Merge 01897c9622 into 7e3f24386f

2025-12-28 17:51:50 +00:00 · 2025-12-28 17:51:50 +00:00 · 39ad5fe609
parent 7e3f24386f 01897c9622
commit 39ad5fe609
1 changed files with 51 additions and 0 deletions
--- a/src/PHPMailer.php
+++ b/src/PHPMailer.php
@ -749,6 +749,20 @@ class PHPMailer
     */
    protected $sign_key_pass = '';

+    /**
+     * An array of public PEM encoded certificates for each recipient
+     *
+     * @var array
+     */
+    protected $encrypt_recipcerts = [];
+
+    /**
+     * Used if body should be S/MIME encrypted
+     *
+     * @var bool
+     */
+    protected $encrypt_body = false;
+
    /**
     * Whether to throw exceptions for errors.
     *
@ -3259,6 +3273,30 @@ class PHPMailer
                    @unlink($signed);
                    throw new Exception(self::lang('signing') . openssl_error_string());
                }
+
+                if ($this->encrypt_body) {
+                    // Write out the encrypted message
+                    $file = tempnam(sys_get_temp_dir(), 'mail');
+                    if (false === file_put_contents($file, $this->MIMEHeader . static::$LE . static::$LE . $body)) {
+                        throw new phpmailerException($this->lang('encrypting') . ' Could not write temp file');
+                    }
+                    $encrypted = tempnam(sys_get_temp_dir(), 'encrypted');
+
+                    $encrypt = openssl_pkcs7_encrypt($file, $encrypted, $this->encrypt_recipcerts, []);
+                    if ($encrypt) {
+                        @unlink($file);
+                        $body = file_get_contents($encrypted);
+                        // As with signing, the headers get rewriting after encrypting
+                        $parts = explode("\n\n", $body, 2);
+                        $this->MIMEHeader = $parts[0] . static::$LE . static::$LE;
+                        $body = $parts[1];
+                        @unlink($encrypted);
+                    } else {
+                        @unlink($file);
+                        @unlink($encrypted);
+                        throw new phpmailerException($this->lang('encrypting') . openssl_error_string());
+                    }
+                }
            } catch (Exception $exc) {
                $body = '';
                if ($this->exceptions) {
@ -5068,6 +5106,19 @@ class PHPMailer
        $this->sign_extracerts_file = $extracerts_filename;
    }

+    /**
+     * Set the certificates, keys and passwords to encrypt via S/MIME
+     *
+     * @param array $recipcerts     Array of certificates used for recipients in PEM format
+     * @param mixed $recipcert_file
+     */
+    public function add_encryption($recipcert_file)
+    {
+        $this->encrypt_body = true;
+        $cert = file_get_contents($recipcert_file);
+        array_push($this->encrypt_recipcerts, $cert);
+    }
+
    /**
     * Quoted-Printable-encode a DKIM header.
     *