Ejegg has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/337960 )
Change subject: Update PHPMailer
......................................................................
Update PHPMailer
Change-Id: I57f02bc76164dcd78d4b937bcddfd828ef2b4634
---
M composer/installed.json
M phpmailer/phpmailer/VERSION
M phpmailer/phpmailer/class.phpmailer.php
M phpmailer/phpmailer/class.phpmaileroauthgoogle.php
M phpmailer/phpmailer/class.pop3.php
M phpmailer/phpmailer/class.smtp.php
A phpmailer/phpmailer/examples/contactform.phps
M phpmailer/phpmailer/examples/contentsutf8.html
M phpmailer/phpmailer/examples/scripts/XRegExp.js
M phpmailer/phpmailer/examples/send_file_upload.phps
M phpmailer/phpmailer/examples/send_multiple_file_upload.phps
M phpmailer/phpmailer/extras/htmlfilter.php
M phpmailer/phpmailer/get_oauth_token.php
13 files changed, 174 insertions(+), 88 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm/vendor
refs/changes/60/337960/1
diff --git a/composer/installed.json b/composer/installed.json
index 13bee3b..4dd1b02 100644
--- a/composer/installed.json
+++ b/composer/installed.json
@@ -566,68 +566,6 @@
]
},
{
- "name": "phpmailer/phpmailer",
- "version": "v5.2.21",
- "version_normalized": "5.2.21.0",
- "source": {
- "type": "git",
- "url": "https://github.com/PHPMailer/PHPMailer.git";,
- "reference": "1d51856b76c06fc687fcd9180efa7a0bed0d761e"
- },
- "dist": {
- "type": "zip",
- "url":
"https://api.github.com/repos/PHPMailer/PHPMailer/zipball/1d51856b76c06fc687fcd9180efa7a0bed0d761e";,
- "reference": "1d51856b76c06fc687fcd9180efa7a0bed0d761e",
- "shasum": ""
- },
- "require": {
- "php": ">=5.0.0"
- },
- "require-dev": {
- "phpdocumentor/phpdocumentor": "*",
- "phpunit/phpunit": "4.7.*"
- },
- "suggest": {
- "league/oauth2-google": "Needed for Google XOAUTH2 authentication"
- },
- "time": "2016-12-28 15:35:48",
- "type": "library",
- "installation-source": "dist",
- "autoload": {
- "classmap": [
- "class.phpmailer.php",
- "class.phpmaileroauth.php",
- "class.phpmaileroauthgoogle.php",
- "class.smtp.php",
- "class.pop3.php",
- "extras/EasyPeasyICS.php",
- "extras/ntlm_sasl_client.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/";,
- "license": [
- "LGPL-2.1"
- ],
- "authors": [
- {
- "name": "Jim Jagielski",
- "email": "jim...@gmail.com"
- },
- {
- "name": "Marcus Bointon",
- "email": "phpmai...@synchromedia.co.uk"
- },
- {
- "name": "Andy Prevost",
- "email": "codeworxt...@users.sourceforge.net"
- },
- {
- "name": "Brent R. Matzelle"
- }
- ],
- "description": "PHPMailer is a full-featured email creation and
transfer class for PHP"
- },
- {
"name": "minfraud/http",
"version": "v1.71",
"version_normalized": "1.71.0.0",
@@ -1238,5 +1176,67 @@
"donations",
"payments"
]
+ },
+ {
+ "name": "phpmailer/phpmailer",
+ "version": "v5.2.22",
+ "version_normalized": "5.2.22.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/PHPMailer/PHPMailer.git";,
+ "reference": "b18cb98131bd83103ccb26a888fdfe3177b8a663"
+ },
+ "dist": {
+ "type": "zip",
+ "url":
"https://api.github.com/repos/PHPMailer/PHPMailer/zipball/b18cb98131bd83103ccb26a888fdfe3177b8a663";,
