * Implements RFC 821 SMTP commands and provides some utility methods for sending mail to an SMTP server. * - * @author Chris Ryan - * @author Marcus Bointon + * @author Chris Ryan + * @author Marcus Bointon */ class SMTP { @@ -34,7 +34,7 @@ class SMTP * * @var string */ - const VERSION = '6.0.5'; + const VERSION = '6.1.4'; /** * SMTP line break constant. @@ -51,34 +51,57 @@ class SMTP const DEFAULT_PORT = 25; /** - * The maximum line length allowed by RFC 2822 section 2.1.1. + * The maximum line length allowed by RFC 5321 section 4.5.3.1.6, + * *excluding* a trailing CRLF break. + * + * @see https://tools.ietf.org/html/rfc5321#section-4.5.3.1.6 * * @var int */ const MAX_LINE_LENGTH = 998; + /** + * The maximum line length allowed for replies in RFC 5321 section 4.5.3.1.5, + * *including* a trailing CRLF line break. + * + * @see https://tools.ietf.org/html/rfc5321#section-4.5.3.1.5 + * + * @var int + */ + const MAX_REPLY_LENGTH = 512; + /** * Debug level for no output. + * + * @var int */ const DEBUG_OFF = 0; /** * Debug level to show client -> server messages. + * + * @var int */ const DEBUG_CLIENT = 1; /** * Debug level to show client -> server and server -> client messages. + * + * @var int */ const DEBUG_SERVER = 2; /** * Debug level to show connection status, client -> server and server -> client messages. + * + * @var int */ const DEBUG_CONNECTION = 3; /** * Debug level to show all messages. + * + * @var int */ const DEBUG_LOWLEVEL = 4; @@ -197,7 +220,7 @@ class SMTP * * @var string|null */ - protected $helo_rply = null; + protected $helo_rply; /** * The set of SMTP extensions sent in reply to EHLO command. @@ -209,7 +232,7 @@ class SMTP * * @var array|null */ - protected $server_caps = null; + protected $server_caps; /** * The most recent reply received from the server. @@ -239,7 +262,7 @@ class SMTP return; } //Avoid clash with built-in function names - if (!in_array($this->Debugoutput, ['error_log', 'html', 'echo']) and is_callable($this->Debugoutput)) { + if (is_callable($this->Debugoutput) && !in_array($this->Debugoutput, ['error_log', 'html', 'echo'])) { call_user_func($this->Debugoutput, $str, $level); return; @@ -260,12 +283,12 @@ class SMTP case 'echo': default: //Normalize line breaks - $str = preg_replace('/\r\n|\r/ms', "\n", $str); + $str = preg_replace('/\r\n|\r/m', "\n", $str); echo gmdate('Y-m-d H:i:s'), "\t", //Trim trailing space trim( - //Indent for readability, except for trailing break + //Indent for readability, except for trailing break str_replace( "\n", "\n \t ", @@ -348,7 +371,7 @@ class SMTP 'Failed to connect to server', '', (string) $errno, - (string) $errstr + $errstr ); $this->edebug( 'SMTP ERROR: ' . $this->error['error'] @@ -361,10 +384,10 @@ class SMTP $this->edebug('Connection: opened', self::DEBUG_CONNECTION); // SMTP server can take longer to respond, give longer timeout for first read // Windows does not have support for this timeout function - if (substr(PHP_OS, 0, 3) != 'WIN') { - $max = ini_get('max_execution_time'); + if (strpos(PHP_OS, 'WIN') !== 0) { + $max = (int) ini_get('max_execution_time'); // Don't bother if unlimited - if (0 != $max and $timeout > $max) { + if (0 !== $max && $timeout > $max) { @set_time_limit($timeout); } stream_set_timeout($this->smtp_conn, $timeout, 0); @@ -444,14 +467,14 @@ class SMTP return false; } - $this->edebug('Auth method requested: ' . ($authtype ? $authtype : 'UNSPECIFIED'), self::DEBUG_LOWLEVEL); + $this->edebug('Auth method requested: ' . ($authtype ?: 'UNSPECIFIED'), self::DEBUG_LOWLEVEL); $this->edebug( 'Auth methods available on the server: ' . implode(',', $this->server_caps['AUTH']), self::DEBUG_LOWLEVEL ); //If we have requested a specific auth type, check the server supports it before trying others - if (null !== $authtype and !in_array($authtype, $this->server_caps['AUTH'])) { + if (null !== $authtype && !in_array($authtype, $this->server_caps['AUTH'], true)) { $this->edebug('Requested auth method not available: ' . $authtype, self::DEBUG_LOWLEVEL); $authtype = null; } @@ -460,7 +483,7 @@ class SMTP //If no auth mechanism is specified, attempt to use these, in this order //Try CRAM-MD5 first as it's more secure than the others foreach (['CRAM-MD5', 'LOGIN', 'PLAIN', 'XOAUTH2'] as $method) { - if (in_array($method, $this->server_caps['AUTH'])) { + if (in_array($method, $this->server_caps['AUTH'], true)) { $authtype = $method; break; } @@ -470,10 +493,10 @@ class SMTP return false; } - self::edebug('Auth method selected: ' . $authtype, self::DEBUG_LOWLEVEL); + $this->edebug('Auth method selected: ' . $authtype, self::DEBUG_LOWLEVEL); } - if (!in_array($authtype, $this->server_caps['AUTH'])) { + if (!in_array($authtype, $this->server_caps['AUTH'], true)) { $this->setError("The requested authentication method \"$authtype\" is not supported by the server"); return false; @@ -663,13 +686,13 @@ class SMTP $field = substr($lines[0], 0, strpos($lines[0], ':')); $in_headers = false; - if (!empty($field) and strpos($field, ' ') === false) { + if (!empty($field) && strpos($field, ' ') === false) { $in_headers = true; } foreach ($lines as $line) { $lines_out = []; - if ($in_headers and $line == '') { + if ($in_headers && $line === '') { $in_headers = false; } //Break this line up into several smaller lines if it's too long @@ -700,7 +723,7 @@ class SMTP //Send the lines to the server foreach ($lines_out as $line_out) { //RFC2821 section 4.5.2 - if (!empty($line_out) and $line_out[0] == '.') { + if (!empty($line_out) && $line_out[0] === '.') { $line_out = '.' . $line_out; } $this->client_send($line_out . static::LE, 'DATA'); @@ -710,7 +733,7 @@ class SMTP //Message data has been sent, complete the command //Increase timelimit for end of DATA command $savetimelimit = $this->Timelimit; - $this->Timelimit = $this->Timelimit * 2; + $this->Timelimit *= 2; $result = $this->sendCommand('DATA END', '.', 250); $this->recordLastTransactionID(); //Restore timelimit @@ -733,7 +756,7 @@ class SMTP public function hello($host = '') { //Try extended hello first (RFC 2821) - return (bool) ($this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host)); + return $this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host); } /** @@ -745,7 +768,7 @@ class SMTP * * @return bool * - * @see hello() + * @see hello() */ protected function sendHello($hello, $host) { @@ -838,7 +861,7 @@ class SMTP { $noerror = $this->sendCommand('QUIT', 'QUIT', 221); $err = $this->error; //Save any error - if ($noerror or $close_on_error) { + if ($noerror || $close_on_error) { $this->close(); $this->error = $err; //Restore any error from the quit command } @@ -853,14 +876,35 @@ class SMTP * Implements from RFC 821: RCPT TO: . * * @param string $address The address the message is being sent to + * @param string $dsn Comma separated list of DSN notifications. NEVER, SUCCESS, FAILURE + * or DELAY. If you specify NEVER all other notifications are ignored. * * @return bool */ - public function recipient($address) + public function recipient($address, $dsn = '') { + if (empty($dsn)) { + $rcpt = 'RCPT TO:<' . $address . '>'; + } else { + $dsn = strtoupper($dsn); + $notify = []; + + if (strpos($dsn, 'NEVER') !== false) { + $notify[] = 'NEVER'; + } else { + foreach (['SUCCESS', 'FAILURE', 'DELAY'] as $value) { + if (strpos($dsn, $value) !== false) { + $notify[] = $value; + } + } + } + + $rcpt = 'RCPT TO:<' . $address . '> NOTIFY=' . implode(',', $notify); + } + return $this->sendCommand( 'RCPT TO', - 'RCPT TO:<' . $address . '>', + $rcpt, [250, 251] ); } @@ -894,7 +938,7 @@ class SMTP return false; } //Reject line breaks in all commands - if (strpos($commandstring, "\n") !== false or strpos($commandstring, "\r") !== false) { + if ((strpos($commandstring, "\n") !== false) || (strpos($commandstring, "\r") !== false)) { $this->setError("Command '$command' contained line breaks"); return false; @@ -904,8 +948,8 @@ class SMTP $this->last_reply = $this->get_lines(); // Fetch SMTP code and possible error code explanation $matches = []; - if (preg_match('/^([0-9]{3})[ -](?:([0-9]\\.[0-9]\\.[0-9]) )?/', $this->last_reply, $matches)) { - $code = $matches[1]; + if (preg_match('/^([\d]{3})[ -](?:([\d]\\.[\d]\\.[\d]{1,2}) )?/', $this->last_reply, $matches)) { + $code = (int) $matches[1]; $code_ex = (count($matches) > 2 ? $matches[2] : null); // Cut off error code from each response line $detail = preg_replace( @@ -916,14 +960,14 @@ class SMTP ); } else { // Fall back to simple parsing if regex fails - $code = substr($this->last_reply, 0, 3); + $code = (int) substr($this->last_reply, 0, 3); $code_ex = null; $detail = substr($this->last_reply, 4); } $this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER); - if (!in_array($code, (array) $expect)) { + if (!in_array($code, (array) $expect, true)) { $this->setError( "$command command failed", $detail, @@ -1014,9 +1058,9 @@ class SMTP { //If SMTP transcripts are left enabled, or debug output is posted online //it can leak credentials, so hide credentials in all but lowest level - if (self::DEBUG_LOWLEVEL > $this->do_debug and + if (self::DEBUG_LOWLEVEL > $this->do_debug && in_array($command, ['User & Password', 'Username', 'Password'], true)) { - $this->edebug('CLIENT -> SERVER: