From: Victor B. <vb...@us...> - 2005-11-27 00:46:30
|
Update of /cvsroot/mantisbt/mantisbt/core/phpmailer In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3565/core/phpmailer Modified Files: ChangeLog.txt LICENSE README class.phpmailer.php class.smtp.php Log Message: Implemented #5925: Upgrade to PHPMailer 1.73. Index: README =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/phpmailer/README,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- README 12 Feb 2005 20:03:46 -0000 1.3 +++ README 27 Nov 2005 00:46:19 -0000 1.4 @@ -39,14 +39,14 @@ Copy class.phpmailer.php into your php.ini include_path. If you are using the SMTP mailer then place class.smtp.php in your path as well. -In the language directory you will find several files like -phpmailer.lang-en.php. If you look right before the .php extension -that there are two letters. These represent the language type of the -translation file. For instance "en" is the English file and "br" is -the Portuguese file. Chose the file that best fits with your language -and place it in the PHP include path. If your language is English -then you have nothing more to do. If it is a different language then -you must point PHPMailer to the correct translation. To do this, call +In the language directory you will find several files like +phpmailer.lang-en.php. If you look right before the .php extension +that there are two letters. These represent the language type of the +translation file. For instance "en" is the English file and "br" is +the Portuguese file. Chose the file that best fits with your language +and place it in the PHP include path. If your language is English +then you have nothing more to do. If it is a different language then +you must point PHPMailer to the correct translation. To do this, call the PHPMailer SetLanguage method like so: // To load the Portuguese version Index: ChangeLog.txt =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/phpmailer/ChangeLog.txt,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- ChangeLog.txt 12 Feb 2005 20:03:46 -0000 1.3 +++ ChangeLog.txt 27 Nov 2005 00:46:19 -0000 1.4 @@ -1,8 +1,13 @@ ChangeLog +Version 1.73 (Sun, Jun 10 2005) +* Fixed denial of service bug: http://www.cybsec.com/vuln/PHPMailer-DOS.pdf +* Now has a total of 20 translations +* Fixed alt attachments bug: http://tinyurl.com/98u9k + Version 1.72 (Wed, May 25 2004) * Added Dutch, Swedish, Czech, Norwegian, and Turkish translations. -* Received: Removed this method because spam filter programs like +* Received: Removed this method because spam filter programs like SpamAssassin reject this header. * Fixed error count bug. * SetLanguage default is now "language/". Index: class.phpmailer.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/phpmailer/class.phpmailer.php,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- class.phpmailer.php 12 Feb 2005 20:03:46 -0000 1.3 +++ class.phpmailer.php 27 Nov 2005 00:46:19 -0000 1.4 @@ -96,7 +96,7 @@ var $AltBody = ""; /** - * Sets word wrapping on the body of the message to a given number of + * Sets word wrapping on the body of the message to a given number of * characters. * @var int */ @@ -113,10 +113,10 @@ * @var string */ var $Sendmail = "/usr/sbin/sendmail"; - + /** - * Path to PHPMailer plugins. This is now only useful if the SMTP class - * is in a different directory than the PHP include path. + * Path to PHPMailer plugins. This is now only useful if the SMTP class + * is in a different directory than the PHP include path. * @var string */ var $PluginDir = ""; @@ -125,7 +125,7 @@ * Holds PHPMailer version. * @var string */ - var $Version = "1.72"; + var $Version = "1.73"; /** * Sets the email address that a reading confirmation will be sent. @@ -186,7 +186,7 @@ var $Password = ""; /** - * Sets the SMTP server timeout in seconds. This function will not + * Sets the SMTP server timeout in seconds. This function will not * work with the win32 version. * @var int */ @@ -199,9 +199,9 @@ var $SMTPDebug = false; /** - * Prevents the SMTP connection from being closed after each mail - * sending. If this is set to