+ "reference": "b18cb98131bd83103ccb26a888fdfe3177b8a663",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.0.0"
+ },
+ "require-dev": {
+ "phpdocumentor/phpdocumentor": "*",
+ "phpunit/phpunit": "4.7.*"
+ },
+ "suggest": {
+ "league/oauth2-google": "Needed for Google XOAUTH2 authentication"
+ },
+ "time": "2017-01-09 09:33:47",
+ "type": "library",
+ "installation-source": "dist",
+ "autoload": {
+ "classmap": [
+ "class.phpmailer.php",
+ "class.phpmaileroauth.php",
+ "class.phpmaileroauthgoogle.php",
+ "class.smtp.php",
+ "class.pop3.php",
+ "extras/EasyPeasyICS.php",
+ "extras/ntlm_sasl_client.php"
+ ]
+ },
+ "notification-url": "https://packagist.org/downloads/";,
+ "license": [
+ "LGPL-2.1"
+ ],
+ "authors": [
+ {
+ "name": "Jim Jagielski",
+ "email": "jim...@gmail.com"
+ },
+ {
+ "name": "Marcus Bointon",
+ "email": "phpmai...@synchromedia.co.uk"
+ },
+ {
+ "name": "Andy Prevost",
+ "email": "codeworxt...@users.sourceforge.net"
+ },
+ {
+ "name": "Brent R. Matzelle"
+ }
+ ],
+ "description": "PHPMailer is a full-featured email creation and
transfer class for PHP"
}
]
diff --git a/phpmailer/phpmailer/VERSION b/phpmailer/phpmailer/VERSION
index 567eefa..07b2657 100644
--- a/phpmailer/phpmailer/VERSION
+++ b/phpmailer/phpmailer/VERSION
@@ -1 +1 @@
-5.2.21
+5.2.22
diff --git a/phpmailer/phpmailer/class.phpmailer.php
b/phpmailer/phpmailer/class.phpmailer.php
index 8ff13f1..477ee82 100644
--- a/phpmailer/phpmailer/class.phpmailer.php
+++ b/phpmailer/phpmailer/class.phpmailer.php
@@ -31,7 +31,7 @@
* The PHPMailer Version number.
* @var string
*/
- public $Version = '5.2.21';
+ public $Version = '5.2.22';
/**
* Email priority.
@@ -2492,6 +2492,7 @@
/**
* Add an attachment from a path on the filesystem.
+ * Never use a user-supplied path to a file!
* Returns false if the file could not be found or read.
* @param string $path Path to the attachment.
* @param string $name Overrides the attachment name.
@@ -3017,6 +3018,7 @@
* displayed inline with the message, not just attached for download.
* This is used in HTML messages that embed the images
* the HTML refers to using the $cid value.
+ * Never use a user-supplied path to a file!
* @param string $path Path to the attachment.
* @param string $cid Content ID of the attachment; Use this to reference
* the content when using an embedded image in HTML.
@@ -3380,12 +3382,14 @@
* Create a message body from an HTML string.
* Automatically inlines images and creates a plain-text version by
converting the HTML,
* overwriting any existing values in Body and AltBody.
- * $basedir is used when handling relative image paths, e.g. <img
src="images/a.png">
+ * Do not source $message content from user input!
+ * $basedir is prepended when handling relative URLs, e.g. <img
src="/images/a.png"> and must not be empty
* will look for an image file in $basedir/images/a.png and convert it to
inline.
- * If you don't want to apply these transformations to your HTML, just set
Body and AltBody yourself.
+ * If you don't provide a $basedir, relative paths will be left untouched
(and thus probably break in email)
+ * If you don't want to apply these transformations to your HTML, just set
Body and AltBody directly.
