From 503070864134d5cc7159fb4ce01e61aa60e605fc Mon Sep 17 00:00:00 2001 From: cwsoft Date: Fri, 10 Feb 2017 15:40:27 +0100 Subject: [PATCH] Updated PHP Mailer to v5.2.22 - Security fix for the 3rd party library PHPMailer - See [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223) https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22 --- wbce/include/phpmailer/ChangeLog.txt | 415 ------------------ wbce/include/phpmailer/README | 218 --------- wbce/include/phpmailer/VERSION | 2 +- wbce/include/phpmailer/class.phpmailer.php | 32 +- wbce/include/phpmailer/class.pop3.php | 2 +- wbce/include/phpmailer/class.smtp.php | 4 +- wbce/include/phpmailer/index.php | 28 -- wbce/include/phpmailer/language/index.php | 28 -- .../phpmailer/language/phpmailer.lang-br.php | 26 -- .../phpmailer/language/phpmailer.lang-cz.php | 25 -- .../phpmailer/language/phpmailer.lang-dk.php | 26 -- .../phpmailer/language/phpmailer.lang-en.php | 27 -- .../phpmailer/language/phpmailer.lang-no.php | 25 -- .../phpmailer/language/phpmailer.lang-se.php | 26 -- 14 files changed, 27 insertions(+), 857 deletions(-) delete mode 100644 wbce/include/phpmailer/ChangeLog.txt delete mode 100644 wbce/include/phpmailer/README delete mode 100644 wbce/include/phpmailer/index.php delete mode 100644 wbce/include/phpmailer/language/index.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-br.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-cz.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-dk.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-en.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-no.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-se.php diff --git a/wbce/include/phpmailer/ChangeLog.txt b/wbce/include/phpmailer/ChangeLog.txt deleted file mode 100644 index 76c75cf2a..000000000 --- a/wbce/include/phpmailer/ChangeLog.txt +++ /dev/null @@ -1,415 +0,0 @@ -ChangeLog - -NOTE: THIS VERSION OF PHPMAILER IS DESIGNED FOR PHP5/PHP6. - IT WILL NOT WORK WITH PHP4. - -Version 5.2 (July 19, 2011) -* protected MIME body and header -* better DKIM DNS Resource Record support -* better aly handling -* htmlfilter class added to extras -* moved to Apache Extras - -Version 5.1 (October 20, 2009) -* fixed filename issue with AddStringAttachment (thanks to Tony) -* fixed "SingleTo" property, now works with Senmail, Qmail, and SMTP in - addition to PHP mail() -* added DKIM digital signing functionality - New properties: - - DKIM_domain (sets the domain name) - - DKIM_private (holds DKIM private key) - - DKIM_passphrase (holds your DKIM passphrase) - - DKIM_selector (holds the DKIM "selector") - - DKIM_identity (holds the identifying email address) -* added callback function support - - callback function parameters include: - result, to, cc, bcc, subject and body - * see the test/test_callback.php file for usage. -* added "auto" identity functionality - - can automatically add: - - Return-path (if Sender not set) - - Reply-To (if ReplyTo not set) - - can be disabled: - - $mail->SetFrom('yourname@yourdomain.com','First Last',false); - - or by adding the $mail->Sender and/or $mail->ReplyTo properties - Note: "auto" identity added to help with emails ending up in spam - or junk boxes because of missing headers - -Version 5.0.2 (May 24, 2009) -* Fix for missing attachments when inline graphics are present -* Fix for missing Cc in header when using SMTP (mail was sent, - but not displayed in header -- Cc receiver only saw email To: - line and no Cc line, but did get the email (To receiver - saw same) - -Version 5.0.1 (April 05, 2009) -* Temporary fix for missing attachments - -Version 5.0.0 (April 02, 2009) - -* With the release of this version, we are initiating a new version numbering - system to differentiate from the PHP4 version of PHPMailer. -* Most notable in this release is fully object oriented code. -class.smtp.php: -* Refactored class.smtp.php to support new exception handling - code size reduced from 29.2 Kb to 25.6 Kb -* Removed unnecessary functions from class.smtp.php: - public function Expand($name) { - public function Help($keyword="") { - public function Noop() { - public function Send($from) { - public function SendOrMail($from) { - public function Verify($name) { -class.phpmailer.php: -* Refactored class.phpmailer.php with new exception handling -* Changed processing functionality of Sendmail and Qmail so they cannot be - inadvertently used -* removed getFile() function, just became a simple wrapper for - file_get_contents() -* added check for PHP version (will gracefully exit if not at least PHP 5.0) -class.phpmailer.php enhancements -* enhanced code to check if an attachment source is the same as an embedded or - inline graphic source to eliminate duplicate attachments -New /test_script -* We have written a test script you can use to test the script as part of your - installation. Once you press submit, the test script will send a multi-mime - email with either the message you type in or an HTML email with an inline - graphic. Two attachments are included in the email (one of the attachments - is also the inline graphic so you can see that only one copy of the graphic - is sent in the email). The test script will also display the functional - script that you can copy/paste to your editor to duplicate the functionality. -New examples -* All new examples in both basic and advanced modes. Advanced examples show - Exception handling. -PHPDocumentator (phpdocs) documentation for PHPMailer version 5.0.0 -* all new documentation - -Please note: the website has been updated to reflect the changes in PHPMailer -version 5.0.0. http://phpmailer.codeworxtech.com/ - -Version 2.3 (November 06, 2008) - -* added Arabic language (many thanks to Bahjat Al Mostafa) -* removed English language from language files and made it a default within - class.phpmailer.php - if no language is found, it will default to use - the english language translation -* fixed public/private declarations -* corrected line 1728, $basedir to $directory -* added $sign_cert_file to avoid improper duplicate use of $sign_key_file -* corrected $this->Hello on line 612 to $this->Helo -* changed default of $LE to "\r\n" to comply with RFC 2822. Can be set by the user - if default is not acceptable -* removed trim() from return results in EncodeQP -* /test and three files it contained are removed from version 2.3 -* fixed phpunit.php for compliance with PHP5 -* changed $this->AltBody = $textMsg; to $this->AltBody = html_entity_decode($textMsg); -* We have removed the /phpdoc from the downloads. All documentation is now on - the http://phpmailer.codeworxtech.com website. - -Version 2.2.1 () July 19 2008 - -* fixed line 1092 in class.smtp.php (my apologies, error on my part) - -Version 2.2 () July 15 2008 - -* Fixed redirect issue (display of UTF-8 in thank you redirect) -* fixed error in getResponse function declaration (class.pop3.php) -* PHPMailer now PHP6 compliant -* fixed line 1092 in class.smtp.php (endless loop from missing = sign) - -Version 2.1 (Wed, June 04 2008) - -** NOTE: WE HAVE A NEW LANGUAGE VARIABLE FOR DIGITALLY SIGNED S/MIME EMAILS. - IF YOU CAN HELP WITH LANGUAGES OTHER THAN ENGLISH AND SPANISH, IT WOULD BE - APPRECIATED. - -* added S/MIME functionality (ability to digitally sign emails) - BIG THANKS TO "sergiocambra" for posting this patch back in November 2007. - The "Signed Emails" functionality adds the Sign method to pass the private key - filename and the password to read it, and then email will be sent with - content-type multipart/signed and with the digital signature attached. -* fully compatible with E_STRICT error level - - Please note: - In about half the test environments this development version was subjected - to, an error was thrown for the date() functions used (line 1565 and 1569). - This is NOT a PHPMailer error, it is the result of an incorrectly configured - PHP5 installation. The fix is to modify your 'php.ini' file and include the - date.timezone = America/New York - directive, to your own server timezone - - If you do get this error, and are unable to access your php.ini file: - In your PHP script, add - date_default_timezone_set('America/Toronto'); - - do not try to use - $myVar = date_default_timezone_get(); - as a test, it will throw an error. -* added ability to define path (mainly for embedded images) - function MsgHTML($message,$basedir='') ... where: - $basedir is the fully qualified path -* fixed MsgHTML() function: - - Embedded Images where images are specified by :// will not be altered or embedded -* fixed the return value of SMTP exit code ( pclose ) -* addressed issue of multibyte characters in subject line and truncating -* added ability to have user specified Message ID - (default is still that PHPMailer create a unique Message ID) -* corrected unidentified message type to 'application/octet-stream' -* fixed chunk_split() multibyte issue (thanks to Colin Brown, et al). -* added check for added attachments -* enhanced conversion of HTML to text in MsgHTML (thanks to "brunny") - -Version 2.1.0beta2 (Sun, Dec 02 2007) -* implemented updated EncodeQP (thanks to coolbru, aka Marcus Bointon) -* finished all testing, all known bugs corrected, enhancements tested -- note: will NOT work with PHP4. - -please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS -INTENDED STRICTLY FOR