[Web] Fix mailbox editing when password is unchanged, fix adding new administrator (fixes #4054, fixes #4053); [Web] Update libs, add LDAP for future admin/domain admin authentication
This commit is contained in:
andryyy
@@ -2,7 +2,7 @@
|
||||
|
||||
# PHPMailer – A full-featured email creation and transfer class for PHP
|
||||
|
||||
[](https://github.com/PHPMailer/PHPMailer/actions) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://phpmailer.github.io/PHPMailer/)
|
||||
[](https://github.com/PHPMailer/PHPMailer/actions) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://phpmailer.github.io/PHPMailer/)
|
||||
|
||||
## Features
|
||||
- Probably the world's most popular code for sending email from PHP!
|
||||
@@ -142,7 +142,7 @@ PHPMailer defaults to English, but in the [language](https://github.com/PHPMaile
|
||||
$mail->setLanguage('fr', '/optional/path/to/language/directory/');
|
||||
```
|
||||
|
||||
We welcome corrections and new languages – if you're looking for corrections to do, run the [PHPMailerLangTest.php](https://github.com/PHPMailer/PHPMailer/tree/master/test/PHPMailerLangTest.php) script in the tests folder and it will show any missing translations.
|
||||
We welcome corrections and new languages – if you're looking for corrections, run the [PHPMailerLangTest.php](https://github.com/PHPMailer/PHPMailer/tree/master/test/PHPMailerLangTest.php) script in the tests folder and it will show any missing translations.
|
||||
|
||||
## Documentation
|
||||
Start reading at the [GitHub wiki](https://github.com/PHPMailer/PHPMailer/wiki). If you're having trouble, head for [the troubleshooting guide](https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting) as it's frequently updated.
|
||||
@@ -185,12 +185,20 @@ git remote set-url upstream https://github.com/PHPMailer/PHPMailer.git
|
||||
Please *don't* use the SourceForge or Google Code projects any more; they are obsolete and no longer maintained.
|
||||
|
||||
## Sponsorship
|
||||
Development time and resources for PHPMailer are provided by [Smartmessages.net](https://info.smartmessages.net/), the world's only privacy-first email marketing system.
|
||||
Development time and resources for PHPMailer are provided by [Smartmessages.net](https://info.smartmessages.net/), the world's only privacy-first email marketing system.
|
||||
|
||||
<a href="https://info.smartmessages.net/"><img src="https://www.smartmessages.net/img/smartmessages-logo.svg" width="550" alt="Smartmessages.net privacy-first email marketing logo"></a>
|
||||
|
||||
Donations are very welcome, whether in beer 🍺, T-shirts 👕, or cold, hard cash 💰. Sponsorship through GitHub is a simple and convenient way to say "thank you" to PHPMailer's maintainers and contributors – just click the "Sponsor" button [on the project page](https://github.com/PHPMailer/PHPMailer). If your company uses PHPMailer, consider taking part in Tidelift's enterprise support programme.
|
||||
|
||||
Contributions are very welcome, whether in beer 🍺, T-shirts 👕, or cold, hard cash 💰. Sponsorship through GitHub is a simple and convenient way to say "thank you" to PHPMailer's maintainers and contributors – just click the "Sponsor" button [on the project page](https://github.com/PHPMailer/PHPMailer).
|
||||
## PHPMailer For Enterprise
|
||||
|
||||
Available as part of the Tidelift Subscription.
|
||||
|
||||
The maintainers of PHPMailer and thousands of other packages are working with Tidelift to deliver commercial
|
||||
support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and
|
||||
improve code health, while paying the maintainers of the exact packages you
|
||||
use. [Learn more.](https://tidelift.com/subscription/pkg/packagist-phpmailer-phpmailer?utm_source=packagist-phpmailer-phpmailer&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
||||
|
||||
## Changelog
|
||||
See [changelog](changelog.md).
