mirror
/
PHPMailer
mirror of https://github.com/PHPMailer/PHPMailer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't attempt to use opportunistic TLS when connecting to localhost

This commit is contained in:
Marcus Bointon 2023-11-08 19:11:46 +01:00
parent b7dd089735
commit c87abc860c
No known key found for this signature in database
GPG Key ID: DE31CD6EB646AA24
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changelog.md
View File

@ -1,5 +1,9 @@
# PHPMailer Change Log
## WIP
* Don't attempt opportunistic TLS when connecting to localhost
* Update example to show a better way of using an SMTP subclass
## Version 6.8.1 (August 29th, 2023)
* Don't reflect malformed DSNs in error messages to avert any risk of XSS
* Improve Simplified Chinese, Sinhalese, and Norwegian translations

3
src/PHPMailer.php
View File

@ -2191,10 +2191,11 @@ class PHPMailer
$this->smtp->hello($hello);
//Automatically enable TLS encryption if:
//* it's not disabled
//* we are not connecting to localhost
//* we have openssl extension
//* we are not already using SSL
//* the server offers STARTTLS
if ($this->SMTPAutoTLS && $sslext && 'ssl' !== $secure && $this->smtp->getServerExt('STARTTLS')) {
if ($this->SMTPAutoTLS && $this->Host !== 'localhost' && $sslext && 'ssl' !== $secure && $this->smtp->getServerExt('STARTTLS')) {
$tls = true;
}
if ($tls) {