TESTING - -Version 2.1.0beta1 -please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS -INTENDED STRICTLY FOR TESTING - -Version 2.0.0 rc2 (Fri, Nov 16 2007), interim release -* implements new property to control VERP in class.smtp.php - example (requires instantiating class.smtp.php): - $mail->do_verp = true; -* POP-before-SMTP functionality included, thanks to Richard Davey - (see class.pop3.php & pop3_before_smtp_test.php for examples) -* included example showing how to use PHPMailer with GMAIL -* fixed the missing Cc in SendMail() and Mail() - -****************** -A note on sending bulk emails: - -If the email you are sending is not personalized, consider using the -"undisclosed-recipient:;" strategy. That is, put all of your recipients -in the Bcc field and set the To field to "undisclosed-recipients:;". -It's a lot faster (only one send) and saves quite a bit on resources. -Contrary to some opinions, this will not get you listed in spam engines - -it's a legitimate way for you to send emails. - -A partial example for use with PHPMailer: - -$mail->AddAddress("undisclosed-recipients:;"); -$mail->AddBCC("email1@anydomain.com,email2@anyotherdomain.com,email3@anyalternatedomain.com"); - -Many email service providers restrict the number of emails that can be sent -in any given time period. Often that is between 50 - 60 emails maximum -per hour or per send session. - -If that's the case, then break up your Bcc lists into chunks that are one -less than your limit, and put a pause in your script. -******************* - -Version 2.0.0 rc1 (Thu, Nov 08 2007), interim release -* dramatically simplified using inline graphics ... it's fully automated and requires no user input -* added automatic document type detection for attachments and pictures -* added MsgHTML() function to replace Body tag for HTML emails -* fixed the SendMail security issues (input validation vulnerability) -* enhanced the AddAddresses functionality so that the "Name" portion is used in the email address -* removed the need to use the AltBody method (set from the HTML, or default text used) -* set the PHP Mail() function as the default (still support SendMail, SMTP Mail) -* removed the need to set the IsHTML property (set automatically) -* added Estonian language file by Indrek Päri -* added header injection patch -* added "set" method to permit users to create their own pseudo-properties like 'X-Headers', etc. - example of use: - $mail->set('X-Priority', '3'); - $mail->set('X-MSMail-Priority', 'Normal'); -* fixed warning message in SMTP get_lines method -* added TLS/SSL SMTP support - example of use: - $mail = new PHPMailer(); - $mail->Mailer = "smtp"; - $mail->Host = "smtp.example.com"; - $mail->SMTPSecure = "tls"; // option - //$mail->SMTPSecure = "ssl"; // option - ... - $mail->Send(); -* PHPMailer has been tested with PHP4 (4.4.7) and PHP5 (5.2.7) -* Works with PHP installed as a module or as CGI-PHP -- NOTE: will NOT work with PHP5 in E_STRICT error mode - -Version 1.73 (Sun, Jun 10 2005) -* Fixed denial of service bug: http://www.cybsec.com/vuln/PHPMailer-DOS.pdf -* Now has a total of 20 translations -* Fixed alt attachments bug: http://tinyurl.com/98u9k - -Version 1.72 (Wed, May 25 2004) -* Added Dutch, Swedish, Czech, Norwegian, and Turkish translations. -* Received: Removed this method because spam filter programs like -SpamAssassin reject this header. -* Fixed error count bug. -* SetLanguage default is now "language/". -* Fixed magic_quotes_runtime bug. - -Version 1.71 (Tue, Jul 28 2003) -* Made several speed enhancements -* Added German and Italian translation files -* Fixed HELO/AUTH bugs on keep-alive connects -* Now provides an error message if language file does not load -* Fixed attachment EOL bug -* Updated some unclear documentation -* Added additional tests and improved others - -Version 1.70 (Mon, Jun 20 2003) -* Added SMTP keep-alive support -* Added IsError method for error detection -* Added error message translation support (SetLanguage) -* Refactored many methods to increase library performance -* Hello now sends the newer EHLO message before HELO as per RFC 2821 -* Removed the boundary class and replaced it with GetBoundary -* Removed queue support methods -* New $Hostname variable -* New Message-ID header -* Received header reformat -* Helo variable default changed to $Hostname -* Removed extra spaces in Content-Type definition (#667182) -* Return-Path should be set to Sender when set -* Adds Q or B encoding to headers when necessary -* quoted-encoding should now encode NULs \000 -* Fixed encoding of body/AltBody (#553370) -* Adds "To: undisclosed-recipients:;" when all recipients are