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Security notices relating to PHPMailer
|
||||
|
||||
Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
|
||||
Please disclose any security issues or vulnerabilities found through [Tidelift's coordinated disclosure system](https://tidelift.com/security) or to the maintainers privately.
|
||||
|
||||
PHPMailer versions 6.1.5 and earlier contain an output escaping bug that occurs in `Content-Type` and `Content-Disposition` when filenames passed into `addAttachment` and other methods that accept attachment names contain double quote characters, in contravention of RFC822 3.4.1. No specific vulnerability has been found relating to this, but it could allow file attachments to bypass attachment filters that are based on matching filename extensions. Recorded as [CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625). Reported by Elar Lang of Clarified Security.
|
||||
|
||||
|
||||
@@ -1 +1 @@
|
||||
6.3.0
|
||||
6.4.0
|
||||
@@ -40,7 +40,7 @@
|
||||
"yoast/phpunit-polyfills": "^0.2.0"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-mbstring": "Needed to send email in multibyte encoding charset",
|
||||
"ext-mbstring": "Needed to send email in multibyte encoding charset or decode encoded addresses",
|
||||
"hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication",
|
||||
"league/oauth2-google": "Needed for Google XOAUTH2 authentication",
|
||||
"psr/log": "For optional PSR-3 debug logging",
|
||||
|
||||
@@ -48,10 +48,10 @@ use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
|
||||
if (!isset($_GET['code']) && !isset($_GET['provider'])) {
|
||||
?>
|
||||
<html>
|
||||
<body>Select Provider:<br/>
|
||||
<a href='?provider=Google'>Google</a><br/>
|
||||
<a href='?provider=Yahoo'>Yahoo</a><br/>
|
||||
<a href='?provider=Microsoft'>Microsoft/Outlook/Hotmail/Live/Office365</a><br/>
|
||||
<body>Select Provider:<br>
|
||||
<a href='?provider=Google'>Google</a><br>
|
||||
<a href='?provider=Yahoo'>Yahoo</a><br>
|
||||
<a href='?provider=Microsoft'>Microsoft/Outlook/Hotmail/Live/Office365</a><br>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
|
||||
28
data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-sr_latn.php
vendored
Normal file
28
data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-sr_latn.php
vendored
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Serbian PHPMailer language file: refer to English translation for definitive list
|
||||
* @package PHPMailer
|
||||
* @author Александар Јевремовић <ajevremovic@gmail.com>
|
||||
* @author Miloš Milanović <mmilanovic016@gmail.com>
|
||||
*/
|
||||
|
||||
$PHPMAILER_LANG['authenticate'] = 'SMTP greška: autentifikacija nije uspela.';
|
||||
$PHPMAILER_LANG['connect_host'] = 'SMTP greška: povezivanje sa SMTP serverom nije uspelo.';
|
||||
$PHPMAILER_LANG['data_not_accepted'] = 'SMTP greška: podaci nisu prihvaćeni.';
|
||||
$PHPMAILER_LANG['empty_message'] = 'Sadržaj poruke je prazan.';
|
||||
$PHPMAILER_LANG['encoding'] = 'Nepoznato kodiranje: ';
|
||||
$PHPMAILER_LANG['execute'] = 'Nije moguće izvršiti naredbu: ';
|
||||
$PHPMAILER_LANG['file_access'] = 'Nije moguće pristupiti datoteci: ';
|
||||
$PHPMAILER_LANG['file_open'] = 'Nije moguće otvoriti datoteku: ';
|
||||
$PHPMAILER_LANG['from_failed'] = 'SMTP greška: slanje sa sledećih adresa nije uspelo: ';
|
||||
$PHPMAILER_LANG['recipients_failed'] = 'SMTP greška: slanje na sledeće adrese nije uspelo: ';
|
||||
$PHPMAILER_LANG['instantiate'] = 'Nije moguće pokrenuti mail funkciju.';
|
||||
$PHPMAILER_LANG['invalid_address'] = 'Poruka nije poslata. Neispravna adresa: ';
|
||||
$PHPMAILER_LANG['mailer_not_supported'] = ' majler nije podržan.';
|
||||
$PHPMAILER_LANG['provide_address'] = 'Definišite bar jednu adresu primaoca.';
|
||||
$PHPMAILER_LANG['signing'] = 'Greška prilikom prijave: ';
|
||||
$PHPMAILER_LANG['smtp_connect_failed'] = 'Povezivanje sa SMTP serverom nije uspelo.';
|
||||
$PHPMAILER_LANG['smtp_error'] = 'Greška SMTP servera: ';
|
||||
$PHPMAILER_LANG['variable_set'] = 'Nije moguće zadati niti resetovati promenljivu: ';
|
||||
$PHPMAILER_LANG['extension_missing'] = 'Nedostaje proširenje: ';
|
||||
@@ -748,7 +748,7 @@ class PHPMailer
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.3.0';
|
||||
const VERSION = '6.4.0';
|
||||
|
||||
/**
|
||||
* Error severity: message only, continue processing.
