fix(deps): update dependency phpmailer/phpmailer to v6.9.2

ZoeyVid · Oct 9, 2024 · 73210a7 · 73210a7
1 parent 07720a2
commit 73210a7
Show file tree

Hide file tree

Showing 23 changed files with 195 additions and 100 deletions.
diff --git a/src/composer.json b/src/composer.json
@@ -3,7 +3,7 @@
   "description": "WebUI for NPMplus, which manages nginx and acme.sh",
   "type": "project",
   "require": {
-    "phpmailer/phpmailer": "6.9.1",
+    "phpmailer/phpmailer": "6.9.2",
     "ext-sqlite3": "*"
   },
   "license": "AGPL-3.0",

diff --git a/src/composer.lock b/src/composer.lock
diff --git a/src/vendor/composer/installed.json b/src/vendor/composer/installed.json
@@ -2,17 +2,17 @@
     "packages": [
         {
             "name": "phpmailer/phpmailer",
-            "version": "v6.9.1",
-            "version_normalized": "6.9.1.0",
+            "version": "v6.9.2",
+            "version_normalized": "6.9.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHPMailer/PHPMailer.git",
-                "reference": "039de174cd9c17a8389754d3b877a2ed22743e18"
+                "reference": "a7b17b42fa4887c92146243f3d2f4ccb962af17c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/039de174cd9c17a8389754d3b877a2ed22743e18",
-                "reference": "039de174cd9c17a8389754d3b877a2ed22743e18",
+                "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a7b17b42fa4887c92146243f3d2f4ccb962af17c",
+                "reference": "a7b17b42fa4887c92146243f3d2f4ccb962af17c",
                 "shasum": ""
             },
             "require": {
@@ -42,7 +42,7 @@
                 "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)",
                 "thenetworg/oauth2-azure": "Needed for Microsoft XOAUTH2 authentication"
             },
-            "time": "2023-11-25T22:23:28+00:00",
+            "time": "2024-10-09T10:07:50+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -74,7 +74,7 @@
             "description": "PHPMailer is a full-featured email creation and transfer class for PHP",
             "support": {
                 "issues": "https://github.com/PHPMailer/PHPMailer/issues",
-                "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.9.1"
+                "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.9.2"
             },
             "funding": [
                 {

diff --git a/src/vendor/composer/installed.php b/src/vendor/composer/installed.php
@@ -11,9 +11,9 @@
     ),
     'versions' => array(
         'phpmailer/phpmailer' => array(
-            'pretty_version' => 'v6.9.1',
-            'version' => '6.9.1.0',
-            'reference' => '039de174cd9c17a8389754d3b877a2ed22743e18',
+            'pretty_version' => 'v6.9.2',
+            'version' => '6.9.2.0',
+            'reference' => 'a7b17b42fa4887c92146243f3d2f4ccb962af17c',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpmailer/phpmailer',
             'aliases' => array(),

diff --git a/src/vendor/phpmailer/phpmailer/README.md b/src/vendor/phpmailer/phpmailer/README.md
@@ -41,13 +41,13 @@ you should look at before rolling your own. Try [SwiftMailer](https://swiftmaile
 , [Laminas/Mail](https://docs.laminas.dev/laminas-mail/), [ZetaComponents](https://github.com/zetacomponents/Mail), etc.
 
 ## License
-This software is distributed under the [LGPL 2.1](http://www.gnu.org/licenses/lgpl-2.1.html) license, along with the [GPL Cooperation Commitment](https://gplcc.github.io/gplcc/). Please read [LICENSE](https://github.com/PHPMailer/PHPMailer/blob/master/LICENSE) for information on the software availability and distribution.
+This software is distributed under the [LGPL 2.1](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html) license, along with the [GPL Cooperation Commitment](https://gplcc.github.io/gplcc/). Please read [LICENSE](https://github.com/PHPMailer/PHPMailer/blob/master/LICENSE) for information on the software availability and distribution.
 