hidden (BCC) -* Multiple bug fixes - -Version 1.65 (Fri, Aug 09 2002) -* Fixed non-visible attachment bug (#585097) for Outlook -* SMTP connections are now closed after each transaction -* Fixed SMTP::Expand return value -* Converted SMTP class documentation to phpDocumentor format - -Version 1.62 (Wed, Jun 26 2002) -* Fixed multi-attach bug -* Set proper word wrapping -* Reduced memory use with attachments -* Added more debugging -* Changed documentation to phpDocumentor format - -Version 1.60 (Sat, Mar 30 2002) -* Sendmail pipe and address patch (Christian Holtje) -* Added embedded image and read confirmation support (A. Ognio) -* Added unit tests -* Added SMTP timeout support (*nix only) -* Added possibly temporary PluginDir variable for SMTP class -* Added LE message line ending variable -* Refactored boundary and attachment code -* Eliminated SMTP class warnings -* Added SendToQueue method for future queuing support - -Version 1.54 (Wed, Dec 19 2001) -* Add some queuing support code -* Fixed a pesky multi/alt bug -* Messages are no longer forced to have "To" addresses - -Version 1.50 (Thu, Nov 08 2001) -* Fix extra lines when not using SMTP mailer -* Set WordWrap variable to int with a zero default - -Version 1.47 (Tue, Oct 16 2001) -* Fixed Received header code format -* Fixed AltBody order error -* Fixed alternate port warning - -Version 1.45 (Tue, Sep 25 2001) -* Added enhanced SMTP debug support -* Added support for multiple ports on SMTP -* Added Received header for tracing -* Fixed AddStringAttachment encoding -* Fixed possible header name quote bug -* Fixed wordwrap() trim bug -* Couple other small bug fixes - -Version 1.41 (Wed, Aug 22 2001) -* Fixed AltBody bug w/o attachments -* Fixed rfc_date() for certain mail servers - -Version 1.40 (Sun, Aug 12 2001) -* Added multipart/alternative support (AltBody) -* Documentation update -* Fixed bug in Mercury MTA - -Version 1.29 (Fri, Aug 03 2001) -* Added AddStringAttachment() method -* Added SMTP authentication support - -Version 1.28 (Mon, Jul 30 2001) -* Fixed a typo in SMTP class -* Fixed header issue with Imail (win32) SMTP server -* Made fopen() calls for attachments use "rb" to fix win32 error - -Version 1.25 (Mon, Jul 02 2001) -* Added RFC 822 date fix (Patrice) -* Added improved error handling by adding a $ErrorInfo variable -* Removed MailerDebug variable (obsolete with new error handler) - -Version 1.20 (Mon, Jun 25 2001) -* Added quoted-printable encoding (Patrice) -* Set Version as public and removed PrintVersion() -* Changed phpdoc to only display public variables and methods - -Version 1.19 (Thu, Jun 21 2001) -* Fixed MS Mail header bug -* Added fix for Bcc problem with mail(). *Does not work on Win32* - (See PHP bug report: http://www.php.net/bugs.php?id=11616) -* mail() no longer passes a fifth parameter when not needed - -Version 1.15 (Fri, Jun 15 2001) -[Note: these changes contributed by Patrice Fournier] -* Changed all remaining \n to \r\n -* Bcc: header no longer writen to message except -when sent directly to sendmail -* Added a small message to non-MIME compliant mail reader -* Added Sender variable to change the Sender email -used in -f for sendmail/mail and in 'MAIL FROM' for smtp mode -* Changed boundary setting to a place it will be set only once -* Removed transfer encoding for whole message when using multipart -* Message body now uses Encoding in multipart messages -* Can set encoding and type to attachments 7bit, 8bit -and binary attachment are sent as is, base64 are encoded -* Can set Encoding to base64 to send 8 bits body -through 7 bits servers - -Version 1.10 (Tue, Jun 12 2001) -* Fixed win32 mail header bug (printed out headers in message body) - -Version 1.09 (Fri, Jun 08 2001) -* Changed date header to work with Netscape mail programs -* Altered phpdoc documentation - -Version 1.08 (Tue, Jun 05 2001) -* Added enhanced error-checking -* Added phpdoc documentation to source - -Version 1.06 (Fri, Jun 01 2001) -* Added optional name for file attachments - -Version 1.05 (Tue, May 29 2001) -* Code cleanup -* Eliminated sendmail header warning message -* Fixed possible SMTP error - -Version 1.03 (Thu, May 24 2001) -* Fixed problem where qmail sends out duplicate messages - -Version 1.02 (Wed, May 23 2001) -* Added multiple recipient and attachment Clear* methods -* Added Sendmail public variable -* Fixed problem with loading SMTP library multiple times - -Version 0.98 (Tue, May 22 2001) -* Fixed problem with redundant mail hosts sending out multiple messages -* Added additional error handler code -* Added AddCustomHeader() function -* Added support for Microsoft mail client headers (affects