true then to close the connection - * requires an explicit call to SmtpClose(). + * Prevents the SMTP connection from being closed after each mail + * sending. If this is set to true then to close the connection + * requires an explicit call to SmtpClose(). * @var bool */ var $SMTPKeepAlive = false; @@ -222,13 +222,13 @@ var $error_count = 0; var $LE = "\n"; /**#@-*/ - + ///////////////////////////////////////////////// // VARIABLE METHODS ///////////////////////////////////////////////// /** - * Sets message type to HTML. + * Sets message type to HTML. * @param bool $bool * @return void */ @@ -264,7 +264,7 @@ } /** - * Sets Mailer to send message using the qmail MTA. + * Sets Mailer to send message using the qmail MTA. * @return void */ function IsQmail() { @@ -278,7 +278,7 @@ ///////////////////////////////////////////////// /** - * Adds a "To" address. + * Adds a "To" address. * @param string $address * @param string $name * @return void @@ -292,7 +292,7 @@ /** * Adds a "Cc" address. Note: this function works * with the SMTP mailer on win32, not with the "mail" - * mailer. + * mailer. * @param string $address * @param string $name * @return void @@ -306,7 +306,7 @@ /** * Adds a "Bcc" address. Note: this function works * with the SMTP mailer on win32, not with the "mail" - * mailer. + * mailer. * @param string $address * @param string $name * @return void @@ -318,7 +318,7 @@ } /** - * Adds a "Reply-to" address. + * Adds a "Reply-to" address. * @param string $address * @param string $name * @return void @@ -337,7 +337,7 @@ /** * Creates message and assigns Mailer. If the message is * not sent successfully then it returns false. Use the ErrorInfo - * variable to view description of the error. + * variable to view description of the error. * @return bool */ function Send() { @@ -382,9 +382,9 @@ return $result; } - + /** - * Sends mail using the $Sendmail program. + * Sends mail using the $Sendmail program. * @access private * @return bool */ @@ -402,7 +402,7 @@ fputs($mail, $header); fputs($mail, $body); - + $result = pclose($mail) >> 8 & 0xFF; if($result != 0) { @@ -414,7 +414,7 @@ } /** - * Sends mail using the PHP mail() function. + * Sends mail using the PHP mail() function. * @access private * @return bool */ @@ -431,7 +431,7 @@ $old_from = ini_get("sendmail_from"); ini_set("sendmail_from", $this->Sender); $params = sprintf("-oi -f %s", $this->Sender); - $rt = @mail($to, $this->EncodeHeader($this->Subject), $body, + $rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header, $params); } else @@ -518,7 +518,7 @@ } /** - * Initiates a connection to an SMTP server. Returns false if the + * Initiates a connection to an SMTP server. Returns false if the * operation failed. * @access private * @return bool @@ -529,7 +529,7 @@ $this->smtp->do_debug = $this->SMTPDebug; $hosts = explode(";", $this->Host); $index = 0; - $connection = ($this->smtp->Connected()); + $connection = ($this->smtp->Connected()); // Retry while there is no connection while($index < count($hosts) && $connection == false) @@ -548,10 +548,10 @@ $this->smtp->Hello($this->Helo); else $this->smtp->Hello($this->ServerHostname()); - + if($this->SMTPAuth) { - if(!$this->smtp->Authenticate($this->Username, + if(!$this->smtp->Authenticate($this->Username, $this->Password)) { $this->SetError($this->Lang("authenticate")); @@ -585,7 +585,7 @@ } /** - * Sets the language for all class error messages. Returns false + * Sets the language for all class error messages. Returns false * if it cannot load the language file. The default language type * is English. * @param string $lang_type Type of language (e.g. Portuguese: "br") @@ -604,7 +604,7 @@ return false; } $this->language = $PHPMAILER_LANG; - + return true; } @@ -613,7 +613,7 @@ ///////////////////////////////////////////////// /** - * Creates recipient headers. + * Creates recipient headers. * @access private * @return string */ @@ -629,9 +629,9 @@ return $addr_str; } - + /** - * Formats an address correctly. + * Formats an address correctly. * @access private * @return string */ @@ -640,7 +640,7 @@ $formatted = $addr[0]; else { - $formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . + $formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $addr[0] . ">"; } @@ -650,7 +650,7 @@ /** * Wraps message for use with mailers that do not * automatically perform wrapping and for quoted-printable. - * Original written by philippe. + * Original written by philippe. * @access private * @return string */ @@ -712,7 +712,7 @@ else { $buf_o = $buf; - $buf .