7.0.2

Fixing troubles with mailSend and Sender enabled

.github/dependabot.yml

@@ -8,7 +8,8 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "cron"
+      cronjob: "10 22 5,20 * *" # At 22:10, every 5th and 20th day of the month.
     open-pull-requests-limit: 5
     commit-message:
       prefix: "GH Actions:"

.github/workflows/docs.yaml

@@ -14,14 +14,14 @@ jobs:
     if: github.repository == 'PHPMailer/PHPMailer'
     steps:
       - name: Checkout sources
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 1
           persist-credentials: false
       - name: Build Docs
         uses: ./.github/actions/build-docs
       - name: Publish Docs to gh-pages
-        uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3
+        uses: JamesIves/github-pages-deploy-action@9d877eea73427180ae43cf98e8914934fe157a1a # v4.7.6
         with:
           branch: gh-pages
           folder: docs

.github/workflows/scorecards.yml

@@ -24,12 +24,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -48,7 +48,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -56,6 +56,6 @@ jobs:
       
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           sarif_file: results.sarif

.github/workflows/tests.yml

@@ -19,12 +19,12 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
       - name: Set up PHP
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
         with:
           php-version: 'latest'
           coverage: none
@@ -50,10 +50,10 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        php: ['5.5', '7.2', '8.0', '8.4']
+        php: ['5.5', '7.2', '8.0', '8.5']
         experimental: [false]
         include:
-          - php: '8.5'
+          - php: 'nightly'
             experimental: true
 
     name: "Lint: PHP ${{ matrix.php }}"
@@ -64,12 +64,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
       - name: Install PHP
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
         with:
           php-version: ${{ matrix.php }}
           ini-values: error_reporting=-1, display_errors=On, display_startup_errors=On
@@ -85,11 +85,11 @@ jobs:
           custom-cache-suffix: $(date -u "+%Y-%m")
 
       - name: Lint against parse errors
-        if: ${{ matrix.php != '8.5' }}
+        if: ${{ matrix.php != 'nightly' }}
         run: composer lint -- --checkstyle | cs2pr
 
-      - name: Lint against future parse errors (PHP 8.5)
-        if: ${{ matrix.php == '8.5' }}
+      - name: Lint against future parse errors (PHP nightly)
+        if: ${{ matrix.php == 'nightly' }}
         run: composer lint
 
   test:
@@ -97,7 +97,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        php: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3']
+        php: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4']
         extensions: ['optimal', 'minimal']
         coverage: [false]
         experimental: [false]
@@ -111,21 +111,21 @@ jobs:
             extensions: 'minimal'
             coverage: true
             experimental: false
-          - php: '8.4'
+          - php: '8.5'
             extensions: 'optimal'
             coverage: true
             experimental: false
-          - php: '8.4'
+          - php: '8.5'
             extensions: 'minimal'
             coverage: true
             experimental: false
 
           # Experimental builds. These are allowed to fail.
-          - php: '8.5'
+          - php: '8.6'
             extensions: 'optimal'
             coverage: false
             experimental: true
-          - php: '8.5'
+          - php: '8.6'
             extensions: 'minimal'
             coverage: false
             experimental: true
@@ -139,7 +139,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
@@ -171,7 +171,7 @@ jobs:
           fi
 
       - name: Set up PHP
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
         with:
           php-version: ${{ matrix.php }}
           coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
@@ -181,7 +181,7 @@ jobs:
       # Install dependencies and handle caching in one go.
       # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer
       - name: Install PHP packages - normal
-        if: ${{ matrix.php != '8.5' }}
+        if: ${{ matrix.php != '8.6' }}
         uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1
         with:
           composer-options: ${{ steps.set_extensions.outputs.COMPOSER_OPTIONS }}
@@ -189,7 +189,7 @@ jobs:
           custom-cache-suffix: $(date -u "+%Y-%m")
 
       - name: Install PHP packages - ignore-platform-reqs
-        if: ${{ matrix.php == '8.5' }}
+        if: ${{ matrix.php == '8.6' }}
         uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1
         with:
           composer-options: --ignore-platform-reqs ${{ steps.set_extensions.outputs.COMPOSER_OPTIONS }}
@@ -227,8 +227,8 @@ jobs:
         run: vendor/bin/phpunit
 
       - name: Send coverage report to Codecov
-        if: ${{ success() && matrix.coverage == true }}
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        if: ${{ success() && matrix.coverage == true && github.event.repository.fork == false }}
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:

README.md

@@ -27,7 +27,7 @@
 - Protects against header injection attacks
 - Error messages in over 50 languages!
 - DKIM and S/MIME signing support
-- Compatible with PHP 5.5 and later, including PHP 8.4
+- Compatible with PHP 5.5 and later, including PHP 8.5
 - Namespaced to prevent name clashes
 - Much more!
 

