From e41be91cff5ffa43ea6bbb8df235011260ac4802 Mon Sep 17 00:00:00 2001 From: Arnt Gulbrandsen Date: Mon, 11 Aug 2025 17:51:42 +0200 Subject: [PATCH] External Libraries: Upgrade PHPMailer to version 6.10.0. Note: WordPress core does not include PHPMailer's DSN class, as it is not particularly relevant for WP. --- src/wp-includes/PHPMailer/PHPMailer.php | 336 ++++++++++++++++++++---- src/wp-includes/PHPMailer/SMTP.php | 127 +++++++-- 2 files changed, 389 insertions(+), 74 deletions(-) diff --git a/src/wp-includes/PHPMailer/PHPMailer.php b/src/wp-includes/PHPMailer/PHPMailer.php index 011fa92068e95..2444bcf3518a1 100644 --- a/src/wp-includes/PHPMailer/PHPMailer.php +++ b/src/wp-includes/PHPMailer/PHPMailer.php @@ -13,7 +13,7 @@ * @copyright 2012 - 2020 Marcus Bointon * @copyright 2010 - 2012 Jim Jagielski * @copyright 2004 - 2009 Andy Prevost - * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License + * @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License * @note This program is distributed in the hope that it will be useful - WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. @@ -152,8 +152,7 @@ class PHPMailer * Only supported in simple alt or alt_inline message types * To generate iCal event structures, use classes like EasyPeasyICS or iCalcreator. * - * @see http://sprain.ch/blog/downloads/php-class-easypeasyics-create-ical-files-with-php/ - * @see http://kigkonsult.se/iCalcreator/ + * @see https://kigkonsult.se/iCalcreator/ * * @var string */ @@ -254,7 +253,7 @@ class PHPMailer * You can set your own, but it must be in the format "", * as defined in RFC5322 section 3.6.4 or it will be ignored. * - * @see https://tools.ietf.org/html/rfc5322#section-3.6.4 + * @see https://www.rfc-editor.org/rfc/rfc5322#section-3.6.4 * * @var string */ @@ -357,6 +356,13 @@ class PHPMailer */ public $AuthType = ''; + /** + * SMTP SMTPXClient command attributes + * + * @var array + */ + protected $SMTPXClient = []; + /** * An implementation of the PHPMailer OAuthTokenProvider interface. * @@ -381,7 +387,7 @@ class PHPMailer * 'DELAY' will notify you if there is an unusual delay in delivery, but the actual * delivery's outcome (success or failure) is not yet decided. * - * @see https://tools.ietf.org/html/rfc3461 See section 4.1 for more information about NOTIFY + * @see https://www.rfc-editor.org/rfc/rfc3461.html#section-4.1 for more information about NOTIFY */ public $dsn = ''; @@ -461,7 +467,7 @@ class PHPMailer * Only applicable when sending via SMTP. * * @see https://en.wikipedia.org/wiki/Variable_envelope_return_path - * @see http://www.postfix.org/VERP_README.html Postfix VERP info + * @see https://www.postfix.org/VERP_README.html Postfix VERP info * * @var bool */ @@ -544,10 +550,10 @@ class PHPMailer * The function that handles the result of the send email action. * It is called out by send() for each email sent. * - * Value can be any php callable: http://www.php.net/is_callable + * Value can be any php callable: https://www.php.net/is_callable * * Parameters: - * bool $result result of the send action + * bool $result result of the send action * array $to email addresses of the recipients * array $cc cc email addresses * array $bcc bcc email addresses @@ -574,6 +580,10 @@ class PHPMailer * May be a callable to inject your own validator, but there are several built-in validators. * The default validator uses PHP's FILTER_VALIDATE_EMAIL filter_var option. * + * If CharSet is UTF8, the validator is left at the default value, + * and you send to addresses that use non-ASCII local parts, then + * PHPMailer automatically changes to the 'eai' validator. + * * @see PHPMailer::validateAddress() * * @var string|callable @@ -653,6 +663,14 @@ class PHPMailer */ protected $ReplyToQueue = []; + /** + * Whether the need for SMTPUTF8 has been detected. Set by + * preSend() if necessary. + * + * @var bool + */ + public $UseSMTPUTF8 = false; + /** * The array of attachments. * @@ -750,7 +768,7 @@ class PHPMailer * * @var string */ - const VERSION = '6.8.1'; + const VERSION = '6.10.0'; /** * Error severity: message only, continue processing. @@ -858,7 +876,7 @@ public function __destruct() private function mailPassthru($to, $subject, $body, $header, $params) { //Check overloading of mail function to avoid double-encoding - if ((int)ini_get('mbstring.func_overload') & 1) { // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated + if ((int)ini_get('mbstring.func_overload') & 1) { $subject = $this->secureHeader($subject); } else { $subject = $this->encodeHeader($this->secureHeader($subject)); @@ -896,7 +914,7 @@ protected function edebug($str) } //Is this a PSR-3 logger? if ($this->Debugoutput instanceof \Psr\Log\LoggerInterface) { - $this->Debugoutput->debug($str); + $this->Debugoutput->debug(rtrim($str, "\r\n")); return; } @@ -1065,7 +1083,7 @@ public function addReplyTo($address, $name = '') * be modified after calling this function), addition of such addresses is delayed until send(). * Addresses that have been added already return false, but do not throw exceptions. * - * @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo' + * @param string $kind One of 'to', 'cc', 'bcc', or 'Reply-To' * @param string $address The email address * @param string $name An optional username associated with the address * @@ -1104,19 +1122,22 @@ protected function addOrEnqueueAnAddress($kind, $address, $name) $params = [$kind, $address, $name]; //Enqueue addresses with IDN until we know the PHPMailer::$CharSet. //Domain is assumed to be whatever is after the last @ symbol in the address - if (static::idnSupported() && $this->has8bitChars(substr($address, ++$pos))) { - if ('Reply-To' !== $kind) { - if (!array_key_exists($address, $this->RecipientsQueue)) { - $this->RecipientsQueue[$address] = $params; + if ($this->has8bitChars(substr($address, ++$pos))) { + if (static::idnSupported()) { + if ('Reply-To' !== $kind) { + if (!array_key_exists($address, $this->RecipientsQueue)) { + $this->RecipientsQueue[$address] = $params; + + return true; + } + } elseif (!array_key_exists($address, $this->ReplyToQueue)) { + $this->ReplyToQueue[$address] = $params; return true; } - } elseif (!array_key_exists($address, $this->ReplyToQueue)) { - $this->ReplyToQueue[$address] = $params; - - return true; } - + //We have an 8-bit domain, but we are missing the necessary extensions to support it + //Or we are already sending to this address return false; } @@ -1154,6 +1175,15 @@ public function setBoundaries() */ protected function addAnAddress($kind, $address, $name = '') { + if ( + self::$validator === 'php' && + ((bool) preg_match('/[\x80-\xFF]/', $address)) + ) { + //The caller has not altered the validator and is sending to an address + //with UTF-8, so assume that they want UTF-8 support instead of failing + $this->CharSet = self::CHARSET_UTF8; + self::$validator = 'eai'; + } if (!in_array($kind, ['to', 'cc', 'bcc', 'Reply-To'])) { $error_message = sprintf( '%s: %s', @@ -1205,7 +1235,7 @@ protected function addAnAddress($kind, $address, $name = '') * Uses the imap_rfc822_parse_adrlist function if the IMAP extension is available. * Note that quotes in the name part are removed. * - * @see http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation + * @see https://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation * * @param string $addrstr The address list string * @param bool $useimap Whether to use the IMAP extension to parse the list @@ -1356,6 +1386,7 @@ public function getLastMessageID() * * `pcre` Use old PCRE implementation; * * `php` Use PHP built-in FILTER_VALIDATE_EMAIL; * * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements. + * * `eai` Use a pattern similar to the HTML5 spec for 'email' and to firefox, extended to support EAI (RFC6530). * * `noregex` Don't use a regex: super fast, really dumb. * Alternatively you may pass in a callable to inject your own validator, for example: * @@ -1400,7 +1431,6 @@ public static function validateAddress($address, $patternselect = null) * * IPv6 literals: 'first.last@[IPv6:a1::]' * Not all of these will necessarily work for sending! * - * @see http://squiloople.com/2009/12/20/email-address-validation/ * @copyright 2009-2010 Michael Rushton * Feel free to use and redistribute this code. But please keep this copyright notice. */ @@ -1427,6 +1457,24 @@ public static function validateAddress($address, $patternselect = null) '[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/sD', $address ); + case 'eai': + /* + * This is the pattern used in the HTML5 spec for validation of 'email' type + * form input elements (as above), modified to accept Unicode email addresses. + * This is also more lenient than Firefox' html5 spec, in order to make the regex faster. + * 'eai' is an acronym for Email Address Internationalization. + * This validator is selected automatically if you attempt to use recipient addresses + * that contain Unicode characters in the local part. + * + * @see https://html.spec.whatwg.org/#e-mail-state-(type=email) + * @see https://en.wikipedia.org/wiki/International_email + */ + return (bool) preg_match( + '/^[-\p{L}\p{N}\p{M}.!