priority) -* Fixed small bug with Mailer variable -* Added PrintVersion() function - -Version 0.92 (Tue, May 15 2001) -* Changed file names to class.phpmailer.php and class.smtp.php to match - current PHP class trend. -* Fixed problem where body not being printed when a message is attached -* Several small bug fixes - -Version 0.90 (Tue, April 17 2001) -* Intial public release diff --git a/wbce/include/phpmailer/README b/wbce/include/phpmailer/README deleted file mode 100644 index 8d48dc05f..000000000 --- a/wbce/include/phpmailer/README +++ /dev/null @@ -1,218 +0,0 @@ -/******************************************************************* -* The http://phpmailer.codeworxtech.com/ website now carries a few * -* advertisements through the Google Adsense network. Please visit * -* the advertiser sites and help us offset some of our costs. * -* Thanks .... * -********************************************************************/ - -PHPMailer -Full Featured Email Transfer Class for PHP -========================================== - -Version 5.0.0 (April 02, 2009) - -With the release of this version, we are initiating a new version numbering -system to differentiate from the PHP4 version of PHPMailer. - -Most notable in this release is fully object oriented code. - -We now have available the PHPDocumentor (phpdocs) documentation. This is -separate from the regular download to keep file sizes down. Please see the -download area of http://phpmailer.codeworxtech.com. - -We also have created a new test script (see /test_script) that you can use -right out of the box. Copy the /test_script folder directly to your server (in -the same structure ... with class.phpmailer.php and class.smtp.php in the -folder above it. Then launch the test script with: -http://www.yourdomain.com/phpmailer/test_script/index.php -from this one script, you can test your server settings for mail(), sendmail (or -qmail), and SMTP. This will email you a sample email (using contents.html for -the email body) and two attachments. One of the attachments is used as an inline -image to demonstrate how PHPMailer will automatically detect if attachments are -the same source as inline graphics and only include one version. Once you click -the Submit button, the results will be displayed including any SMTP debug -information and send status. We will also display a version of the script that -you can cut and paste to include in your projects. Enjoy! - -Version 2.3 (November 08, 2008) - -We have removed the /phpdoc from the downloads. All documentation is now on -the http://phpmailer.codeworxtech.com website. - -The phpunit.php has been updated to support PHP5. - -For all other changes and notes, please see the changelog. - -Donations are accepted at PayPal with our id "paypal@worxteam.com". - -Version 2.2 (July 15 2008) - -- see the changelog. - -Version 2.1 (June 04 2008) - -With this release, we are announcing that the development of PHPMailer for PHP5 -will be our focus from this date on. We have implemented all the enhancements -and fixes from the latest release of PHPMailer for PHP4. - -Far more important, though, is that this release of PHPMailer (v2.1) is -fully tested with E_STRICT error checking enabled. - -** NOTE: WE HAVE A NEW LANGUAGE VARIABLE FOR DIGITALLY SIGNED S/MIME EMAILS. - IF YOU CAN HELP WITH LANGUAGES OTHER THAN ENGLISH AND SPANISH, IT WOULD BE - APPRECIATED. - -We have now added S/MIME functionality (ability to digitally sign emails). -BIG THANKS TO "sergiocambra" for posting this patch back in November 2007. -The "Signed Emails" functionality adds the Sign method to pass the private key -filename and the password to read it, and then email will be sent with -content-type multipart/signed and with the digital signature attached. - -A quick note on E_STRICT: - -- In about half the test environments the development version was subjected - to, an error was thrown for the date() functions (used at line 1565 and 1569). - This is NOT a PHPMailer error, it is the result of an incorrectly configured - PHP5 installation. The fix is to modify your 'php.ini' file and include the - date.timezone = America/New York - directive, (for your own server timezone) -- If you do get this error, and are unable to access your php.ini file, there is - a workaround. In your PHP script, add - date_default_timezone_set('America/Toronto'); - - * do NOT try to use - $myVar = date_default_timezone_get(); - as a test, it will throw an error. - -We have also included more example files to show the use of "sendmail", "mail()", -"smtp", and "gmail". - -We are also looking for more programmers to join the volunteer development team. -If you have an