* @access public
* @param string $message HTML message string
- * @param string $basedir base directory for relative paths to images
+ * @param string $basedir Absolute path to a base directory to prepend to
relative paths to images
* @param boolean|callable $advanced Whether to use the internal HTML to
text converter
* or your own custom converter @see PHPMailer::html2text()
* @return string $message The transformed message Body
@@ -3394,6 +3398,10 @@
{
preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message,
$images);
if (array_key_exists(2, $images)) {
+ if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
+ // Ensure $basedir has a trailing /
+ $basedir .= '/';
+ }
foreach ($images[2] as $imgindex => $url) {
// Convert data URIs into embedded images
if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url,
$match)) {
@@ -3411,18 +3419,24 @@
$message
);
}
- } elseif (substr($url, 0, 4) !== 'cid:' &&
!preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) {
- // Do not change urls for absolute images (thanks to
corvuscorax)
+ continue;
+ }
+ if (
+ // Only process relative URLs if a basedir is provided
(i.e. no absolute local paths)
+ !empty($basedir)
+ // Ignore URLs containing parent dir traversal (..)
+ && (strpos($url, '..') === false)
// Do not change urls that are already inline images
+ && substr($url, 0, 4) !== 'cid:'
+ // Do not change absolute URLs, including anonymous
protocol
+ && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url)
+ ) {
$filename = basename($url);
$directory = dirname($url);
if ($directory == '.') {
$directory = '';
}
$cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
- if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
- $basedir .= '/';
- }
if (strlen($directory) > 1 && substr($directory, -1) !=
'/') {
$directory .= '/';
}
diff --git a/phpmailer/phpmailer/class.phpmaileroauthgoogle.php
b/phpmailer/phpmailer/class.phpmaileroauthgoogle.php
index 8d169b2..71c9bd3 100644
--- a/phpmailer/phpmailer/class.phpmaileroauthgoogle.php
+++ b/phpmailer/phpmailer/class.phpmaileroauthgoogle.php
@@ -51,10 +51,10 @@
private function getProvider()
{
- return new League\OAuth2\Client\Provider\Google(array(
+ return new League\OAuth2\Client\Provider\Google([
'clientId' => $this->oauthClientId,
'clientSecret' => $this->oauthClientSecret
- ));
+ ]);
}
private function getGrant()
@@ -66,7 +66,7 @@
{
$provider = $this->getProvider();
$grant = $this->getGrant();
- return $provider->getAccessToken($grant, array('refresh_token' =>
$this->oauthRefreshToken));
+ return $provider->getAccessToken($grant, ['refresh_token' =>
$this->oauthRefreshToken]);
}
public function getOauth64()
diff --git a/phpmailer/phpmailer/class.pop3.php
b/phpmailer/phpmailer/class.pop3.php
index 373c886..f10e688 100644
--- a/phpmailer/phpmailer/class.pop3.php
+++ b/phpmailer/phpmailer/class.pop3.php
@@ -34,7 +34,7 @@
* @var string
* @access public
*/
- public $Version = '5.2.21';
+ public $Version = '5.2.22';
/**
* Default POP3 port number.
diff --git a/phpmailer/phpmailer/class.smtp.php
b/phpmailer/phpmailer/class.smtp.php
index 270162b..8932117 100644
--- a/phpmailer/phpmailer/class.smtp.php
+++ b/phpmailer/phpmailer/class.smtp.php
@@ -30,7 +30,7 @@
* The PHPMailer SMTP version number.
* @var string
*/
- const VERSION = '5.2.21';
+ const VERSION = '5.2.22';
/**
* SMTP line break constant.
@@ -81,7 +81,7 @@
* @deprecated Use the `VERSION` constant instead
* @see SMTP::VERSION
*/
- public $Version = '5.2.21';
+ public $Version = '5.2.22';
/**
* SMTP server port number.
diff --git a/phpmailer/phpmailer/examples/contactform.phps
b/phpmailer/phpmailer/examples/contactform.phps
new file mode 100644
index 0000000..d85e204
--- /dev/null
+++ b/phpmailer/phpmailer/examples/contactform.phps
@@ -0,0 +1,71 @@
+<?php
+/**
+ * This example shows how to handle a simple contact form.
