Update PHPMailer to version 6.4.1

Author: bramley

public_html/lists/admin/PHPMailer6/README.md

@@ -1,6 +1,8 @@
 # Security notices relating to PHPMailer
 
-Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
+Please disclose any security issues or vulnerabilities found through [Tidelift's coordinated disclosure system](https://tidelift.com/security) or to the maintainers privately.
+
+PHPMailer versions between 6.1.8 and 6.4.0 contain a regression of the earlier CVE-2018-19296 object injection vulnerability as a result of [a fix for Windows UNC paths in 6.1.8](https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9). Recorded as [CVE-2020-36326](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36326). Reported by Fariskhi Vidyan via Tidelift. 6.4.1 fixes this issue, and also enforces stricter checks for URL schemes in local path contexts.
 
 PHPMailer versions 6.1.5 and earlier contain an output escaping bug that occurs in `Content-Type` and `Content-Disposition` when filenames passed into `addAttachment` and other methods that accept attachment names contain double quote characters, in contravention of RFC822 3.4.1. No specific vulnerability has been found relating to this, but it could allow file attachments to bypass attachment filters that are based on matching filename extensions. Recorded as [CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625). Reported by Elar Lang of Clarified Security.
 

public_html/lists/admin/PHPMailer6/SECURITY.md

@@ -1 +1 @@
-6.1.8
+6.4.1

public_html/lists/admin/PHPMailer6/VERSION

@@ -35,12 +35,12 @@
         "dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
         "doctrine/annotations": "^1.2",
         "phpcompatibility/php-compatibility": "^9.3.5",
-        "phpunit/phpunit": "^4.8 || ^5.7",
         "roave/security-advisories": "dev-latest",
-        "squizlabs/php_codesniffer": "^3.5.6"
+        "squizlabs/php_codesniffer": "^3.5.6",
+        "yoast/phpunit-polyfills": "^0.2.0"
     },
     "suggest": {
-        "ext-mbstring": "Needed to send email in multibyte encoding charset",
+        "ext-mbstring": "Needed to send email in multibyte encoding charset or decode encoded addresses",
         "hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication",
         "league/oauth2-google": "Needed for Google XOAUTH2 authentication",
         "psr/log": "For optional PSR-3 debug logging",
@@ -57,5 +57,9 @@
             "PHPMailer\\Test\\": "test/"
         }
     },
-    "license": "LGPL-2.1-only"
+    "license": "LGPL-2.1-only",
+    "scripts": {
+        "check": "./vendor/bin/phpcs",
+        "test": "./vendor/bin/phpunit"
+    }
 }

public_html/lists/admin/PHPMailer6/composer.json

@@ -38,20 +38,20 @@
  * Plenty to choose from here:
  * @see http://oauth2-client.thephpleague.com/providers/thirdparty/
  */
-// @see https://github.com/thephpleague/oauth2-google
+//@see https://github.com/thephpleague/oauth2-google
 use League\OAuth2\Client\Provider\Google;
-// @see https://packagist.org/packages/hayageek/oauth2-yahoo
+//@see https://packagist.org/packages/hayageek/oauth2-yahoo
 use Hayageek\OAuth2\Client\Provider\Yahoo;
-// @see https://github.com/stevenmaguire/oauth2-microsoft
+//@see https://github.com/stevenmaguire/oauth2-microsoft
 use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
 
 if (!isset($_GET['code']) && !isset($_GET['provider'])) {
     ?>
 <html>
-<body>Select Provider:<br/>
-<a href='?provider=Google'>Google</a><br/>
-<a href='?provider=Yahoo'>Yahoo</a><br/>
-<a href='?provider=Microsoft'>Microsoft/Outlook/Hotmail/Live/Office365</a><br/>
+<body>Select Provider:<br>
+<a href='?provider=Google'>Google</a><br>
+<a href='?provider=Yahoo'>Yahoo</a><br>
+<a href='?provider=Microsoft'>Microsoft/Outlook/Hotmail/Live/Office365</a><br>
 </body>
 </html>
     <?php
@@ -121,26 +121,26 @@
 }
 
 if (!isset($_GET['code'])) {
-    // If we don't have an authorization code then get one
+    //If we don't have an authorization code then get one
     $authUrl = $provider->getAuthorizationUrl($options);
     $_SESSION['oauth2state'] = $provider->getState();
     header('Location: ' . $authUrl);
     exit;
-// Check given state against previously stored one to mitigate CSRF attack
+    //Check given state against previously stored one to mitigate CSRF attack
 } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
     unset($_SESSION['oauth2state']);
     unset($_SESSION['provider']);
     exit('Invalid state');
 } else {
     unset($_SESSION['provider']);
-    // Try to get an access token (using the authorization code grant)
+    //Try to get an access token (using the authorization code grant)
     $token = $provider->getAccessToken(
         'authorization_code',
         [
             'code' => $_GET['code']
         ]
     );
-    // Use this to interact with an API on the users behalf
-    // Use this to get a new access token if the old one expires
+    //Use this to interact with an API on the users behalf
+    //Use this to get a new access token if the old one expires
     echo 'Refresh Token: ', $token->getRefreshToken();
 }