#$%&\'*+\/=?^_`{|}~]+@[\p{L}\p{N}\p{M}](?:[\p{L}\p{N}\p{M}-]{0,61}' . + '[\p{L}\p{N}\p{M}])?(?:\.[\p{L}\p{N}\p{M}]' . + '(?:[-\p{L}\p{N}\p{M}]{0,61}[\p{L}\p{N}\p{M}])?)*$/usD', + $address + ); case 'php': default: return filter_var($address, FILTER_VALIDATE_EMAIL) !== false; @@ -1484,11 +1532,9 @@ public function punyencodeAddress($address) ); } elseif (defined('INTL_IDNA_VARIANT_2003')) { //Fall back to this old, deprecated/removed encoding - // phpcs:ignore PHPCompatibility.Constants.RemovedConstants.intl_idna_variant_2003Deprecated $punycode = idn_to_ascii($domain, $errorcode, \INTL_IDNA_VARIANT_2003); } else { //Fall back to a default we don't know about - // phpcs:ignore PHPCompatibility.ParameterValues.NewIDNVariantDefault.NotSet $punycode = idn_to_ascii($domain, $errorcode); } if (false !== $punycode) { @@ -1562,9 +1608,26 @@ public function preSend() $this->error_count = 0; //Reset errors $this->mailHeader = ''; + //The code below tries to support full use of Unicode, + //while remaining compatible with legacy SMTP servers to + //the greatest degree possible: If the message uses + //Unicode in the local parts of any addresses, it is sent + //using SMTPUTF8. If not, it it sent using + //punycode-encoded domains and plain SMTP. + if ( + static::CHARSET_UTF8 === strtolower($this->CharSet) && + ($this->anyAddressHasUnicodeLocalPart($this->RecipientsQueue) || + $this->anyAddressHasUnicodeLocalPart(array_keys($this->all_recipients)) || + $this->anyAddressHasUnicodeLocalPart($this->ReplyToQueue) || + $this->addressHasUnicodeLocalPart($this->From)) + ) { + $this->UseSMTPUTF8 = true; + } //Dequeue recipient and Reply-To addresses with IDN foreach (array_merge($this->RecipientsQueue, $this->ReplyToQueue) as $params) { - $params[1] = $this->punyencodeAddress($params[1]); + if (!$this->UseSMTPUTF8) { + $params[1] = $this->punyencodeAddress($params[1]); + } call_user_func_array([$this, 'addAnAddress'], $params); } if (count($this->to) + count($this->cc) + count($this->bcc) < 1) { @@ -1573,6 +1636,10 @@ public function preSend() //Validate From, Sender, and ConfirmReadingTo addresses foreach (['From', 'Sender', 'ConfirmReadingTo'] as $address_kind) { + if ($this->{$address_kind} === null) { + $this->{$address_kind} = ''; + continue; + } $this->{$address_kind} = trim($this->{$address_kind}); if (empty($this->{$address_kind})) { continue; @@ -1725,9 +1792,8 @@ protected function sendmailSend($header, $body) //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver //A space after `-f` is optional, but there is a long history of its presence //causing problems, so we don't use one - //Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html - //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html - //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html + //Exim docs: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html + //Sendmail docs: https://www.sendmail.org/~ca/email/man/sendmail.html //Example problem: https://www.drupal.org/node/1057954 //PHP 5.6 workaround @@ -1865,7 +1931,7 @@ protected static function isShellSafe($string) */ protected static function isPermittedPath($path) { - //Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1 + //Matches scheme definition from https://www.rfc-editor.org/rfc/rfc3986#section-3.1 return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path); } @@ -1892,7 +1958,7 @@ protected static function fileIsAccessible($path) /** * Send mail using the PHP mail() function. * - * @see http://www.php.net/manual/en/book.mail.php + * @see https://www.php.net/manual/en/book.mail.php * * @param string $header The message headers * @param string $body The message body @@ -1922,9 +1988,8 @@ protected function mailSend($header, $body) //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver //A space after `-f` is optional, but there is a long history of its presence //causing problems, so we don't use one - //Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html - //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html - //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html + //Exim docs: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html + //Sendmail docs: https://www.sendmail.org/~ca/email/man/sendmail.html //Example problem: https://www.drupal.org/node/1057954 //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. @@ -1999,6 +2064,38 @@ public function setSMTPInstance(SMTP $smtp) return $this->smtp; } + /** + * Provide SMTP XCLIENT attributes + * + * @param string $name Attribute name + * @param ?string $value Attribute value + * + * @return bool + */ + public function setSMTPXclientAttribute($name, $value) + { + if (!in_array($name, SMTP::$xclient_allowed_attributes)) { + return false; + } + if (isset($this->SMTPXClient[$name]) && $value === null) { + unset($this->SMTPXClient[$name]); + } elseif ($value !== null) { + $this->SMTPXClient[$name] = $value; + } + + return true; + } + + /** + * Get SMTP XCLIENT attributes + * + * @return array + */ + public function getSMTPXclientAttributes() + { + return $this->SMTPXClient; + } + /** * Send mail via SMTP. * Returns false if there is a bad MAIL FROM, RCPT, or DATA input. @@ -2021,12 +2118,20 @@ protected function smtpSend($header, $body) if (!$this->smtpConnect($this->SMTPOptions)) { throw new Exception($this->lang('smtp_connect_failed'), self::STOP_CRITICAL); } + //If we have recipient addresses that need Unicode support, + //but the server doesn't support it, stop here + if ($this->UseSMTPUTF8 && !$this->smtp->getServerExt('SMTPUTF8')) { + throw new Exception($this->lang('no_smtputf8'), self::STOP_CRITICAL); + } //Sender already validated in preSend() if ('' === $this->Sender) { $smtp_from = $this->From; } else { $smtp_from = $this->Sender; } + if (count($this->SMTPXClient)) { + $this->smtp->xclient($this->SMTPXClient); + } if (!$this->smtp->mail($smtp_from)) { $this->setError($this->lang('from_failed') . $smtp_from . ' : ' . implode(',', $this->smtp->getError())); throw new Exception($this->ErrorInfo, self::STOP_CRITICAL); @@ -2119,6 +2224,7 @@ public function smtpConnect($options = null) $this->smtp->setDebugLevel($this->SMTPDebug); $this->smtp->setDebugOutput($this->Debugoutput); $this->smtp->setVerp($this->do_verp); + $this->smtp->setSMTPUTF8($this->UseSMTPUTF8); if ($this->Host === null) { $this->Host = 'localhost'; } @@ -2189,10 +2295,17 @@ public function smtpConnect($options = null) $this->smtp->hello($hello); //Automatically enable TLS encryption if: //* it's not disabled + //* we are not connecting to localhost //* we have openssl extension //* we are not already using SSL //* the server offers STARTTLS - if ($this->SMTPAutoTLS && $sslext && 'ssl' !== $secure && $this->smtp->getServerExt('STARTTLS')) { + if ( + $this->SMTPAutoTLS && + $this->Host !== 'localhost' && + $sslext && + $secure !== 'ssl' && + $this->smtp->getServerExt('STARTTLS') + ) { $tls = true; } if ($tls) { @@ -2309,6 +2422,7 @@ public function setLanguage($langcode = 'en', $lang_path = '') 'smtp_detail' => 'Detail: ', 'smtp_error' => 'SMTP server error: ', 'variable_set' => 'Cannot set or reset variable: ', + 'no_smtputf8' => 'Server does not support SMTPUTF8 needed to send to Unicode addresses', ]; if (empty($lang_path)) { //Calculate an absolute path so it can work if CWD is not here @@ -2658,7 +2772,7 @@ public function createHeader() } //Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4 - //https://tools.ietf.org/html/rfc5322#section-3.6.4 + //https://www.rfc-editor.org/rfc/rfc5322#section-3.6.4 if ( '' !== $this->MessageID && preg_match( @@ -2823,7 +2937,9 @@ public function createBody() $bodyEncoding = $this->Encoding; $bodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? - if (static::ENCODING_8BIT === $bodyEncoding && !$this->has8bitChars($this->Body)) { + if ($this->UseSMTPUTF8) { + $bodyEncoding = static::ENCODING_8BIT; + } elseif (static::ENCODING_8BIT === $bodyEncoding && !$this->has8bitChars($this->Body)) { $bodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $bodyCharSet = static::CHARSET_ASCII; @@ -3460,7 +3576,8 @@ public function encodeString($str, $encoding = self::ENCODING_BASE64) /** * Encode a header value (not including its label) optimally. * Picks shortest of Q, B, or none. Result includes folding if needed. - * See RFC822 definitions for phrase, comment and text positions. + * See RFC822 definitions for phrase, comment and text positions, + * and RFC2047 for inline encodings. * * @param string $str The header value to encode * @param string $position What context the string will be used in @@ -3469,6 +3586,11 @@ public function encodeString($str, $encoding = self::ENCODING_BASE64) */ public function encodeHeader($str, $position = 'text') { + $position = strtolower($position); + if ($this->UseSMTPUTF8 && !