 ## Installation & loading
 PHPMailer is available on [Packagist](https://packagist.org/packages/phpmailer/phpmailer) (using semantic versioning), and installation via [Composer](https://getcomposer.org) is the recommended way to install PHPMailer. Just add this line to your `composer.json` file:
 
 ```json
-"phpmailer/phpmailer": "^6.9.1"
+"phpmailer/phpmailer": "^6.9.2"
 ```
 
 or run
@@ -144,7 +144,7 @@ If you are re-using the instance (e.g. when sending to a mailing list), you may
 That's it. You should now be ready to use PHPMailer!
 
 ## Localization
-PHPMailer defaults to English, but in the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder, you'll find many translations for PHPMailer error messages that you may encounter. Their filenames contain [ISO 639-1](http://en.wikipedia.org/wiki/ISO_639-1) language code for the translations, for example `fr` for French. To specify a language, you need to tell PHPMailer which one to use, like this:
+PHPMailer defaults to English, but in the [language](https://github.com/PHPMailer/PHPMailer/tree/master/language/) folder, you'll find many translations for PHPMailer error messages that you may encounter. Their filenames contain [ISO 639-1](https://en.wikipedia.org/wiki/ISO_639-1) language code for the translations, for example `fr` for French. To specify a language, you need to tell PHPMailer which one to use, like this:
 
 ```php
 //To load the French version
@@ -162,9 +162,9 @@ To reduce PHPMailer's deployed code footprint, examples are not included if you
 
 Complete generated API documentation is [available online](https://phpmailer.github.io/PHPMailer/).
 
-You can generate complete API-level documentation by running `phpdoc` in the top-level folder, and documentation will appear in the `docs` folder, though you'll need to have [PHPDocumentor](http://www.phpdoc.org) installed. You may find [the unit tests](https://github.com/PHPMailer/PHPMailer/blob/master/test/PHPMailerTest.php) a good reference for how to do various operations such as encryption.
+You can generate complete API-level documentation by running `phpdoc` in the top-level folder, and documentation will appear in the `docs` folder, though you'll need to have [PHPDocumentor](https://www.phpdoc.org) installed. You may find [the unit tests](https://github.com/PHPMailer/PHPMailer/blob/master/test/PHPMailerTest.php) a good reference for how to do various operations such as encryption.
 
-If the documentation doesn't cover what you need, search the [many questions on Stack Overflow](http://stackoverflow.com/questions/tagged/phpmailer), and before you ask a question about "SMTP Error: Could not connect to SMTP host.", [read the troubleshooting guide](https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting).
+If the documentation doesn't cover what you need, search the [many questions on Stack Overflow](https://stackoverflow.com/questions/tagged/phpmailer), and before you ask a question about "SMTP Error: Could not connect to SMTP host.", [read the troubleshooting guide](https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting).
 
 ## Tests
 [PHPMailer tests](https://github.com/PHPMailer/PHPMailer/tree/master/test/) use PHPUnit 9, with [a polyfill](https://github.com/Yoast/PHPUnit-Polyfills) to let 9-style tests run on older PHPUnit and PHP versions.
@@ -213,7 +213,7 @@ use. [Learn more.](https://tidelift.com/subscription/pkg/packagist-phpmailer-php
 See [changelog](changelog.md).
 
 ## History
-- PHPMailer was originally written in 2001 by Brent R. Matzelle as a [SourceForge project](http://sourceforge.net/projects/phpmailer/).
+- PHPMailer was originally written in 2001 by Brent R. Matzelle as a [SourceForge project](https://sourceforge.net/projects/phpmailer/).
 - [Marcus Bointon](https://github.com/Synchro) (`coolbru` on SF) and Andy Prevost (`codeworxtech`) took over the project in 2004.
 - Became an Apache incubator project on Google Code in 2010, managed by Jim Jagielski.
 - Marcus created [his fork on GitHub](https://github.com/Synchro/PHPMailer) in 2008.

diff --git a/src/vendor/phpmailer/phpmailer/SECURITY.md b/src/vendor/phpmailer/phpmailer/SECURITY.md
