Merge 1db5a32683 into ebf1655bd5

Fixing troubles with mailSend and Sender enabled

VERSION

@@ -1 +1 @@
-7.0.1
+7.0.2

changelog.md

@@ -1,5 +1,9 @@
 # PHPMailer Change Log
 
+## Version 7.0.2 (January 9th, 2026)
+* Fixes for sendmail parameter problems in WordPress, thanks to @SirLouen
+* Reduce memory consumption when sending large attachments by @RobinvanderVliet
+
 ## Version 7.0.1 (November 25th, 2025)
 * Use From domain when generating CIDs in msgHTML.
 * Update to PHPCompatibility 10, resolve numerous PHPCS issues in PHP 8.5.

src/PHPMailer.php

@@ -768,7 +768,7 @@ class PHPMailer
      *
      * @var string
      */
-    const VERSION = '7.0.1';
+    const VERSION = '7.0.2';
 
     /**
      * Error severity: message only, continue processing.
@@ -988,6 +988,54 @@ class PHPMailer
         $this->Mailer = 'mail';
     }
 
+    /**
+     * Extract sendmail path and parse to deal with known parameters.
+     *
+     * @param string $sendmailPath The sendmail path as set in php.ini
+     *
+     * @return string The sendmail path without the known parameters
+     */
+    private function parseSendmailPath($sendmailPath)
+    {
+        $sendmailPath = trim((string)$sendmailPath);
+        if ($sendmailPath === '') {
+            return $sendmailPath;
+        }
+
+        $parts = preg_split('/\s+/', $sendmailPath);
+        if (empty($parts)) {
+            return $sendmailPath;
+        }
+
+        $command = array_shift($parts);
+        $remainder = [];
+
+        // Parse only -t, -i, -oi and -f parameters.
+        for ($i = 0; $i < count($parts); ++$i) {
+            $part = $parts[$i];
+            if (preg_match('/^-(i|oi|t)$/', $part, $matches)) {
+                continue;
+            }
+            if (preg_match('/^-f(.*)$/', $part, $matches)) {
+                $address = $matches[1];
+                if ($address === '' && isset($parts[$i + 1]) && strpos($parts[$i + 1], '-') !== 0) {
+                    $address = $parts[++$i];
+                }
+                $this->Sender = $address;
+                continue;
+            }
+
+            $remainder[] = $part;
+        }
+
+        // The params that are not parsed are added back to the command.
+        if (!empty($remainder)) {
+            $command .= ' ' . implode(' ', $remainder);
+        }
+
+        return $command;
+    }
+
     /**
      * Send messages using $Sendmail.
      */
@@ -996,10 +1044,9 @@ class PHPMailer
         $ini_sendmail_path = ini_get('sendmail_path');
 
         if (false === stripos($ini_sendmail_path, 'sendmail')) {
-            $this->Sendmail = '/usr/sbin/sendmail';
-        } else {
-            $this->Sendmail = $ini_sendmail_path;
+            $ini_sendmail_path = '/usr/sbin/sendmail';
         }
+        $this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
         $this->Mailer = 'sendmail';
     }
 
@@ -1011,10 +1058,9 @@ class PHPMailer
         $ini_sendmail_path = ini_get('sendmail_path');
 
         if (false === stripos($ini_sendmail_path, 'qmail')) {
-            $this->Sendmail = '/var/qmail/bin/qmail-inject';
-        } else {
-            $this->Sendmail = $ini_sendmail_path;
+            $ini_sendmail_path = '/var/qmail/bin/qmail-inject';
         }
+        $this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
         $this->Mailer = 'qmail';
     }
 
@@ -1860,25 +1906,27 @@ class PHPMailer
             //PHP config has a sender address we can use
             $this->Sender = ini_get('sendmail_from');
         }
-        //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+
+        $sendmailArgs = [];
+
+        // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+        // Also don't add the -f automatically unless it has been set either via Sender
+        // or sendmail_path. Otherwise it can introduce new problems.
+        // @see http://github.com/PHPMailer/PHPMailer/issues/2298
         if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
-            if ($this->Mailer === 'qmail') {
-                $sendmailFmt = '%s -f%s';
-            } else {
-                $sendmailFmt = '%s -oi -f%s -t';
-            }
-        } elseif ($this->Mailer === 'qmail') {
-            $sendmailFmt = '%s';
-        } else {
-            //Allow sendmail to choose a default envelope sender. It may
-            //seem preferable to force it to use the From header as with
-            //SMTP, but that introduces new problems (see
-            //<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
-            //it has historically worked this way.
-            $sendmailFmt = '%s -oi -t';
+            $sendmailArgs[] = '-f' . $this->Sender;
         }
 