|
||||
@@ -1199,7 +1199,11 @@ class PHPMailer
|
||||
)
|
||||
) {
|
||||
//Decode the name part if it's present and encoded
|
||||
if (property_exists($address, 'personal') && preg_match('/^=\?.*\?=$/', $address->personal)) {
|
||||
if (
|
||||
property_exists($address, 'personal') &&
|
||||
extension_loaded('mbstring') &&
|
||||
preg_match('/^=\?.*\?=$/', $address->personal)
|
||||
) {
|
||||
$address->personal = mb_decode_mimeheader($address->personal);
|
||||
}
|
||||
|
||||
@@ -1680,16 +1684,11 @@ class PHPMailer
|
||||
//Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html
|
||||
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
|
||||
//Example problem: https://www.drupal.org/node/1057954
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
if ('' === $this->Sender) {
|
||||
$this->Sender = $this->From;
|
||||
}
|
||||
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
|
||||
//PHP config has a sender address we can use
|
||||
$this->Sender = ini_get('sendmail_from');
|
||||
}
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
//But sendmail requires this param, so fail without it
|
||||
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
|
||||
if ($this->Mailer === 'qmail') {
|
||||
$sendmailFmt = '%s -f%s';
|
||||
@@ -1697,8 +1696,12 @@ class PHPMailer
|
||||
$sendmailFmt = '%s -oi -f%s -t';
|
||||
}
|
||||
} else {
|
||||
$this->edebug('Sender address unusable or missing: ' . $this->Sender);
|
||||
return false;
|
||||
//allow sendmail to choose a default envelope sender. It may
|
||||
//seem preferable to force it to use the From header as with
|
||||
//SMTP, but that introduces new problems (see
|
||||
//<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
|
||||
//it has historically worked this way.
|
||||
$sendmailFmt = '%s -oi -t';
|
||||
}
|
||||
|
||||
$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
|
||||
@@ -1858,9 +1861,6 @@ class PHPMailer
|
||||
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
|
||||
//Example problem: https://www.drupal.org/node/1057954
|
||||
//CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
|
||||
if ('' === $this->Sender) {
|
||||
$this->Sender = $this->From;
|
||||
}
|
||||
if (empty($this->Sender) && !empty(ini_get('sendmail_from'))) {
|
||||
//PHP config has a sender address we can use
|
||||
$this->Sender = ini_get('sendmail_from');
|
||||
|
||||
@@ -46,7 +46,7 @@ class POP3
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.3.0';
|
||||
const VERSION = '6.4.0';
|
||||
|
||||
/**
|
||||
* Default POP3 port number.
|
||||
|
||||
@@ -35,7 +35,7 @@ class SMTP
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.3.0';
|
||||
const VERSION = '6.4.0';
|
||||
|
||||
/**
|
||||
* SMTP line break constant.
|
||||
@@ -553,6 +553,8 @@ class SMTP
|
||||
}
|
||||
//Send encoded username and password
|
||||
if (
|
||||
//Format from https://tools.ietf.org/html/rfc4616#section-2
|
||||
//We skip the first field (it's forgery), so the string starts with a null byte
|
||||
!$this->sendCommand(
|
||||
'User & Password',
|
||||
base64_encode("\0" . $username . "\0" . $password),
|
||||
|
||||
Reference in New Issue
Block a user