@@ -13,13 +13,13 @@ PHPMailer versions 6.1.5 and earlier contain an output escaping bug that occurs
 
 PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing `phar://` paths into `addAttachment()` and other functions that may receive unfiltered local paths, possibly leading to RCE. Recorded as [CVE-2018-19296](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19296). See [this article](https://knasmueller.net/5-answers-about-php-phar-exploitation) for more info on this type of vulnerability. Mitigated by blocking the use of paths containing URL-protocol style prefixes such as `phar://`. Reported by Sehun Oh of cyberone.kr.
 
-PHPMailer versions prior to 5.2.24 (released July 26th 2017) have an XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, and the file is not included when PHPMailer is loaded through composer, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
+PHPMailer versions prior to 5.2.24 (released July 26th 2017) have an XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it is not normally executable unless it is explicitly renamed, and the file is not included when PHPMailer is loaded through composer, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
 
 PHPMailer versions prior to 5.2.22 (released January 9th 2017) have a local file disclosure vulnerability, [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223). If content passed into `msgHTML()` is sourced from unfiltered user input, relative paths can map to absolute local file paths and added as attachments. Also note that `addAttachment` (just like `file_get_contents`, `passthru`, `unlink`, etc) should not be passed user-sourced params either! Reported by Yongxiang Li of Asiasecurity.
 
 PHPMailer versions prior to 5.2.20 (released December 28th 2016) are vulnerable to [CVE-2016-10045](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10045) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html), and patched by Paul Buonopane (@Zenexer).
 
-PHPMailer versions prior to 5.2.18 (released December 2016) are vulnerable to [CVE-2016-10033](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10033) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html).
+PHPMailer versions prior to 5.2.18 (released December 2016) are vulnerable to [CVE-2016-10033](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10033) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html).
 
 PHPMailer versions prior to 5.2.14 (released November 2015) are vulnerable to [CVE-2015-8476](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8476) an SMTP CRLF injection bug permitting arbitrary message sending.
 

diff --git a/src/vendor/phpmailer/phpmailer/VERSION b/src/vendor/phpmailer/phpmailer/VERSION
@@ -1 +1 @@
-6.9.1
+6.9.2
diff --git a/src/vendor/phpmailer/phpmailer/composer.json b/src/vendor/phpmailer/phpmailer/composer.json
@@ -28,7 +28,8 @@
     "config": {
         "allow-plugins": {
             "dealerdirect/phpcodesniffer-composer-installer": true
-        }
+        },
+        "lock": false
     },
     "require": {
         "php": ">=5.5.0",

diff --git a/src/vendor/phpmailer/phpmailer/get_oauth_token.php b/src/vendor/phpmailer/phpmailer/get_oauth_token.php
@@ -12,7 +12,7 @@
  * @copyright 2012 - 2020 Marcus Bointon
  * @copyright 2010 - 2012 Jim Jagielski
  * @copyright 2004 - 2009 Andy Prevost
- * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License
  * @note This program is distributed in the hope that it will be useful - WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.
@@ -36,7 +36,7 @@
  * Aliases for League Provider Classes
  * Make sure you have added these to your composer.json and run `composer install`
  * Plenty to choose from here:
- * @see http://oauth2-client.thephpleague.com/providers/thirdparty/
+ * @see https://oauth2-client.thephpleague.com/providers/thirdparty/
  */
 //@see https://github.com/thephpleague/oauth2-google
 use League\OAuth2\Client\Provider\Google;
@@ -178,5 +178,5 @@
     );
     //Use this to interact with an API on the users behalf
     //Use this to get a new access token if the old one expires
-    echo 'Refresh Token: ', $token->getRefreshToken();