+ */
+
+$msg = '';
+//Don't run this unless we're handling a form submission
+if (array_key_exists('email', $_POST)) {
+ date_default_timezone_set('Etc/UTC');
+
+ require '../PHPMailerAutoload.php';
+
+ //Create a new PHPMailer instance
+ $mail = new PHPMailer;
+ //Tell PHPMailer to use SMTP - requires a local mail server
+ //Faster and safer than using mail()
+ $mail->isSMTP();
+ $mail->Host = 'localhost';
+ $mail->Port = 25;
+
+ //Use a fixed address in your own domain as the from address
+ //**DO NOT** use the submitter's address here as it will be forgery
+ //and will cause your messages to fail SPF checks
+ $mail->setFrom('f...@example.com', 'First Last');
+ //Send the message to yourself, or whoever should receive contact for
submissions
+ $mail->addAddress('wh...@example.com', 'John Doe');
+ //Put the submitter's address in a reply-to header
+ //This will fail if the address provided is invalid,
+ //in which case we should ignore the whole request
+ if ($mail->addReplyTo($_POST['email'], $_POST['name'])) {
+ $mail->Subject = 'PHPMailer contact form';
+ //Keep it simple - don't use HTML
+ $mail->isHTML(false);
+ //Build a simple message body
+ $mail->Body = <<<EOT
+Email: {$_POST['email']}
+Name: {$_POST['name']}
+Message: {$_POST['message']}
+EOT;
+ //Send the message, check for errors
+ if (!$mail->send()) {
+ //The reason for failing to send will be in $mail->ErrorInfo
+ //but you shouldn't display errors to users - process the error,
log it on your server.
+ $msg = 'Sorry, something went wrong. Please try again later.';
+ } else {
+ $msg = 'Message sent! Thanks for contacting us.';
+ }
+ } else {
+ $msg = 'Invalid email address, message ignored.';
+ }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Contact form</title>
+</head>
+<body>
+<h1>Contact us</h1>
+<?php if (!empty($msg)) {
+ echo "<h2>$msg</h2>";
+} ?>
+<form method="POST">
+ <label for="name">Name: <input type="text" name="name"
id="name"></label><br>
+ <label for="email">Email address: <input type="email" name="email"
id="email"></label><br>
+ <label for="message">Message: <textarea name="message" id="message"
rows="8" cols="20"></textarea></label><br>
+ <input type="submit" value="Send">
+</form>
+</body>
+</html>
diff --git a/phpmailer/phpmailer/examples/contentsutf8.html
b/phpmailer/phpmailer/examples/contentsutf8.html
index 81a2024..035d10c 100644
--- a/phpmailer/phpmailer/examples/contentsutf8.html
+++ b/phpmailer/phpmailer/examples/contentsutf8.html
@@ -15,6 +15,7 @@
<p>Russian text: Пустое тело сообщения</p>
<p>Armenian text: Հաղորդագրությունը դատարկ է</p>
<p>Czech text: Prázdné tělo zprávy</p>
+ <p>Emoji: <span style="font-size: 48px">😂 🦄 💥 📤 📧</span></p>
</div>
</body>
</html>
diff --git a/phpmailer/phpmailer/examples/scripts/XRegExp.js
b/phpmailer/phpmailer/examples/scripts/XRegExp.js
index ebdb9c9..feb6679 100644
--- a/phpmailer/phpmailer/examples/scripts/XRegExp.js
+++ b/phpmailer/phpmailer/examples/scripts/XRegExp.js
@@ -259,7 +259,7 @@
//---------------------------------
- // Overriden native methods
+ // Overridden native methods
//---------------------------------
// Adds named capture support (with backreferences returned as
`result.name`), and fixes two
diff --git a/phpmailer/phpmailer/examples/send_file_upload.phps
b/phpmailer/phpmailer/examples/send_file_upload.phps
index 3004c76..ab60fd1 100644