interest in this, please let us know. - -Enjoy! - - -Version 2.1.0beta1 & beta2 - -please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS -INTENDED STRICTLY FOR TESTING - -** NOTE: - -As of November 2007, PHPMailer has a new project team headed by industry -veteran Andy Prevost (codeworxtech). The first release in more than two -years will focus on fixes, adding ease-of-use enhancements, provide -basic compatibility with PHP4 and PHP5 using PHP5 backwards compatibility -features. A new release is planned before year-end 2007 that will provide -full compatiblity with PHP4 and PHP5, as well as more bug fixes. - -We are looking for project developers to assist in restoring PHPMailer to -its leadership position. Our goals are to simplify use of PHPMailer, provide -good documentation and examples, and retain backward compatibility to level -1.7.3 standards. - -If you are interested in helping out, visit http://sourceforge.net/projects/phpmailer -and indicate your interest. - -** - -http://phpmailer.sourceforge.net/ - -This software is licenced under the LGPL. Please read LICENSE for information on the -software availability and distribution. - -Class Features: -- Send emails with multiple TOs, CCs, BCCs and REPLY-TOs -- Redundant SMTP servers -- Multipart/alternative emails for mail clients that do not read HTML email -- Support for 8bit, base64, binary, and quoted-printable encoding -- Uses the same methods as the very popular AspEmail active server (COM) component -- SMTP authentication -- Native language support -- Word wrap, and more! - -Why you might need it: - -Many PHP developers utilize email in their code. The only PHP function -that supports this is the mail() function. However, it does not expose -any of the popular features that many email clients use nowadays like -HTML-based emails and attachments. There are two proprietary -development tools out there that have all the functionality built into -easy to use classes: AspEmail(tm) and AspMail. Both of these -programs are COM components only available on Windows. They are also a -little pricey for smaller projects. - -Since I do Linux development I�ve missed these tools for my PHP coding. -So I built a version myself that implements the same methods (object -calls) that the Windows-based components do. It is open source and the -LGPL license allows you to place the class in your proprietary PHP -projects. - - -Installation: - -Copy class.phpmailer.php into your php.ini include_path. If you are -using the SMTP mailer then place class.smtp.php in your path as well. -In the language directory you will find several files like -phpmailer.lang-en.php. If you look right before the .php extension -that there are two letters. These represent the language type of the -translation file. For instance "en" is the English file and "br" is -the Portuguese file. Chose the file that best fits with your language -and place it in the PHP include path. If your language is English -then you have nothing more to do. If it is a different language then -you must point PHPMailer to the correct translation. To do this, call -the PHPMailer SetLanguage method like so: - -// To load the Portuguese version -$mail->SetLanguage("br", "/optional/path/to/language/directory/"); - -That's it. You should now be ready to use PHPMailer! - - -A Simple Example: - -IsSMTP(); // set mailer to use SMTP -$mail->Host = "smtp1.example.com;smtp2.example.com"; // specify main and backup server -$mail->SMTPAuth = true; // turn on SMTP authentication -$mail->Username = "jswan"; // SMTP username -$mail->Password = "secret"; // SMTP password - -$mail->From = "from@example.com"; -$mail->FromName = "Mailer"; -$mail->AddAddress("josh@example.net", "Josh Adams"); -$mail->AddAddress("ellen@example.com"); // name is optional -$mail->AddReplyTo("info@example.com", "Information"); - -$mail->WordWrap = 50; // set word wrap to 50 characters -$mail->AddAttachment("/var/tmp/file.tar.gz"); // add attachments -$mail->AddAttachment("/tmp/image.jpg", "new.jpg"); // optional name -$mail->IsHTML(true); // set email format to HTML - -$mail->Subject = "Here is the subject"; -$mail->Body = "This is the HTML message body in bold!"; -$mail->AltBody = "This is the body in plain text for non-HTML mail clients"; - -if(!$mail->Send()) -{ - echo "Message could not be sent.

