mirror of
https://github.com/PHPMailer/PHPMailer.git
synced 2026-01-13 16:02:30 +00:00
57ef8c914f
The `htmlspecialchars()` function is used to escape arbitrary text strings for display. Original the default for the `$flags` parameter of that function in PHP was `ENT_COMPAT`, which translates to "convert double quotes to `"` and leave single quotes alone". As of PHP 8.1, the default value for the `$flags` parameter has been made more robust and was changed to `ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401`, which translates to "convert both double and single quotes, replace invalid code unit sequences with a Unicode Replacement Character and treat code as HTML 4.01". For code to provide the same/predictable output cross-version PHP, the `$flags` parameter should be explicitly set and what with the new default value being the more robust one, this commit adds that value for `$flags` in all instances of function calls to `htmlspecialchars()`. Once the application minimum PHP version is PHP 8.1 or higher, the parameter can be removed again (as the value will then be the same as the default parameter value). Ref: https://www.php.net/manual/en/function.htmlspecialchars.php
61 lines
2.1 KiB
PHP
61 lines
2.1 KiB
PHP
<?php
|
|
|
|
/**
|
|
* PHPMailer simple file upload and send example.
|
|
*/
|
|
|
|
//Import the PHPMailer class into the global namespace
|
|
use PHPMailer\PHPMailer\PHPMailer;
|
|
|
|
require '../vendor/autoload.php';
|
|
|
|
$msg = '';
|
|
if (array_key_exists('userfile', $_FILES)) {
|
|
//First handle the upload
|
|
//Don't trust provided filename - same goes for MIME types
|
|
//See https://www.php.net/manual/en/features.file-upload.php#114004 for more thorough upload validation
|
|
//Extract an extension from the provided filename
|
|
$ext = PHPMailer::mb_pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
|
|
//Define a safe location to move the uploaded file to, preserving the extension
|
|
$uploadfile = tempnam(sys_get_temp_dir(), hash('sha256', $_FILES['userfile']['name'])) . '.' . $ext;
|
|
|
|
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
|
|
//Upload handled successfully
|
|
//Now create a message
|
|
$mail = new PHPMailer();
|
|
$mail->setFrom('from@example.com', 'First Last');
|
|
$mail->addAddress('whoto@example.com', 'John Doe');
|
|
$mail->Subject = 'PHPMailer file sender';
|
|
$mail->Body = 'My message body';
|
|
//Attach the uploaded file
|
|
if (!$mail->addAttachment($uploadfile, 'My uploaded file')) {
|
|
$msg .= 'Failed to attach file ' . $_FILES['userfile']['name'];
|
|
}
|
|
if (!$mail->send()) {
|
|
$msg .= 'Mailer Error: ' . $mail->ErrorInfo;
|
|
} else {
|
|
$msg .= 'Message sent!';
|
|
}
|
|
} else {
|
|
$msg .= 'Failed to move file to ' . $uploadfile;
|
|
}
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<title>PHPMailer Upload</title>
|
|
</head>
|
|
<body>
|
|
<?php if (empty($msg)) { ?>
|
|
<form method="post" enctype="multipart/form-data">
|
|
<input type="hidden" name="MAX_FILE_SIZE" value="100000"> Send this file: <input name="userfile" type="file">
|
|
<input type="submit" value="Send File">
|
|
</form>
|
|
<?php } else {
|
|
echo htmlspecialchars($msg, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
|
|
} ?>
|
|
</body>
|
|
</html>
|