= ($e == 0) ? $word : (" " . $word); + $buf .= ($e == 0) ? $word : (" " . $word); if (strlen($buf) > $length and $buf_o != "") { @@ -726,7 +726,7 @@ return $message; } - + /** * Set the body wrapping. * @access private @@ -735,12 +735,12 @@ function SetWordWrap() { if($this->WordWrap < 1) return; - + switch($this->message_type) { case "alt": // fall through - case "alt_attachment": + case "alt_attachments": $this->AltBody = $this->WrapText($this->AltBody, $this->WordWrap); break; default: @@ -750,13 +750,13 @@ } /** - * Assembles message header. + * Assembles message header. * @access private * @return string */ function CreateHeader() { $result = ""; - + // Set the boundaries $uniq_id = md5(uniqid(time())); $this->boundary[1] = "b1_" . $uniq_id; @@ -767,7 +767,7 @@ $result .= $this->HeaderLine("Return-Path", trim($this->From)); else $result .= $this->HeaderLine("Return-Path", trim($this->Sender)); - + // To be created automatically by mail() if($this->Mailer != "mail") { @@ -782,7 +782,7 @@ $from = array(); $from[0][0] = trim($this->From); $from[0][1] = $this->FromName; - $result .= $this->AddrAppend("From", $from); + $result .= $this->AddrAppend("From", $from); // sendmail and mail() extract Bcc from the header before sending if((($this->Mailer == "sendmail") || ($this->Mailer == "mail")) && (count($this->bcc) > 0)) @@ -798,17 +798,17 @@ $result .= sprintf("Message-ID: <%s@%s>%s", $uniq_id, $this->ServerHostname(), $this->LE); $result .= $this->HeaderLine("X-Priority", $this->Priority); $result .= $this->HeaderLine("X-Mailer", "PHPMailer [version " . $this->Version . "]"); - + if($this->ConfirmReadingTo != "") { - $result .= $this->HeaderLine("Disposition-Notification-To", + $result .= $this->HeaderLine("Disposition-Notification-To", "<" . trim($this->ConfirmReadingTo) . ">"); } // Add custom headers for($index = 0; $index < count($this->CustomHeader); $index++) { - $result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]), + $result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]), $this->EncodeHeader(trim($this->CustomHeader[$index][1]))); } $result .= $this->HeaderLine("MIME-Version", "1.0"); @@ -825,8 +825,8 @@ case "alt_attachments": if($this->InlineImageExists()) { - $result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s", - "multipart/related", $this->LE, $this->LE, + $result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s", + "multipart/related", $this->LE, $this->LE, $this->boundary[1], $this->LE); } else @@ -860,16 +860,16 @@ switch($this->message_type) { case "alt": - $result .= $this->GetBoundary($this->boundary[1], "", + $result .= $this->GetBoundary($this->boundary[1], "", "text/plain", ""); $result .= $this->EncodeString($this->AltBody, $this->Encoding); $result .= $this->LE.$this->LE; - $result .= $this->GetBoundary($this->boundary[1], "", + $result .= $this->GetBoundary($this->boundary[1], "", "text/html", ""); - + $result .= $this->EncodeString($this->Body, $this->Encoding); $result .= $this->LE.$this->LE; - + $result .= $this->EndBoundary($this->boundary[1]); break; case "plain": @@ -879,32 +879,32 @@ $result .= $this->GetBoundary($this->boundary[1], "", "", ""); $result .= $this->EncodeString($this->Body, $this->Encoding); $result .= $this->LE; - + $result .= $this->AttachAll(); break; case "alt_attachments": $result .= sprintf("--%s%s", $this->boundary[1], $this->LE); $result .= sprintf("Content-Type: %s;%s" . "\tboundary=\"%s\"%s", - "multipart/alternative", $this->LE, + "multipart/alternative", $this->LE, $this->boundary[2], $this->LE.$this->LE); - + // Create text body - $result .= $this->GetBoundary($this->boundary[2], "", + $result .