"; - echo "Mailer Error: " . $mail->ErrorInfo; - exit; -} - -echo "Message has been sent"; -?> - -CHANGELOG - -See ChangeLog.txt - -Download: http://sourceforge.net/project/showfiles.php?group_id=26031 - -Andy Prevost diff --git a/wbce/include/phpmailer/VERSION b/wbce/include/phpmailer/VERSION index 567eefa2c..07b26572f 100644 --- a/wbce/include/phpmailer/VERSION +++ b/wbce/include/phpmailer/VERSION @@ -1 +1 @@ -5.2.21 +5.2.22 diff --git a/wbce/include/phpmailer/class.phpmailer.php b/wbce/include/phpmailer/class.phpmailer.php index 8ff13f110..477ee826e 100644 --- a/wbce/include/phpmailer/class.phpmailer.php +++ b/wbce/include/phpmailer/class.phpmailer.php @@ -31,7 +31,7 @@ class PHPMailer * The PHPMailer Version number. * @var string */ - public $Version = '5.2.21'; + public $Version = '5.2.22'; /** * Email priority. @@ -2492,6 +2492,7 @@ public function textLine($value) /** * Add an attachment from a path on the filesystem. + * Never use a user-supplied path to a file! * Returns false if the file could not be found or read. * @param string $path Path to the attachment. * @param string $name Overrides the attachment name. @@ -3017,6 +3018,7 @@ public function addStringAttachment( * displayed inline with the message, not just attached for download. * This is used in HTML messages that embed the images * the HTML refers to using the $cid value. + * Never use a user-supplied path to a file! * @param string $path Path to the attachment. * @param string $cid Content ID of the attachment; Use this to reference * the content when using an embedded image in HTML. @@ -3380,12 +3382,14 @@ public function getCustomHeaders() * Create a message body from an HTML string. * Automatically inlines images and creates a plain-text version by converting the HTML, * overwriting any existing values in Body and AltBody. - * $basedir is used when handling relative image paths, e.g. + * Do not source $message content from user input! + * $basedir is prepended when handling relative URLs, e.g. and must not be empty * will look for an image file in $basedir/images/a.png and convert it to inline. - * If you don't want to apply these transformations to your HTML, just set Body and AltBody yourself. + * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email) + * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly. * @access public * @param string $message HTML message string - * @param string $basedir base directory for relative paths to images + * @param string $basedir Absolute path to a base directory to prepend to relative paths to images * @param boolean|callable $advanced Whether to use the internal HTML to text converter * or your own custom converter @see PHPMailer::html2text() * @return string $message The transformed message Body @@ -3394,6 +3398,10 @@ public function msgHTML($message, $basedir = '', $advanced = false) { preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images); if (array_key_exists(2, $images)) { + if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { + // Ensure $basedir has a trailing / + $basedir .= '/'; + } foreach ($images[2] as $imgindex => $url) { // Convert data URIs into embedded images if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) { @@ -3411,18 +3419,24 @@ public function msgHTML($message, $basedir = '', $advanced = false) $message ); } - } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) { - // Do not change urls for absolute images (thanks to corvuscorax) + continue; + } + if ( + // Only process relative URLs if a basedir is provided (i.e. no absolute local paths) + !empty($basedir) + // Ignore URLs containing parent dir traversal (..) + && (strpos($url, '..') === false) // Do not change urls that are already inline images + && substr($url, 0, 4) !== 'cid:' + // Do not change absolute URLs, including anonymous protocol + && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) + ) { $filename = basename($url); $directory = dirname($url); if ($directory == '.') { $directory = ''; } $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2 - if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { - $basedir .= '/'; - } if (strlen($directory) > 1 && substr($directory, -1) != '/') { $directory .= '/'; } diff --git a/wbce/include/phpmailer/class.pop3.php b/wbce/include/phpmailer/class.pop3.php index 373c886cd..f10e688e3 100644 --- a/wbce/include/phpmailer/class.pop3.php +++ b/wbce/include/phpmailer/class.pop3.php @@ -34,7 +34,7 @@ class POP3 * @var string * @access public */ - public $Version = '5.2.21'; + public $Version = '5.2.22'; /** * Default POP3 port number. diff --git a/wbce/include/phpmailer/class.smtp.php b/wbce/include/phpmailer/class.smtp.php index 270162b26..89321171b 100644 --- a/wbce/include/phpmailer/class.smtp.php +++ b/wbce/include/phpmailer/class.smtp.php @@ -30,7 +30,7 @@ class SMTP * The PHPMailer SMTP version number. * @var string */ - const VERSION = '5.2.21'; + const VERSION = '5.2.22'; /** * SMTP line break constant. @@ -81,7 +81,7 @@ class SMTP * @deprecated Use the `VERSION` constant instead * @see SMTP::VERSION */ - public $Version = '5.2.21'; + public $Version = '5.2.22'; /** * SMTP server port number. diff --git a/wbce/include/phpmailer/index.php b/wbce/include/phpmailer/index.php deleted file mode 100644 index b87bb9863..000000000 --- a/wbce/include/phpmailer/index.php +++ /dev/null @@ -1,28 +0,0 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -header("Location: ../../index.php"); - -?