public_html/lists/admin/PHPMailer6/get_oauth_token.php

@@ -16,6 +16,8 @@
 $PHPMAILER_LANG['from_failed']          = 'Následující adresa odesílatele je nesprávná: ';
 $PHPMAILER_LANG['instantiate']          = 'Nelze vytvořit instanci emailové funkce.';
 $PHPMAILER_LANG['invalid_address']      = 'Neplatná adresa: ';
+$PHPMAILER_LANG['invalid_hostentry']    = 'Záznam hostitele je nesprávný: ';
+$PHPMAILER_LANG['invalid_host']         = 'Hostitel je nesprávný: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer není podporován.';
 $PHPMAILER_LANG['provide_address']      = 'Musíte zadat alespoň jednu emailovou adresu příjemce.';
 $PHPMAILER_LANG['recipients_failed']    = 'Chyba SMTP: Následující adresy příjemců nejsou správně: ';

public_html/lists/admin/PHPMailer6/language/phpmailer.lang-cs.php

@@ -18,6 +18,8 @@
 $PHPMAILER_LANG['from_failed']          = 'Následujúca adresa From je nesprávna: ';
 $PHPMAILER_LANG['instantiate']          = 'Nedá sa vytvoriť inštancia emailovej funkcie.';
 $PHPMAILER_LANG['invalid_address']      = 'Neodoslané, emailová adresa je nesprávna: ';
+$PHPMAILER_LANG['invalid_hostentry']    = 'Záznam hostiteľa je nesprávny: ';
+$PHPMAILER_LANG['invalid_host']         = 'Hostiteľ je nesprávny: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' emailový klient nieje podporovaný.';
 $PHPMAILER_LANG['provide_address']      = 'Musíte zadať aspoň jednu emailovú adresu príjemcu.';
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP Error: Adresy príjemcov niesu správne ';

public_html/lists/admin/PHPMailer6/language/phpmailer.lang-sk.php

@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Serbian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Александар Јевремовић <[email protected]>
+ * @author Miloš Milanović <[email protected]>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP greška: autentifikacija nije uspela.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP greška: povezivanje sa SMTP serverom nije uspelo.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP greška: podaci nisu prihvaćeni.';
+$PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
+$PHPMAILER_LANG['encoding']             = 'Nepoznato kodiranje: ';
+$PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
+$PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
+$PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP greška: slanje sa sledećih adresa nije uspelo: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP greška: slanje na sledeće adrese nije uspelo: ';
+$PHPMAILER_LANG['instantiate']          = 'Nije moguće pokrenuti mail funkciju.';
+$PHPMAILER_LANG['invalid_address']      = 'Poruka nije poslata. Neispravna adresa: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' majler nije podržan.';
+$PHPMAILER_LANG['provide_address']      = 'Definišite bar jednu adresu primaoca.';
+$PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Povezivanje sa SMTP serverom nije uspelo.';
+$PHPMAILER_LANG['smtp_error']           = 'Greška SMTP servera: ';
+$PHPMAILER_LANG['variable_set']         = 'Nije moguće zadati niti resetovati promenljivu: ';
+$PHPMAILER_LANG['extension_missing']    = 'Nedostaje proširenje: ';

public_html/lists/admin/PHPMailer6/language/phpmailer.lang-sr_latn.php

@@ -16,11 +16,11 @@
 $PHPMAILER_LANG['file_open']            = 'Помилка файлової системи: не вдається відкрити файл: ';
 $PHPMAILER_LANG['from_failed']          = 'Невірна адреса відправника: ';
 $PHPMAILER_LANG['instantiate']          = 'Неможливо запустити функцію mail().';
-$PHPMAILER_LANG['provide_address']      = 'Будь-ласка, введіть хоча б одну email-адресу отримувача.';
+$PHPMAILER_LANG['provide_address']      = 'Будь ласка, введіть хоча б одну email-адресу отримувача.';
 $PHPMAILER_LANG['mailer_not_supported'] = ' - поштовий сервер не підтримується.';
 $PHPMAILER_LANG['recipients_failed']    = 'Помилка SMTP: не вдалося відправлення для таких отримувачів: ';
 $PHPMAILER_LANG['empty_message']        = 'Пусте повідомлення';
-$PHPMAILER_LANG['invalid_address']      = 'Не відправлено через невірний формат email-адреси: ';
+$PHPMAILER_LANG['invalid_address']      = 'Не відправлено через неправильний формат email-адреси: ';
 $PHPMAILER_LANG['signing']              = 'Помилка підпису: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Помилка з\'єднання з SMTP-сервером';
 $PHPMAILER_LANG['smtp_error']           = 'Помилка SMTP-сервера: ';

public_html/lists/admin/PHPMailer6/language/phpmailer.lang-uk.php

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/8.5/phpunit.xsd"
+         backupGlobals="true"
+         bootstrap="vendor/autoload.php"
+         verbose="true"
+         colors="true"
+         forceCoversAnnotation="false"
+    >
+    <testsuites>
+        <testsuite name="PHPMailerTests">
+            <directory>./test/</directory>
+        </testsuite>
+    </testsuites>
+    <listeners>
+        <listener class="PHPMailer\Test\DebugLogTestListener" />
+    </listeners>
+    <groups>
+        <exclude>
+            <group>languages</group>
+            <group>pop3</group>
+        </exclude>
+    </groups>
+    <filter>
+        <whitelist addUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src</directory>
+        </whitelist>
+    </filter>
+    <logging>
+        <log type="coverage-text" target="php://stdout" showUncoveredFiles="true"/>
+        <log type="coverage-clover" target="build/logs/clover.xml"/>
+        <log type="junit" target="build/logs/junit.xml"/>
+    </logging>
+</phpunit>