("comment" === $position)) { + return trim(static::normalizeBreaks($str)); + } + $matchcount = 0; switch (strtolower($position)) { case 'phrase': @@ -3583,7 +3705,7 @@ public function has8bitChars($text) * without breaking lines within a character. * Adapted from a function by paravoid. * - * @see http://www.php.net/manual/en/function.mb-encode-mimeheader.php#60283 + * @see https://www.php.net/manual/en/function.mb-encode-mimeheader.php#60283 * * @param string $str multi-byte text to wrap encode * @param string $linebreak string to use as linefeed/end-of-line @@ -3639,7 +3761,7 @@ public function encodeQP($string) /** * Encode a string using Q encoding. * - * @see http://tools.ietf.org/html/rfc2047#section-4.2 + * @see https://www.rfc-editor.org/rfc/rfc2047#section-4.2 * * @param string $str the text to encode * @param string $position Where the text is going to be used, see the RFC for what that means @@ -4049,6 +4171,79 @@ public function clearCustomHeaders() $this->CustomHeader = []; } + /** + * Clear a specific custom header by name or name and value. + * $name value can be overloaded to contain + * both header name and value (name:value). + * + * @param string $name Custom header name + * @param string|null $value Header value + * + * @return bool True if a header was replaced successfully + */ + public function clearCustomHeader($name, $value = null) + { + if (null === $value && strpos($name, ':') !== false) { + //Value passed in as name:value + list($name, $value) = explode(':', $name, 2); + } + $name = trim($name); + $value = (null === $value) ? null : trim($value); + + foreach ($this->CustomHeader as $k => $pair) { + if ($pair[0] == $name) { + // We remove the header if the value is not provided or it matches. + if (null === $value || $pair[1] == $value) { + unset($this->CustomHeader[$k]); + } + } + } + + return true; + } + + /** + * Replace a custom header. + * $name value can be overloaded to contain + * both header name and value (name:value). + * + * @param string $name Custom header name + * @param string|null $value Header value + * + * @return bool True if a header was replaced successfully + * @throws Exception + */ + public function replaceCustomHeader($name, $value = null) + { + if (null === $value && strpos($name, ':') !== false) { + //Value passed in as name:value + list($name, $value) = explode(':', $name, 2); + } + $name = trim($name); + $value = (null === $value) ? '' : trim($value); + + $replaced = false; + foreach ($this->CustomHeader as $k => $pair) { + if ($pair[0] == $name) { + if ($replaced) { + unset($this->CustomHeader[$k]); + continue; + } + if (strpbrk($name . $value, "\r\n") !== false) { + if ($this->exceptions) { + throw new Exception($this->lang('invalid_header')); + } + + return false; + } + $this->CustomHeader[$k] = [$name, $value]; + $replaced = true; + } + } + + return true; + } + /** * Add an error message to the error container. * @@ -4060,7 +4255,7 @@ protected function setError($msg) if ('smtp' === $this->Mailer && null !== $this->smtp) { $lasterror = $this->smtp->getError(); if (!empty($lasterror['error'])) { - $msg .= $this->lang('smtp_error') . $lasterror['error']; + $msg .= ' ' . $this->lang('smtp_error') . $lasterror['error']; if (!empty($lasterror['detail'])) { $msg .= ' ' . $this->lang('smtp_detail') . $lasterror['detail']; } @@ -4104,7 +4299,7 @@ protected function serverHostname() $result = $_SERVER['SERVER_NAME']; } elseif (function_exists('gethostname') && gethostname() !== false) { $result = gethostname(); - } elseif (php_uname('n') !== false) { + } elseif (php_uname('n') !== '') { $result = php_uname('n'); } if (!static::isValidHost($result)) { @@ -4129,7 +4324,7 @@ public static function isValidHost($host) empty($host) || !is_string($host) || strlen($host) > 256 - || !preg_match('/^([a-zA-Z\d.-]*|\[[a-fA-F\d:]+\])$/', $host) + || !preg_match('/^([a-z\d.