= $this->GetBoundary($this->boundary[2], "", "text/plain", "") . $this->LE; $result .= $this->EncodeString($this->AltBody, $this->Encoding); $result .= $this->LE.$this->LE; - + // Create the HTML body - $result .= $this->GetBoundary($this->boundary[2], "", + $result .= $this->GetBoundary($this->boundary[2], "", "text/html", "") . $this->LE; - + $result .= $this->EncodeString($this->Body, $this->Encoding); $result .= $this->LE.$this->LE; $result .= $this->EndBoundary($this->boundary[2]); - + $result .= $this->AttachAll(); break; } @@ -925,23 +925,23 @@ if($encoding == "") { $encoding = $this->Encoding; } $result .= $this->TextLine("--" . $boundary); - $result .= sprintf("Content-Type: %s; charset = \"%s\"", + $result .= sprintf("Content-Type: %s; charset = \"%s\"", $contentType, $charSet); $result .= $this->LE; $result .= $this->HeaderLine("Content-Transfer-Encoding", $encoding); $result .= $this->LE; - + return $result; } - + /** * Returns the end of a message boundary. * @access private */ function EndBoundary($boundary) { - return $this->LE . "--" . $boundary . "--" . $this->LE; + return $this->LE . "--" . $boundary . "--" . $this->LE; } - + /** * Sets the message type. * @access private @@ -993,7 +993,7 @@ * @param string $type File extension (MIME) type. * @return bool */ - function AddAttachment($path, $name = "", $encoding = "base64", + function AddAttachment($path, $name = "", $encoding = "base64", $type = "application/octet-stream") { if(!@is_file($path)) { @@ -1044,7 +1044,7 @@ $type = $this->attachment[$i][4]; $disposition = $this->attachment[$i][6]; $cid = $this->attachment[$i][7]; - + $mime[] = sprintf("--%s%s", $this->boundary[1], $this->LE); $mime[] = sprintf("Content-Type: %s; name=\"%s\"%s", $type, $name, $this->LE); $mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE); @@ -1052,7 +1052,7 @@ if($disposition == "inline") $mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE); - $mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s", + $mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s", $disposition, $name, $this->LE.$this->LE); // Encode as string attachment @@ -1064,7 +1064,7 @@ } else { - $mime[] = $this->EncodeFile($path, $encoding); + $mime[] = $this->EncodeFile($path, $encoding); if($this->IsError()) { return ""; } $mime[] = $this->LE.$this->LE; } @@ -1074,7 +1074,7 @@ return join("", $mime); } - + /** * Encodes attachment in requested format. Returns an * empty string on failure. @@ -1087,9 +1087,12 @@ $this->SetError($this->Lang("file_open") . $path); return ""; } + $magic_quotes = get_magic_quotes_runtime(); + set_magic_quotes_runtime(0); $file_buffer = fread($fd, filesize($path)); $file_buffer = $this->EncodeString($file_buffer, $encoding); fclose($fd); + set_magic_quotes_runtime($magic_quotes); return $file_buffer; } @@ -1127,13 +1130,13 @@ } /** - * Encode a header string to best of Q, B, quoted or none. + * Encode a header string to best of Q, B, quoted or none. * @access private * @return string */ function EncodeHeader ($str, $position = 'text') { $x = 0; - + switch (strtolower($position)) { case 'phrase': if (!preg_match('/[\200-\377]/', $str)) { @@ -1175,12 +1178,12 @@ $encoded = preg_replace('/^(.*)$/m', " =?".$this->CharSet."?$encoding?\\1?=", $encoded); $encoded = trim(str_replace("\n", $this->LE, $encoded)); - + return $encoded; } - + /** - * Encode string to quoted-printable. + * Encode string to quoted-printable. * @access private * @return string */ @@ -1203,7 +1206,7 @@ } /** - * Encode string to q encoding. + * Encode string to q encoding. * @access private * @return string */ @@ -1224,7 +1227,7 @@ "'='.sprintf('%02X', ord('\\1'))", $encoded); break; } - + // Replace every spaces to _ (more readable than =20) $encoded = str_replace(" ", "_", $encoded); @@ -1241,7 +1244,7 @@ * @param string $type File extension (MIME) type. * @return void */ - function AddStringAttachment($string, $filename, $encoding = "base64", + function AddStringAttachment($string, $filename, $encoding = "base64", $type = "application/octet-stream") { // Append to $attachment array $cur = count($this->attachment); @@ -1254,23 +1257,23 @@ $this->attachment[$cur][6] = "attachment"; $this->attachment[$cur][7] = 0; } - + /** - * Adds an embedded attachment. This can include images, sounds, and - * just about any other document. Make sure to set the $type to an - * image type. For JPEG images use "image/jpeg" and for GIF images + * Adds an embedded attachment. This can include images, sounds, and + * just about any other document. Make sure to set the $type to an + * image type. For JPEG images use "image/jpeg" and for GIF images * use "image/gif". * @param string $path Path to the attachment. - * @param string $cid Content ID of the attachment. Use this to identify + * @param string $cid Content ID of the attachment. Use this to identify * the Id for accessing the image in an HTML form. * @param string $name Overrides the attachment name. * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. + * @param string $type File extension (MIME) type. * @return bool */ - function AddEmbeddedImage($path, $cid, $name = "", $encoding = "base64", + function AddEmbeddedImage($path, $cid, $name = "", $encoding = "base64", $type = "application/octet-stream") { - + if(!@is_file($path)) { $this->SetError($this->Lang("file_access") . $path); @@ -1291,10 +1294,10 @@ $this->attachment[$cur][5] = false; // isStringAttachment $this->attachment[$cur][6] = "inline"; $this->attachment[$cur][7] = $cid; - + return true; } - + /** * Returns true if an inline attachment is present. * @access private @@ -1310,7 +1313,7 @@ break; } } - + return $result; } @@ -1395,7 +1398,7 @@ } /** - * Returns the proper RFC 822 formatted date. + * Returns the proper RFC 822 formatted date. * @access private * @return string */ @@ -1408,10 +1411,10 @@ return $result; } - + /** - * Returns the appropriate server variable. Should work with both - * PHP 4.1.0+ as well as older versions. Returns an empty string + * Returns the appropriate server variable. Should work with both + * PHP 4.1.0+ as well as older versions. Returns an empty string * if nothing is found. * @access private * @return mixed @@ -1426,7 +1429,7 @@ if(!isset($_SERVER["REMOTE_ADDR"])) $_SERVER = $HTTP_ENV_VARS; // must be Apache } - + if(isset($_SERVER[$varName])) return $_SERVER[$varName]; else @@ -1457,13 +1460,13 @@ function Lang($key) { if(count($this->language) < 1) $this->SetLanguage("en"); // set the default language - + if(isset($this->language[$key])) return $this->language[$key]; else return "Language string failed to load: " . $key; } - + /** * Returns true if an error occurred. * @return bool @@ -1473,7 +1476,7 @@ } /** - * Changes every end of line from CR or LF to CRLF. + * Changes every end of line from CR or LF to CRLF. * @access private * @return string */ @@ -1485,7 +1488,7 @@ } /** - * Adds a custom header. + * Adds a custom header. * @return void */ function AddCustomHeader($custom_header) { @@ -1493,4 +1496,4 @@ } } -?> +?> \ No newline at end of file Index: LICENSE =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/phpmailer/LICENSE,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- LICENSE 12 Feb 2005 20:03:46 -0000 1.2 +++ LICENSE 27 Nov 2005 00:46:19 -0000 1.3 @@ -146,7 +146,7 @@ on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. - + 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an Index: class.smtp.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/phpmailer/class.smtp.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- class.smtp.php 12 Feb 2005 20:03:46 -0000 1.2 +++ class.smtp.php 27 Nov 2005 00:46:19 -0000 1.3 @@ -28,13 +28,13 @@ * @var int */ var $SMTP_PORT = 25; - + /** * SMTP reply line ending * @var string */ var $CRLF = "\r\n"; - + /** * Sets whether debugging is turned on * @var bool @@ -332,6 +332,12 @@ # smaller lines while(strlen($line) > $max_line_length) { $pos = strrpos(substr($line,0,$max_line_length)," "); + + # Patch to fix DOS attack + if(!$pos) { + $pos = $max_line_length - 1; + } + $lines_out[] = substr($line,0,$pos); $line = substr($line,$pos + 1); # if we are processing headers we need to @@ -502,7 +508,7 @@ } $this->helo_rply = $rply; - + return true; } |