The `htmlspecialchars()` function is used to escape arbitrary text strings for display.
Original the default for the `$flags` parameter of that function in PHP was `ENT_COMPAT`, which translates to "convert double quotes to `"` and leave single quotes alone".
As of PHP 8.1, the default value for the `$flags` parameter has been made more robust and was changed to `ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401`, which translates to "convert both double and single quotes, replace invalid code unit sequences with a Unicode Replacement Character and treat code as HTML 4.01".
For code to provide the same/predictable output cross-version PHP, the `$flags` parameter should be explicitly set and what with the new default value being the more robust one, this commit adds that value for `$flags` in all instances of function calls to `htmlspecialchars()`.
Once the application minimum PHP version is PHP 8.1 or higher, the parameter can be removed again (as the value will then be the same as the default parameter value).
Ref: https://www.php.net/manual/en/function.htmlspecialchars.php
V4.1.0 of the SendOauth2 wrapper introduces two new optional operands for the invocation of both the standard PHPMailer email application and for the complete replacement of a PHPMailer application by the wrapper SendOauth2A front-end. These operands allow the developer to specify a name for the .json credentials file and/or whether the wrapper should dynamically build this .json file or use an already-built one, created either by Google (its standard download) or by the developer.
V4.1.0 of the SendOauth2 wrapper introduces two new optional operands for the invocation of both the standard PHPMailer email application and for the complete replacement of a PHPMailer application by the wrapper SendOauth2A front-end. These operands allow the developer to specify a name for the .json credentials file and/or whether the wrapper should dynamically build this .json file or use an already-built one, created either by Google (its standard download) or by the developer.
Client secrets and X.509 certificates, $_SESSION 'state' and PKCE code exchanges, and creation on the fly of GoogleAPI's .json credentials files are supported.
OAuth2 authentication for both Microsoft 365 Exchange email and Google Gmail. Client secrets and X.509 certificates are supported for Exchange. Client secrets are supported for Gmail. Authorization_code grant flow and client_credentials grant flow for SMTP are supported for Exchange. Authorization_code grant flow is supported for Gmail.
* Add ajax contact form
* Allow ajax contact form to work if javascript is disabled.
Co-authored-by: Suhayb Alghutaymil <s@sgh.sa>
Co-authored-by: Sohib AlGotimel <sgotimel@citc.gov.sa>
FakeSMTP's repo is read-only and hasn't been updated since 2016, so I removed it. The link to FakeEmail's repo was pointing at a fork that also hasn't been updated since 2016, so i changed the link to one that has more activity. Also smtp4dev has been moved to Github and works on Linux, so I updated its entry to reflect that.
Marcus Bointon
jrfnl
decomplexity
Mehmet Tolga Avcioglu
Jesper Skytte
Peter Scopes
Puneet Gopinath
Jérémy VIGNELLES
Suhayb Alghutaymil
Jérémy PASTOURET
elizabeth m