--- a/phpmailer/phpmailer/examples/send_file_upload.phps
+++ b/phpmailer/phpmailer/examples/send_file_upload.phps
@@ -17,7 +17,7 @@
$mail->setFrom('f...@example.com', 'First Last');
$mail->addAddress('wh...@example.com', 'John Doe');
$mail->Subject = 'PHPMailer file sender';
- $mail->msgHTML("My message body");
+ $mail->Body = 'My message body';
// Attach the uploaded file
$mail->addAttachment($uploadfile, 'My uploaded file');
if (!$mail->send()) {
diff --git a/phpmailer/phpmailer/examples/send_multiple_file_upload.phps
b/phpmailer/phpmailer/examples/send_multiple_file_upload.phps
index ddb7614..72f2115 100644
--- a/phpmailer/phpmailer/examples/send_multiple_file_upload.phps
+++ b/phpmailer/phpmailer/examples/send_multiple_file_upload.phps
@@ -12,7 +12,7 @@
$mail->setFrom('f...@example.com', 'First Last');
$mail->addAddress('wh...@example.com', 'John Doe');
$mail->Subject = 'PHPMailer file sender';
- $mail->msgHTML('My message body');
+ $mail->Body = 'My message body';
//Attach multiple files one by one
for ($ct = 0; $ct < count($_FILES['userfile']['tmp_name']); $ct++) {
$uploadfile = tempnam(sys_get_temp_dir(),
sha1($_FILES['userfile']['name'][$ct]));
diff --git a/phpmailer/phpmailer/extras/htmlfilter.php
b/phpmailer/phpmailer/extras/htmlfilter.php
index 7727487..a86ef57 100644
--- a/phpmailer/phpmailer/extras/htmlfilter.php
+++ b/phpmailer/phpmailer/extras/htmlfilter.php
@@ -433,7 +433,7 @@
*
* @param string $attvalue the by-ref value to check.
* @param string $regex the regular expression to check against.
- * @param boolean $hex whether the entites are hexadecimal.
+ * @param boolean $hex whether the entities are hexadecimal.
* @return boolean True or False depending on whether there were
matches.
*/
function tln_deent(&$attvalue, $regex, $hex = false)
@@ -772,7 +772,7 @@
tln_defang($contentTemp);
tln_unspace($contentTemp);
- $match = Array('/\/\*.*\*\//',
+ $match = array('/\/\*.*\*\//',
'/expression/i',
'/behaviou*r/i',
'/binding/i',
@@ -780,7 +780,7 @@
'/javascript/i',
'/script/i',
'/position/i');
- $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy',
'idiocy', '');
+ $replace = array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy',
'idiocy', '');
$contentNew = preg_replace($match, $replace, $contentTemp);
if ($contentNew !== $contentTemp) {
$content = $contentNew;
diff --git a/phpmailer/phpmailer/get_oauth_token.php
b/phpmailer/phpmailer/get_oauth_token.php
index b95d5c4..2c26d0f 100644
--- a/phpmailer/phpmailer/get_oauth_token.php
+++ b/phpmailer/phpmailer/get_oauth_token.php
@@ -80,24 +80,24 @@
$params = array_merge(
parent::getAuthorizationParameters($options),
- array_filter(array(
+ array_filter([
'hd' => $this->hostedDomain,
'access_type' => $this->accessType,
'scope' => $this->scope,
// if the user is logged in with more than one account ask
which one to use for the login!
'authuser' => '-1'
- ))
+ ])
);
return $params;
}
protected function getDefaultScopes()
{
- return array(
+ return [
'email',
'openid',
'profile',
- );
+ ];
}
protected function getScopeSeparator()
--
To view, visit https://gerrit.wikimedia.org/r/337960
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I57f02bc76164dcd78d4b937bcddfd828ef2b4634
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm/vendor
Gerrit-Branch: master
Gerrit-Owner: Ejegg <eeggles...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