-]*|\[[a-f\d:]+\])$/i', $host) ) { return false; } @@ -4143,10 +4338,49 @@ public static function isValidHost($host) //Is it a valid IPv4 address? return filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false; } - //Is it a syntactically valid hostname (when embeded in a URL)? - return filter_var('http://' . $host, FILTER_VALIDATE_URL) !== false; + //Is it a syntactically valid hostname (when embedded in a URL)? + return filter_var('https://' . $host, FILTER_VALIDATE_URL) !== false; + } + + /** + * Check whether the supplied address uses Unicode in the local part. + * + * @return bool + */ + protected function addressHasUnicodeLocalPart($address) + { + return (bool) preg_match('/[\x80-\xFF].*@/', $address); + } + + /** + * Check whether any of the supplied addresses use Unicode in the local part. + * + * @return bool + */ + protected function anyAddressHasUnicodeLocalPart($addresses) + { + foreach ($addresses as $address) { + if (is_array($address)) { + $address = $address[0]; + } + if ($this->addressHasUnicodeLocalPart($address)) { + return true; + } + } + return false; } + /** + * Check whether the message requires SMTPUTF8 based on what's known so far. + * + * @return bool + */ + public function needsSMTPUTF8() + { + return $this->UseSMTPUTF8; + } + + /** * Get an error message in the current language. * @@ -4555,7 +4789,7 @@ public static function filenameToType($filename) * Multi-byte-safe pathinfo replacement. * Drop-in replacement for pathinfo(), but multibyte- and cross-platform-safe. * - * @see http://www.php.net/manual/en/function.pathinfo.php#107461 + * @see https://www.php.net/manual/en/function.pathinfo.php#107461 * * @param string $path A filename or path, does not need to exist as a file * @param int|string $options Either a PATHINFO_* constant, @@ -4790,7 +5024,7 @@ public function DKIM_Sign($signHeader) * Uses the 'relaxed' algorithm from RFC6376 section 3.4.2. * Canonicalized headers should *always* use CRLF, regardless of mailer setting. * - * @see https://tools.ietf.org/html/rfc6376#section-3.4.2 + * @see https://www.rfc-editor.org/rfc/rfc6376#section-3.4.2 * * @param string $signHeader Header * @@ -4802,7 +5036,7 @@ public function DKIM_HeaderC($signHeader) $signHeader = static::normalizeBreaks($signHeader, self::CRLF); //Unfold header lines //Note PCRE \s is too broad a definition of whitespace; RFC5322 defines it as `[ \t]` - //@see https://tools.ietf.org/html/rfc5322#section-2.2 + //@see https://www.rfc-editor.org/rfc/rfc5322#section-2.2 //That means this may break if you do something daft like put vertical tabs in your headers. $signHeader = preg_replace('/\r\n[ \t]+/', ' ', $signHeader); //Break headers out into an array @@ -4834,7 +5068,7 @@ public function DKIM_HeaderC($signHeader) * Uses the 'simple' algorithm from RFC6376 section 3.4.3. * Canonicalized bodies should *always* use CRLF, regardless of mailer setting. * - * @see https://tools.ietf.org/html/rfc6376#section-3.4.3 + * @see https://www.rfc-editor.org/rfc/rfc6376#section-3.4.3 * * @param string $body Message Body * @@ -4870,7 +5104,7 @@ public function DKIM_Add($headers_line, $subject, $body) $DKIMquery = 'dns/txt'; //Query method $DKIMtime = time(); //Always sign these headers without being asked - //Recommended list from https://tools.ietf.org/html/rfc6376#section-5.4.1 + //Recommended list from https://www.rfc-editor.org/rfc/rfc6376#section-5.4.1 $autoSignHeaders = [ 'from', 'to', @@ -4976,7 +5210,7 @@ public function DKIM_Add($headers_line, $subject, $body) } //The DKIM-Signature header is included in the signature *except for* the value of the `b` tag //which is appended after calculating the signature - //https://tools.ietf.org/html/rfc6376#section-3.5 + //https://www.rfc-editor.org/rfc/rfc6376#section-3.5 $dkimSignatureHeader = 'DKIM-Signature: v=1;' . ' d=' . $this->DKIM_domain . ';' . ' s=' . $this->DKIM_selector . ';' . static::$LE . diff --git a/src/wp-includes/PHPMailer/SMTP.php b/src/wp-includes/PHPMailer/SMTP.php index 2b63840304749..7226ee93be93b 100644 --- a/src/wp-includes/PHPMailer/SMTP.php +++ b/src/wp-includes/PHPMailer/SMTP.php @@ -13,7 +13,7 @@ * @copyright 2012 - 2020 Marcus Bointon * @copyright 2010 - 2012 Jim Jagielski * @copyright 2004 - 2009 Andy Prevost - * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License + * @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License * @note This program is distributed in the hope that it will be useful - WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. @@ -35,7 +35,7 @@ class SMTP * * @var string */ - const VERSION = '6.8.1'; + const VERSION = '6.10.0'; /** * SMTP line break constant. @@ -62,7 +62,7 @@ class SMTP * The maximum line length allowed by RFC 5321 section 4.5.3.1.6, * *excluding* a trailing CRLF break. * - * @see https://tools.ietf.org/html/rfc5321#section-4.5.3.1.6 + * @see https://www.rfc-editor.org/rfc/rfc5321#section-4.5.3.1.6 * * @var int */ @@ -72,7 +72,7 @@ class SMTP * The maximum line length allowed for replies in RFC 5321 section 4.5.3.1.5, * *including* a trailing CRLF line break. * - * @see https://tools.ietf.org/html/rfc5321#section-4.5.3.1.5 + * @see https://www.rfc-editor.org/rfc/rfc5321#section-4.5.3.1.5 * * @var int */ @@ -152,19 +152,28 @@ class SMTP /** * Whether to use VERP. * - * @see http://en.wikipedia.org/wiki/Variable_envelope_return_path - * @see http://www.postfix.org/VERP_README.html Info on VERP + * @see https://en.wikipedia.org/wiki/Variable_envelope_return_path + * @see https://www.postfix.org/VERP_README.html Info on VERP * * @var bool */ public $do_verp = false; + /** + * Whether to use SMTPUTF8. + * + * @see https://www.rfc-editor.org/rfc/rfc6531 + * + * @var bool + */ + public $do_smtputf8 = false; + /** * The timeout value for connection, in seconds. * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2. * This needs to be quite high to function correctly with hosts using greetdelay as an anti-spam measure. * - * @see http://tools.ietf.org/html/rfc2821#section-4.5.3.2 + * @see https://www.rfc-editor.org/rfc/rfc2821#section-4.5.3.2 * * @var int */ @@ -187,17 +196,29 @@ class SMTP */ protected $smtp_transaction_id_patterns = [ 'exim' => '/[\d]{3} OK id=(.*)/', - 'sendmail' => '/[\d]{3} 2.0.0 (.*) Message/', - 'postfix' => '/[\d]{3} 2.0.0 Ok: queued as (.*)/', - 'Microsoft_ESMTP' => '/[0-9]{3} 2.[\d].0 (.*)@(?:.*) Queued mail for delivery/', + 'sendmail' => '/[\d]{3} 2\.0\.0 (.*) Message/', + 'postfix' => '/[\d]{3} 2\.0\.0 Ok: queued as (.*)/', + 'Microsoft_ESMTP' => '/[0-9]{3} 2\.[\d]\.0 (.*)@(?:.*) Queued mail for delivery/', 'Amazon_SES' => '/[\d]{3} Ok (.*)/', 'SendGrid' => '/[\d]{3} Ok: queued as (.*)/', - 'CampaignMonitor' => '/[\d]{3} 2.0.0 OK:([a-zA-Z\d]{48})/', + 'CampaignMonitor' => '/[\d]{3} 2\.0\.0 OK:([a-zA-Z\d]{48})/', 'Haraka' => '/[\d]{3} Message Queued \((.*)\)/', 'ZoneMTA' => '/[\d]{3} Message queued as (.*)/', 'Mailjet' => '/[\d]{3} OK queued as (.*)/', ]; + /** + * Allowed SMTP XCLIENT attributes. + * Must be allowed by the SMTP server. EHLO response is not checked. + * + * @see https://www.postfix.org/XCLIENT_README.html + * + * @var array + */ + public static $xclient_allowed_attributes = [ + 'NAME', 'ADDR', 'PORT', 'PROTO', 'HELO', 'LOGIN', 'DESTADDR', 'DESTPORT' + ]; + /** * The last transaction ID issued in response to a DATA command, * if one was detected. @@ -268,7 +289,8 @@ protected function edebug($str, $level = 0) } //Is this a PSR-3 logger? if ($this->Debugoutput instanceof \Psr\Log\LoggerInterface) { - $this->Debugoutput->debug($str); + //Remove trailing line breaks potentially added by calls to SMTP::client_send() + $this->Debugoutput->debug(rtrim($str, "\r\n")); return; } @@ -281,6 +303,7 @@ protected function edebug($str, $level = 0) switch ($this->Debugoutput) { case 'error_log': //Don't output, just log + /** @noinspection ForgottenDebugOutputInspection */ error_log($str); break; case 'html': @@ -359,7 +382,7 @@ public function connect($host, $port = null, $timeout = 30, $options = []) } //Anything other than a 220 response means something went wrong //RFC 5321 says the server will wait for us to send a QUIT in response to a 554 error - //https://tools.ietf.org/html/rfc5321#section-3.1 + //https://www.rfc-editor.org/rfc/rfc5321#section-3.1 if ($responseCode === 554) { $this->quit(); } @@ -392,7 +415,9 @@ protected function getSMTPConnection($host, $port = null, $timeout = 30, $option $errstr = ''; if ($streamok) { $socket_context = stream_context_create($options); - set_error_handler([$this, 'errorHandler']); + set_error_handler(function () { + call_user_func_array([$this, 'errorHandler'], func_get_args()); + }); $connection = stream_socket_client( $host . ':' . $port, $errno, @@ -407,7 +432,9 @@ protected function getSMTPConnection($host, $port = null, $timeout = 30, $option 'Connection: stream_socket_client not available, falling back to fsockopen', self::DEBUG_CONNECTION ); - set_error_handler([$this, 'errorHandler']); + set_error_handler(function () { + call_user_func_array([$this, 'errorHandler'], func_get_args()); + }); $connection = fsockopen( $host, $port, @@ -471,7 +498,9 @@ public function startTLS() } //Begin encrypted connection - set_error_handler([$this, 'errorHandler']); + set_error_handler(function () { + call_user_func_array([$this, 'errorHandler'], func_get_args()); + }); $crypto_ok = stream_socket_enable_crypto( $this->smtp_conn, true, @@ -562,7 +591,7 @@ public function authenticate( } //Send encoded username and password if ( - //Format from https://tools.ietf.org/html/rfc4616#section-2 + //Format from https://www.rfc-editor.org/rfc/rfc4616#section-2 //We skip the first field (it's forgery), so the string starts with a null byte !$this->sendCommand( 'User & Password', @@ -636,7 +665,7 @@ protected function hmac($data, $key) } //The following borrowed from - //http://php.net/manual/en/function.mhash.php#27225 + //https://www.php.net/manual/en/function.mhash.php#27225 //RFC 2104 HMAC implementation for php. //Creates an md5 HMAC. @@ -775,7 +804,7 @@ public function data($msg_data) //Send the lines to the server foreach ($lines_out as $line_out) { //Dot-stuffing as per RFC5321 section 4.5.2 - //https://tools.ietf.org/html/rfc5321#section-4.5.2 + //https://www.rfc-editor.org/rfc/rfc5321#section-4.5.2 if (!empty($line_out) && $line_out[0] === '.') { $line_out = '.' . $line_out; } @@ -893,7 +922,15 @@ protected function parseHelloFields($type) * $from. Returns true if successful or false otherwise. If True * the mail transaction is started and then one or more recipient * commands may be called followed by a data command. - * Implements RFC 821: MAIL FROM: . + * Implements RFC 821: MAIL FROM: and + * two extensions, namely XVERP and SMTPUTF8. + * + * The server's EHLO response is not checked. If use of either + * extensions is enabled even though the server does not support + * that, mail submission will fail. + * + * XVERP is documented at https://www.postfix.org/VERP_README.html + * and SMTPUTF8 is specified in RFC 6531. * * @param string $from Source address of this message * @@ -902,10 +939,11 @@ protected function parseHelloFields($type) public function mail($from) { $useVerp = ($this->do_verp ? ' XVERP' : ''); + $useSmtputf8 = ($this->do_smtputf8 ? ' SMTPUTF8' : ''); return $this->sendCommand( 'MAIL FROM', - 'MAIL FROM:<' . $from . '>' . $useVerp, + 'MAIL FROM:<' . $from . '>' . $useSmtputf8 . $useVerp, 250 ); } @@ -971,6 +1009,25 @@ public function recipient($address, $dsn = '') ); } + /** + * Send SMTP XCLIENT command to server and check its return code. + * + * @return bool True on success + */ + public function xclient(array $vars) + { + $xclient_options = ""; + foreach ($vars as $key => $value) { + if (in_array($key, SMTP::$xclient_allowed_attributes)) { + $xclient_options .= " {$key}={$value}"; + } + } + if (!$xclient_options) { + return true; + } + return $this->sendCommand('XCLIENT', 'XCLIENT' . $xclient_options, 250); + } + /** * Send an SMTP RSET command. * Abort any transaction that is currently in progress. @@ -1131,7 +1188,9 @@ public function client_send($data, $command = '') } else { $this->edebug('CLIENT -> SERVER: ' . $data, self::DEBUG_CLIENT); } - set_error_handler([$this, 'errorHandler']); + set_error_handler(function () { + call_user_func_array([$this, 'errorHandler'], func_get_args()); + }); $result = fwrite($this->smtp_conn, $data); restore_error_handler(); @@ -1234,7 +1293,9 @@ protected function get_lines() while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { //Must pass vars in here as params are by reference //solution for signals inspired by https://github.com/symfony/symfony/pull/6540 - set_error_handler([$this, 'errorHandler']); + set_error_handler(function () { + call_user_func_array([$this, 'errorHandler'], func_get_args()); + }); $n = stream_select($selR, $selW, $selW, $this->Timelimit); restore_error_handler(); @@ -1321,6 +1382,26 @@ public function getVerp() return $this->do_verp; } + /** + * Enable or disable use of SMTPUTF8. + * + * @param bool $enabled + */ + public function setSMTPUTF8($enabled = false) + { + $this->do_smtputf8 = $enabled; + } + + /** + * Get SMTPUTF8 use. + * + * @return bool + */ + public function getSMTPUTF8() + { + return $this->do_smtputf8; + } + /** * Set error messages and codes. *