[Web] Update composer libs, fixes PHPMailer security issue
This commit is contained in:
andryyy
@@ -748,7 +748,7 @@ class PHPMailer
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.4.0';
|
||||
const VERSION = '6.4.1';
|
||||
|
||||
/**
|
||||
* Error severity: message only, continue processing.
|
||||
@@ -1721,9 +1721,10 @@ class PHPMailer
|
||||
fwrite($mail, $header);
|
||||
fwrite($mail, $body);
|
||||
$result = pclose($mail);
|
||||
$addrinfo = static::parseAddresses($toAddr);
|
||||
$this->doCallback(
|
||||
($result === 0),
|
||||
[$toAddr],
|
||||
[[$addrinfo['address'], $addrinfo['name']]],
|
||||
$this->cc,
|
||||
$this->bcc,
|
||||
$this->Subject,
|
||||
@@ -1810,7 +1811,8 @@ class PHPMailer
|
||||
*/
|
||||
protected static function isPermittedPath($path)
|
||||
{
|
||||
return !preg_match('#^[a-z]+://#i', $path);
|
||||
//Matches scheme definition from https://tools.ietf.org/html/rfc3986#section-3.1
|
||||
return !preg_match('#^[a-z][a-z\d+.-]*://#i', $path);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1822,12 +1824,15 @@ class PHPMailer
|
||||
*/
|
||||
protected static function fileIsAccessible($path)
|
||||
{
|
||||
if (!static::isPermittedPath($path)) {
|
||||
return false;
|
||||
}
|
||||
$readable = file_exists($path);
|
||||
//If not a UNC path (expected to start with \\), check read permission, see #2069
|
||||
if (strpos($path, '\\\\') !== 0) {
|
||||
$readable = $readable && is_readable($path);
|
||||
}
|
||||
return static::isPermittedPath($path) && $readable;
|
||||
return $readable;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1876,7 +1881,17 @@ class PHPMailer
|
||||
if ($this->SingleTo && count($toArr) > 1) {
|
||||
foreach ($toArr as $toAddr) {
|
||||
$result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
|
||||
$this->doCallback($result, [$toAddr], $this->cc, $this->bcc, $this->Subject, $body, $this->From, []);
|
||||
$addrinfo = static::parseAddresses($toAddr);
|
||||
$this->doCallback(
|
||||
$result,
|
||||
[[$addrinfo['address'], $addrinfo['name']]],
|
||||
$this->cc,
|
||||
$this->bcc,
|
||||
$this->Subject,
|
||||
$body,
|
||||
$this->From,
|
||||
[]
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$result = $this->mailPassthru($to, $this->Subject, $body, $header, $params);
|
||||
@@ -1965,7 +1980,7 @@ class PHPMailer
|
||||
$isSent = true;
|
||||
}
|
||||
|
||||
$callbacks[] = ['issent' => $isSent, 'to' => $to[0]];
|
||||
$callbacks[] = ['issent' => $isSent, 'to' => $to[0], 'name' => $to[1]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1986,7 +2001,7 @@ class PHPMailer
|
||||
foreach ($callbacks as $cb) {
|
||||
$this->doCallback(
|
||||
$cb['issent'],
|
||||
[$cb['to']],
|
||||
[[$cb['to'], $cb['name']]],
|
||||
[],
|
||||
[],
|
||||
$this->Subject,
|
||||
|
||||
@@ -46,7 +46,7 @@ class POP3
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.4.0';
|
||||
const VERSION = '6.4.1';
|
||||
|
||||
/**
|
||||
* Default POP3 port number.
|
||||
|
||||
@@ -35,7 +35,7 @@ class SMTP
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '6.4.0';
|
||||
const VERSION = '6.4.1';
|
||||
|
||||
/**
|
||||
* SMTP line break constant.
|
||||
|
||||
Reference in New Issue
Block a user