VERSION

@@ -1 +1 @@
-7.0.0
+7.0.2

changelog.md

@@ -1,8 +1,26 @@
 # PHPMailer Change Log
 
+## Version 7.0.2 (January 9th, 2026)
+* Fixes for sendmail parameter problems in WordPress, thanks to @SirLouen
+* Reduce memory consumption when sending large attachments by @RobinvanderVliet
+
+## Version 7.0.1 (November 25th, 2025)
+* Use From domain when generating CIDs in msgHTML.
+* Update to PHPCompatibility 10, resolve numerous PHPCS issues in PHP 8.5.
+* Revise GitHub actions for PHP 8.5 and experimental 8.6 tests.
+* Switch gmail example from the deprecated IMAP extension to use `directorytree/imapengine` for IMAP uploads.
+* Set `htmlspecialchars()` flags explicitly and consistently.
+* Convert XOAUTH2 token exceptions into PHPMailer Exceptions. The original exception is available as an inner exception.
+* Deprecate VERSION constants in POP3 and SMTP classes.
+* Remove dependency on `roave/security-advisories`; it's now built into composer 2.9.
+* Update Dutch, Esperanto, and Norwegian translations.
+
 ## Version 7.0.0 (October 15th, 2025)
 This is exactly the same as 6.11.1 but bumps the major version number to indicate the presence of a BC break in child classes. Specifically, `lang()`, `setLanguage()`, and `$language` are now static, and should be called statically.
 
+## Version 6.12.0 (October 15th, 2025)
+This is exactly the same as 6.10.0, reverting all the changes in 6.11.0 and 6.11.1, which inadvertently introduced a BC break affecting child classes. 6.11.1 has been re-released as 7.0.0.
+
 ## Version 6.11.1 (September 30th, 2025)
 * Avoid function signature problems with the deprecation of `$useimap` in `parseAddresses`.
 

composer.json

@@ -42,9 +42,8 @@
         "doctrine/annotations": "^1.2.6 || ^1.13.3",
         "php-parallel-lint/php-console-highlighter": "^1.0.0",
         "php-parallel-lint/php-parallel-lint": "^1.3.2",
-        "phpcompatibility/php-compatibility": "^9.3.5",
-        "roave/security-advisories": "dev-latest",
-        "squizlabs/php_codesniffer": "^3.7.2",
+        "phpcompatibility/php-compatibility": "^10.0.0@dev",
+        "squizlabs/php_codesniffer": "^3.13.5",
         "yoast/phpunit-polyfills": "^1.0.4"
     },
     "suggest": {
@@ -57,8 +56,11 @@
         "league/oauth2-google": "Needed for Google XOAUTH2 authentication",
         "psr/log": "For optional PSR-3 debug logging",
         "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)",
-        "thenetworg/oauth2-azure": "Needed for Microsoft XOAUTH2 authentication"
+        "thenetworg/oauth2-azure": "Needed for Microsoft XOAUTH2 authentication",
+        "directorytree/imapengine": "For uploading sent messages via IMAP, see gmail example"
     },
+    "minimum-stability": "dev",
+    "prefer-stable": true,
     "autoload": {
         "psr-4": {
             "PHPMailer\\PHPMailer\\": "src/"

examples/gmail.phps

@@ -83,26 +83,24 @@ if (!$mail->send()) {
     echo 'Message sent!';
     //Section 2: IMAP
     //Uncomment these to save your message in the 'Sent Mail' folder.
-    #if (save_mail($mail)) {
-    #    echo "Message saved!";
-    #}
+    #save_mail($mail->getSentMIMEMessage());
 }
 
