[Web] Minify css and js via PHP
[Web] Use PT Sans [Web] Update some libs
This commit is contained in:
andryyy
@@ -31,7 +31,7 @@ class PHPMailer
|
||||
* The PHPMailer Version number.
|
||||
* @var string
|
||||
*/
|
||||
public $Version = '5.2.26';
|
||||
public $Version = '5.2.27';
|
||||
|
||||
/**
|
||||
* Email priority.
|
||||
@@ -1296,9 +1296,12 @@ class PHPMailer
|
||||
|
||||
// Sign with DKIM if enabled
|
||||
if (!empty($this->DKIM_domain)
|
||||
&& !empty($this->DKIM_selector)
|
||||
&& (!empty($this->DKIM_private_string)
|
||||
|| (!empty($this->DKIM_private) && file_exists($this->DKIM_private))
|
||||
and !empty($this->DKIM_selector)
|
||||
and (!empty($this->DKIM_private_string)
|
||||
or (!empty($this->DKIM_private)
|
||||
and self::isPermittedPath($this->DKIM_private)
|
||||
and file_exists($this->DKIM_private)
|
||||
)
|
||||
)
|
||||
) {
|
||||
$header_dkim = $this->DKIM_Add(
|
||||
@@ -1463,6 +1466,18 @@ class PHPMailer
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether a file path is of a permitted type.
|
||||
* Used to reject URLs and phar files from functions that access local file paths,
|
||||
* such as addAttachment.
|
||||
* @param string $path A relative or absolute path to a file.
|
||||
* @return bool
|
||||
*/
|
||||
protected static function isPermittedPath($path)
|
||||
{
|
||||
return !preg_match('#^[a-z]+://#i', $path);
|
||||
}
|
||||
|
||||
/**
|
||||
* Send mail using the PHP mail() function.
|
||||
* @param string $header The message headers
|
||||
@@ -1791,7 +1806,7 @@ class PHPMailer
|
||||
// There is no English translation file
|
||||
if ($langcode != 'en') {
|
||||
// Make sure language file path is readable
|
||||
if (!is_readable($lang_file)) {
|
||||
if (!self::isPermittedPath($lang_file) or !is_readable($lang_file)) {
|
||||
$foundlang = false;
|
||||
} else {
|
||||
// Overwrite language-specific strings.
|
||||
@@ -2499,6 +2514,8 @@ class PHPMailer
|
||||
* Add an attachment from a path on the filesystem.
|
||||
* Never use a user-supplied path to a file!
|
||||
* Returns false if the file could not be found or read.
|
||||
* Explicitly *does not* support passing URLs; PHPMailer is not an HTTP client.
|
||||
* If you need to do that, fetch the resource yourself and pass it in via a local file or string.
|
||||
* @param string $path Path to the attachment.
|
||||
* @param string $name Overrides the attachment name.
|
||||
* @param string $encoding File encoding (see $Encoding).
|
||||
@@ -2510,7 +2527,7 @@ class PHPMailer
|
||||
public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment')
|
||||
{
|
||||
try {
|
||||
if (!@is_file($path)) {
|
||||
if (!self::isPermittedPath($path) or !@is_file($path)) {
|
||||
throw new phpmailerException($this->lang('file_access') . $path, self::STOP_CONTINUE);
|
||||
}
|
||||
|
||||
@@ -2691,7 +2708,7 @@ class PHPMailer
|
||||
protected function encodeFile($path, $encoding = 'base64')
|
||||
{
|
||||
try {
|
||||
if (!is_readable($path)) {
|
||||
if (!self::isPermittedPath($path) or !file_exists($path)) {
|
||||
throw new phpmailerException($this->lang('file_open') . $path, self::STOP_CONTINUE);
|
||||
}
|
||||
$magic_quotes = get_magic_quotes_runtime();
|
||||
@@ -3035,7 +3052,7 @@ class PHPMailer
|
||||
*/
|
||||
public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline')
|
||||
{
|
||||
if (!@is_file($path)) {
|
||||
if (!self::isPermittedPath($path) or !@is_file($path)) {
|
||||
$this->setError($this->lang('file_access') . $path);
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user