-        $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
+        // Qmail doesn't accept all the sendmail parameters
+        // @see https://github.com/PHPMailer/PHPMailer/issues/3189
+        if ($this->Mailer !== 'qmail') {
+            $sendmailArgs[] = '-i';
+            $sendmailArgs[] = '-t';
+        }
+
+        $resultArgs = (empty($sendmailArgs) ? '' : ' ' . implode(' ', $sendmailArgs));
+
+        $sendmail = trim(escapeshellcmd($this->Sendmail) . $resultArgs);
         $this->edebug('Sendmail path: ' . $this->Sendmail);
         $this->edebug('Sendmail command: ' . $sendmail);
         $this->edebug('Envelope sender: ' . $this->Sender);
@@ -2062,7 +2110,8 @@ class PHPMailer
             $this->Sender = ini_get('sendmail_from');
         }
         if (!empty($this->Sender) && static::validateAddress($this->Sender)) {
-            if (self::isShellSafe($this->Sender)) {
+            $phpmailer_path = ini_get('sendmail_path');
+            if (self::isShellSafe($this->Sender) && strpos($phpmailer_path, ' -f') === false) {
                 $params = sprintf('-f%s', $this->Sender);
             }
             $old_from = ini_get('sendmail_from');

src/POP3.php

@@ -47,7 +47,7 @@ class POP3
      * @var string
      * @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
      */
-    const VERSION = '7.0.1';
+    const VERSION = '7.0.2';
 
     /**
      * Default POP3 port number.

src/SMTP.php

@@ -36,7 +36,7 @@ class SMTP
      * @var string
      * @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
      */
-    const VERSION = '7.0.1';
+    const VERSION = '7.0.2';
 
     /**
      * SMTP line break constant.
@@ -275,6 +275,12 @@ class SMTP
      */
     protected $last_reply = '';
 
+    /**
+     * Whether we are in the DATA phase or not
+     * @var bool
+     */
+    private $inData = false;
+
     /**
      * Output debugging info via a user-selected method.
      *
@@ -806,9 +812,12 @@ class SMTP
     {
         //This will use the standard timelimit
         if (!$this->sendCommand('DATA', 'DATA', 354)) {
+            $this->inData = false;
             return false;
         }
 
+        $this->inData = true;
+
         /* The server is ready to accept data!
          * According to rfc821 we should not send more than 1000 characters on a single line (including the LE)
          * so we will break the data up into lines by \r and/or \n then if needed we will break each of those into
@@ -881,6 +890,7 @@ class SMTP
         $this->recordLastTransactionID();
         //Restore timelimit
         $this->Timelimit = $savetimelimit;
+        $this->inData = false;
 
         return $result;
     }
@@ -1020,7 +1030,11 @@ class SMTP
      */
     public function quit($close_on_error = true)
     {
-        $noerror = $this->sendCommand('QUIT', 'QUIT', 221);
+        if ($this->inData) {
+            $noerror = true;
+        } else {
+            $noerror = $this->sendCommand('QUIT', 'QUIT', 221);
+        }
         $err = $this->error; //Save any error
         if ($noerror || $close_on_error) {
             $this->close();

