You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: changelog.md
+2
Original file line number
Diff line number
Diff line change
@@ -3,6 +3,8 @@
3
3
* Allow addresses with IDN (Internationalized Domain Name) in PHP 5.3+, thanks to @fbonzon
4
4
* Allow access to POP3 errors
5
5
* Make all POP3 private properties and methods protected
6
+
***SECURITY** Fix vulnerability that allowed email addresses with line breaks (valid in RFC5322) to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada.
7
+
* Updated Brazilian Portuguese translations (Thanks to @phelipealves)
6
8
7
9
## Version 5.2.13 (Sep 14th 2015)
8
10
* Rename internal oauth class to avoid name clashes
Copy file name to clipboardExpand all lines: test/phpmailerTest.php
+75-69
Original file line number
Diff line number
Diff line change
@@ -361,7 +361,6 @@ public function testValidate()
361
361
'"Fred\ Bloggs"@iana.org',
362
362
'"Joe.\Blow"@iana.org',
363
363
'"Abc@def"@iana.org',
364
-
'"Fred Bloggs"@iana.org',
365
364
'user+mailbox@iana.org',
366
365
'customer/department=shipping@iana.org',
367
366
'$A12345@iana.org',
@@ -467,7 +466,7 @@ public function testValidate()
467
466
'first.last@[IPv6:a1::b2:11.22.33.44]',
468
467
'test@test.com',
469
468
'test@xn--example.com',
470
-
'test@example.com',
469
+
'test@example.com'
471
470
);
472
471
$invalidaddresses = array(
473
472
'first.last@sub.do,com',
@@ -608,6 +607,7 @@ public function testValidate()
608
607
'first.last@[IPv6:a1:a2:a3:a4:b1:b2:b3:]',
609
608
'first.last@[IPv6::a2:a3:a4:b1:b2:b3:b4]',
610
609
'first.last@[IPv6:a1:a2:a3:a4::b1:b2:b3:b4]',
610
+
"(\r\n RCPT TO:websec02@d.mbsd.jp\r\n DATA \\\nSubject: spam10\\\n\r\n Hello,\r\n this is a spam mail.\\\n.\r\n QUIT\r\n ) a@gmail.com"//This is valid RCC5322, but we don't want to allow it
611
611
);
612
612
// IDNs in Unicode and ASCII forms.
613
613
$unicodeaddresses = array(
@@ -1825,73 +1825,11 @@ public function testMiscellaneous()
1825
1825
$this->assertEquals($q['extension'], 'mp3', 'Windows extension not matched');
1826
1826
$this->assertEquals($q['filename'], '飛兒樂 團光茫', 'Windows filename not matched');
1827
1827
}
1828
-
1829
-
/**
1830
-
* Use a fake POP3 server to test POP-before-SMTP auth.
0 commit comments