> \ No newline at end of file diff --git a/wbce/include/phpmailer/language/index.php b/wbce/include/phpmailer/language/index.php deleted file mode 100644 index 5580f39f0..000000000 --- a/wbce/include/phpmailer/language/index.php +++ /dev/null @@ -1,28 +0,0 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -header("Location: ../../../index.php"); - -?> \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-br.php b/wbce/include/phpmailer/language/phpmailer.lang-br.php deleted file mode 100644 index 6afe60b18..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-br.php +++ /dev/null @@ -1,26 +0,0 @@ - \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-cz.php b/wbce/include/phpmailer/language/phpmailer.lang-cz.php deleted file mode 100644 index 1c8b20639..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-cz.php +++ /dev/null @@ -1,25 +0,0 @@ - \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-dk.php b/wbce/include/phpmailer/language/phpmailer.lang-dk.php deleted file mode 100644 index b26257316..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-dk.php +++ /dev/null @@ -1,26 +0,0 @@ - -*/ - -$PHPMAILER_LANG['authenticate'] = 'SMTP fejl: Kunne ikke logge på.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP fejl: Kunne ikke tilslutte SMTP serveren.'; -$PHPMAILER_LANG['data_not_accepted'] = 'SMTP fejl: Data kunne ikke accepteres.'; -//$PHPMAILER_LANG['empty_message'] = 'Message body empty'; -$PHPMAILER_LANG['encoding'] = 'Ukendt encode-format: '; -$PHPMAILER_LANG['execute'] = 'Kunne ikke køre: '; -$PHPMAILER_LANG['file_access'] = 'Ingen adgang til fil: '; -$PHPMAILER_LANG['file_open'] = 'Fil fejl: Kunne ikke åbne filen: '; -$PHPMAILER_LANG['from_failed'] = 'Følgende afsenderadresse er forkert: '; -$PHPMAILER_LANG['instantiate'] = 'Kunne ikke initialisere email funktionen.'; -//$PHPMAILER_LANG['invalid_email'] = 'Not sending, email address is invalid: '; -$PHPMAILER_LANG['mailer_not_supported'] = ' mailer understøttes ikke.'; -$PHPMAILER_LANG['provide_address'] = 'Du skal indtaste mindst en modtagers emailadresse.'; -$PHPMAILER_LANG['recipients_failed'] = 'SMTP fejl: Følgende modtagere er forkerte: '; -//$PHPMAILER_LANG['signing'] = 'Signing Error: '; -//$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() failed.'; -//$PHPMAILER_LANG['smtp_error'] = 'SMTP server error: '; -//$PHPMAILER_LANG['variable_set'] = 'Cannot set or reset variable: '; -?> \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-en.php b/wbce/include/phpmailer/language/phpmailer.lang-en.php deleted file mode 100644 index 3ea64d331..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-en.php +++ /dev/null @@ -1,27 +0,0 @@ - \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-se.php b/wbce/include/phpmailer/language/phpmailer.lang-se.php deleted file mode 100644 index 67e05f59c..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-se.php +++ /dev/null @@ -1,26 +0,0 @@ - -*/ - -$PHPMAILER_LANG['authenticate'] = 'SMTP fel: Kunde inte autentisera.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP fel: Kunde inte ansluta till SMTP-server.'; -$PHPMAILER_LANG['data_not_accepted'] = 'SMTP fel: Data accepterades inte.'; -//$PHPMAILER_LANG['empty_message'] = 'Message body empty'; -$PHPMAILER_LANG['encoding'] = 'Okänt encode-format: '; -$PHPMAILER_LANG['execute'] = 'Kunde inte köra: '; -$PHPMAILER_LANG['file_access'] = 'Ingen åtkomst till fil: '; -$PHPMAILER_LANG['file_open'] = 'Fil fel: Kunde inte öppna fil: '; -$PHPMAILER_LANG['from_failed'] = 'Följande avsändaradress är felaktig: '; -$PHPMAILER_LANG['instantiate'] = 'Kunde inte initiera e-postfunktion.'; -//$PHPMAILER_LANG['invalid_email'] = 'Not sending, email address is invalid: '; -$PHPMAILER_LANG['provide_address'] = 'Du måste ange minst en mottagares e-postadress.'; -$PHPMAILER_LANG['mailer_not_supported'] = ' mailer stöds inte.'; -$PHPMAILER_LANG['recipients_failed'] = 'SMTP fel: Följande mottagare är felaktig: '; -//$PHPMAILER_LANG['signing'] = 'Signing Error: '; -//$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() failed.'; -//$PHPMAILER_LANG['smtp_error'] = 'SMTP server error: '; -//$PHPMAILER_LANG['variable_set'] = 'Cannot set or reset variable: '; -?> \ No newline at end of file