test/PHPMailer/MailTransportTest.php

@@ -20,6 +20,23 @@ use PHPMailer\Test\SendTestCase;
  */
 final class MailTransportTest extends SendTestCase
 {
+    /** @var string */
+    private $originalSendmailFrom = '';
+
+    protected function set_up()
+    {
+        parent::set_up();
+
+        $from = ini_get('sendmail_from');
+        $this->originalSendmailFrom = $from === false ? '' : $from;
+    }
+
+    protected function tear_down()
+    {
+        ini_set('sendmail_from', $this->originalSendmailFrom);
+        parent::tear_down();
+    }
+
     /**
      * Test sending using SendMail.
      *
@@ -65,12 +82,6 @@ final class MailTransportTest extends SendTestCase
      */
     public function testMailSend()
     {
-        $sendmail = ini_get('sendmail_path');
-        // No path in sendmail_path.
-        if (strpos($sendmail, '/') === false) {
-            ini_set('sendmail_path', '/usr/sbin/sendmail -t -i ');
-        }
-
         $this->Mail->Body = 'Sending via mail()';
         $this->buildBody();
         $this->Mail->Subject = $this->Mail->Subject . ': mail()';
@@ -105,4 +116,146 @@ final class MailTransportTest extends SendTestCase
         $msg = $this->Mail->getSentMIMEMessage();
         self::assertStringNotContainsString("\r\n\r\nMIME-Version:", $msg, 'Incorrect MIME headers');
     }
+
+    /**
+     * Test sending using PHP mail() function with Sender address
+     * and explicit sendmail_from ini set.
+     * Test running required with:
+     * php -d sendmail_path="/usr/sbin/sendmail -t -i -frpath@example.org" ./vendor/bin/phpunit
+     *
+     * @group sendmailparams
+     * @covers \PHPMailer\PHPMailer\PHPMailer::isMail
+     */
+    public function testMailSendWithSendmailParams()
+    {
+        $sender = 'rpath@example.org';
+
+        if (strpos(ini_get('sendmail_path'), $sender) === false) {
+            self::markTestSkipped('Custom Sendmail php.ini not available');
+        }
+
+        $this->Mail->Body = 'Sending via mail()';
+        $this->buildBody();
+        $this->Mail->Subject = $this->Mail->Subject . ': mail()';
+        $this->Mail->clearAddresses();
+        $this->setAddress('testmailsend@example.com', 'totest');
+
+        ini_set('sendmail_from', $sender);
+        $this->Mail->createHeader();
+        $this->Mail->isMail();
+
+        self::assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);
+    }
+
+    /**
+     * Test sending using SendMail with Sender address
+     * and explicit sendmail_from ini set.
+     * Test running required with:
+     * php -d sendmail_path="/usr/sbin/sendmail -t -i -frpath@example.org" ./vendor/bin/phpunit
+     *
+     * @group sendmailparams
+     * @covers \PHPMailer\PHPMailer\PHPMailer::isSendmail
+     */
+    public function testSendmailSendWithSendmailParams()
+    {
+        $sender = 'rpath@example.org';
+
+        if (strpos(ini_get('sendmail_path'), $sender) === false) {
+            self::markTestSkipped('Custom Sendmail php.ini not available');
+        }
+
+        $this->Mail->Body = 'Sending via sendmail';
+        $this->buildBody();
+        $subject = $this->Mail->Subject;
+
+        $this->Mail->Subject = $subject . ': sendmail';
+        ini_set('sendmail_from', $sender);
+        $this->Mail->isSendmail();
+
+        self::assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);
+    }
+
+    /**
+     * Test parsing of sendmail path and with certain parameters.
+     *
+     * @group sendmailparams
+     * @covers \PHPMailer\PHPMailer\PHPMailer::parseSendmailPath
+     * @dataProvider sendmailPathProvider
+     *
+     * @param string $sendmailPath The sendmail path to parse.
+     * @param string $expectedCommand The expected command after parsing.
+     * @param string  $expectedSender The expected Sender (-f parameter) after parsing.
+     */
+    public function testParseSendmailPath($sendmailPath, $expectedCommand, $expectedSender)
+    {
+        $mailer = $this->Mail;
+
+        $parseSendmailPath = \Closure::bind(
+            function ($path) {
+                return $this->{'parseSendmailPath'}($path);
+            },
+            $mailer,
+            \PHPMailer\PHPMailer\PHPMailer::class
+        );
+        $command = $parseSendmailPath($sendmailPath);
+
+        self::assertSame($expectedCommand, $command, 'Sendmail command not parsed correctly');
+        self::assertSame($expectedSender, $mailer->Sender, 'Sender property not set correctly');
+    }
+
+    /**
+     * Data provider for testParseSendmailPath.
+     *
+     * @return array{
+     *   0: string, // The sendmail path to parse.
+     *   1: string, // The expected command after parsing.
+     *   2: string  // The expected Sender (-f parameter) after parsing.
+     * }
+     */
+
+    public function sendmailPathProvider()
+    {
+        return [
+            'path only' => [
+                '/usr/sbin/sendmail',
+                '/usr/sbin/sendmail',
+                ''
+            ],
+            'with i and t' => [
+                '/usr/sbin/sendmail -i -t',
+                '/usr/sbin/sendmail',
+                ''
+            ],
+            'with f concatenated' => [
+                '/usr/sbin/sendmail -frpath@example.org -i',
+                '/usr/sbin/sendmail',
+                'rpath@example.org'
+            ],
+            'with f separated' => [
+                '/usr/sbin/sendmail -f rpath@example.org -t',
+                '/usr/sbin/sendmail',
+                'rpath@example.org',
+            ],
+            'with extra flags preserved' => [
+                '/opt/sendmail -x -y -fuser@example.org',
+                '/opt/sendmail -x -y',
+                'user@example.org',
+            ],
+            "extra flags with values preserved" => [
+                '/opt/sendmail -X /path/to/logfile -fuser@example.org',
+                '/opt/sendmail -X /path/to/logfile',
+                'user@example.org',
+            ],
+            "extra flags concatenated preserved" => [
+                '/opt/sendmail -X/path/to/logfile -t -i',
+                '/opt/sendmail -X/path/to/logfile',
+                '',
+            ],
+            "option values with regular parameters" => [
+                '/opt/sendmail -oi -t',
+                '/opt/sendmail',
+                '',
+            ],
+        ];
+    }
 }