+    echo 'Refresh Token: ', htmlspecialchars($token->getRefreshToken());
 }
diff --git a/src/vendor/phpmailer/phpmailer/language/phpmailer.lang-es.php b/src/vendor/phpmailer/phpmailer/language/phpmailer.lang-es.php
@@ -5,27 +5,32 @@
  * @package PHPMailer
  * @author Matt Sturdy <[email protected]>
  * @author Crystopher Glodzienski Cardoso <[email protected]>
+ * @author Daniel Cruz <[email protected]>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Error SMTP: Imposible autentificar.';
+$PHPMAILER_LANG['buggy_php']            = 'Tu versión de PHP está afectada por un bug que puede resultar en mensajes corruptos. Para arreglarlo, cambia a enviar usando SMTP, deshabilita la opción mail.add_x_header en tu php.ini, cambia a MacOS o Linux, o actualiza tu PHP a la versión 7.0.17+ o 7.1.3+.';
 $PHPMAILER_LANG['connect_host']         = 'Error SMTP: Imposible conectar al servidor SMTP.';
 $PHPMAILER_LANG['data_not_accepted']    = 'Error SMTP: Datos no aceptados.';
 $PHPMAILER_LANG['empty_message']        = 'El cuerpo del mensaje está vacío.';
 $PHPMAILER_LANG['encoding']             = 'Codificación desconocida: ';
 $PHPMAILER_LANG['execute']              = 'Imposible ejecutar: ';
+$PHPMAILER_LANG['extension_missing']    = 'Extensión faltante: ';
 $PHPMAILER_LANG['file_access']          = 'Imposible acceder al archivo: ';
 $PHPMAILER_LANG['file_open']            = 'Error de Archivo: Imposible abrir el archivo: ';
 $PHPMAILER_LANG['from_failed']          = 'La(s) siguiente(s) direcciones de remitente fallaron: ';
 $PHPMAILER_LANG['instantiate']          = 'Imposible crear una instancia de la función Mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Imposible enviar: dirección de email inválido: ';
+$PHPMAILER_LANG['invalid_header']       = 'Nombre o valor de encabezado no válido';
+$PHPMAILER_LANG['invalid_hostentry']    = 'Hostentry inválido: ';
+$PHPMAILER_LANG['invalid_host']         = 'Host inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer no está soportado.';
 $PHPMAILER_LANG['provide_address']      = 'Debe proporcionar al menos una dirección de email de destino.';
 $PHPMAILER_LANG['recipients_failed']    = 'Error SMTP: Los siguientes destinos fallaron: ';
 $PHPMAILER_LANG['signing']              = 'Error al firmar: ';
+$PHPMAILER_LANG['smtp_code']            = 'Código del servidor SMTP: ';
+$PHPMAILER_LANG['smtp_code_ex']         = 'Información adicional del servidor SMTP: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() falló.';
+$PHPMAILER_LANG['smtp_detail']          = 'Detalle: ';
 $PHPMAILER_LANG['smtp_error']           = 'Error del servidor SMTP: ';
 $PHPMAILER_LANG['variable_set']         = 'No se pudo configurar la variable: ';
-$PHPMAILER_LANG['extension_missing']    = 'Extensión faltante: ';
-$PHPMAILER_LANG['smtp_code']            = 'Código del servidor SMTP: ';
-$PHPMAILER_LANG['smtp_code_ex']         = 'Información adicional del servidor SMTP: ';
-$PHPMAILER_LANG['invalid_header']       = 'Nombre o valor de encabezado no válido';
diff --git a/src/vendor/phpmailer/phpmailer/language/phpmailer.lang-fr.php b/src/vendor/phpmailer/phpmailer/language/phpmailer.lang-fr.php
@@ -6,7 +6,6 @@
  * Some French punctuation requires a thin non-breaking space (U+202F) character before it,
  * for example before a colon or exclamation mark.
  * There is one of these characters between these quotes: " "
- * @see http://unicode.org/udhr/n/notes_fra.html
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Erreur SMTP : échec de l’authentification.';
@@ -31,7 +30,7 @@
 $PHPMAILER_LANG['signing']              = 'Erreur de signature : ';
 $PHPMAILER_LANG['smtp_code']            = 'Code SMTP : ';
 $PHPMAILER_LANG['smtp_code_ex']         = 'Informations supplémentaires SMTP : ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'La fonction SMTP connect() a échouée.';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'La fonction SMTP connect() a échoué.';
 $PHPMAILER_LANG['smtp_detail']          = 'Détails : ';
 $PHPMAILER_LANG['smtp_error']           = 'Erreur du serveur SMTP : ';
 $PHPMAILER_LANG['variable_set']         = 'Impossible d’initialiser ou de réinitialiser une variable : ';