Proposed fix for #2069

Synchro · Synchro · commit e2e07a355ee8 · 2020-09-30T19:29:00.000+02:00
diff --git a/src/PHPMailer.php b/src/PHPMailer.php
@@ -1753,6 +1753,23 @@ protected static function isPermittedPath($path)
         return !preg_match('#^[a-z]+://#i', $path);
     }
 
+    /**
+     * Check whether a file path is safe, accessible, and readable.
+     *
+     * @param string $path A relative or absolute path to a file
+     *
+     * @return bool
+     */
+    protected static function fileIsAccessible($path)
+    {
+        $readable = file_exists($path);
+        //If not a UNC path (expected to start with \\), check read permission, see #2069
+        if (strpos($path, '\\\\') !== 0) {
+            $readable = $readable && is_readable($path);
+        }
+        return static::isPermittedPath($path) && $readable;
+    }
+
     /**
      * Send mail using the PHP mail() function.
      *
@@ -2141,7 +2158,7 @@ public function setLanguage($langcode = 'en', $lang_path = '')
         // There is no English translation file
         if ('en' !== $langcode) {
             // Make sure language file path is readable
-            if (!static::isPermittedPath($lang_file) || !file_exists($lang_file)) {
+            if (!static::fileIsAccessible($lang_file)) {
                 $foundlang = false;
             } else {
                 // Overwrite language-specific strings.
@@ -2970,7 +2987,7 @@ public function addAttachment(
         $disposition = 'attachment'
     ) {
         try {
-            if (!static::isPermittedPath($path) || !@is_file($path) || !is_readable($path)) {
+            if (!static::fileIsAccessible($path)) {
                 throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE);
             }
 
@@ -3144,7 +3161,7 @@ protected function attachAll($disposition_type, $boundary)
     protected function encodeFile($path, $encoding = self::ENCODING_BASE64)
     {
         try {
-            if (!static::isPermittedPath($path) || !file_exists($path) || !is_readable($path)) {
+            if (!static::fileIsAccessible($path)) {
                 throw new Exception($this->lang('file_open') . $path, self::STOP_CONTINUE);
             }
             $file_buffer = file_get_contents($path);
@@ -3530,7 +3547,7 @@ public function addEmbeddedImage(
         $disposition = 'inline'
     ) {
         try {
-            if (!static::isPermittedPath($path) || !@is_file($path) || !is_readable($path)) {
+            if (!static::fileIsAccessible($path)) {
                 throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE);
             }
 
diff --git a/test/PHPMailerTest.php b/test/PHPMailerTest.php
@@ -1476,6 +1476,9 @@ public function testAltBodyAttachment()
             return;
         }
 
+        //Test using non-existent UNC path
+        self::assertFalse($this->Mail->addAttachment('\\\\nowhere\nothing'));
+
         $this->buildBody();
         self::assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);
     }

Original file line number	Diff line number	Diff line change
`@@ -1476,6 +1476,9 @@ public function testAltBodyAttachment()`
`1476`	`1476`	`return;`
`1477`	`1477`	`}`
`1478`	`1478`
	`1479`	`+ //Test using non-existent UNC path`
	`1480`	`+ self::assertFalse($this->Mail->addAttachment('\\\\nowhere\nothing'));`
	`1481`	`+`
`1479`	`1482`	`$this->buildBody();`
`1480`	`1483`	`self::assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);`
`1481`	`1484`	`}`