 //Section 2: IMAP
-//IMAP commands requires the PHP IMAP Extension, found at: https://php.net/manual/en/imap.setup.php
-//Function to call which uses the PHP imap_*() functions to save messages: https://php.net/manual/en/book.imap.php
-//You can use imap_getmailboxes($imapStream, '/imap/ssl', '*' ) to get a list of available folders or labels, this can
-//be useful if you are trying to get this working on a non-Gmail IMAP server.
-function save_mail($mail)
+//This example uses the directorytree/imapengine IMAP library: https://imapengine.com
+//Earlier versions of this code used the deprecated PHP imap_* functions.
+function save_mail($message)
 {
-    //You can change 'Sent Mail' to any other folder or tag
-    $path = '{imap.gmail.com:993/imap/ssl}[Gmail]/Sent Mail';
+    $mailbox = new \DirectoryTree\ImapEngine\Mailbox([
+        'host' => 'imap.gmail.com',
+        'port' => 993,
+        'encryption' => 'ssl',
+        'username' => 'user@example.com',
+        'password' => 'password',
+    ]);
 
-    //Tell your server to open an IMAP connection using the same username and password as you used for SMTP
-    $imapStream = imap_open($path, $mail->Username, $mail->Password);
+    // Find the "sent" messages folder – yours may have a different name.
+    $folder = $mailbox->folders()->find('Sent Mail');
 
-    $result = imap_append($imapStream, $path, $mail->getSentMIMEMessage());
-    imap_close($imapStream);
-
-    return $result;
+    $folder->messages()->append($message);
 }

examples/mailing_list.phps

@@ -8,7 +8,7 @@
 use PHPMailer\PHPMailer\PHPMailer;
 use PHPMailer\PHPMailer\Exception;
 
-error_reporting(E_STRICT | E_ALL);
+error_reporting(E_ALL);
 
 date_default_timezone_set('Etc/UTC');
 
@@ -51,7 +51,10 @@ foreach ($result as $row) {
     try {
         $mail->addAddress($row['email'], $row['full_name']);
     } catch (Exception $e) {
-        echo 'Invalid address skipped: ' . htmlspecialchars($row['email']) . '<br>';
+        printf(
+            'Invalid address skipped: %s<br>',
+            htmlspecialchars($row['email'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401)
+        );
         continue;
     }
     if (!empty($row['photo'])) {
@@ -66,8 +69,11 @@ foreach ($result as $row) {
 
     try {
         $mail->send();
-        echo 'Message sent to :' . htmlspecialchars($row['full_name']) . ' (' .
-            htmlspecialchars($row['email']) . ')<br>';
+        printf(
+            'Message sent to : %s (%s)<br>',
+            htmlspecialchars($row['full_name'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401),
+            htmlspecialchars($row['email'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401)
+        );
         //Mark it as sent in the DB
         mysqli_query(
             $mysql,
@@ -75,7 +81,11 @@ foreach ($result as $row) {
             mysqli_real_escape_string($mysql, $row['email']) . "'"
         );
     } catch (Exception $e) {
-        echo 'Mailer Error (' . htmlspecialchars($row['email']) . ') ' . $mail->ErrorInfo . '<br>';
+        printf(
+            'Mailer Error (%s) %s<br>',
+            htmlspecialchars($row['email'], ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401),
+            $mail->ErrorInfo
+        );
         //Reset the connection to abort sending this message
         //The loop will continue trying to send to the rest of the list
         $mail->getSMTPInstance()->reset();

examples/send_file_upload.phps

@@ -54,7 +54,7 @@ if (array_key_exists('userfile', $_FILES)) {
         <input type="submit" value="Send File">
     </form>
 <?php } else {
-    echo htmlspecialchars($msg);
+    echo htmlspecialchars($msg, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
 } ?>
 </body>
 </html>

examples/send_multiple_file_upload.phps

@@ -54,7 +54,7 @@ if (array_key_exists('userfile', $_FILES)) {
         <input type="submit" value="Send Files">
     </form>
 <?php } else {
-    echo htmlspecialchars($msg);
+    echo htmlspecialchars($msg, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
 } ?>
 </body>
 </html>

get_oauth_token.php

@@ -178,5 +178,5 @@ if (!isset($_GET['code'])) {
     );
     //Use this to interact with an API on the users behalf
     //Use this to get a new access token if the old one expires
-    echo 'Refresh Token: ', htmlspecialchars($token->getRefreshToken());
+    echo 'Refresh Token: ', htmlspecialchars($token->getRefreshToken(), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
 }

language/phpmailer.lang-da.php

@@ -34,3 +34,6 @@ $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() fejlede.';
 $PHPMAILER_LANG['smtp_detail']          = 'Detalje: ';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP server fejl: ';
 $PHPMAILER_LANG['variable_set']         = 'Kunne ikke definere eller nulstille variablen: ';
+$PHPMAILER_LANG['no_smtputf8']          = 'Serveren understøtter ikke SMTPUTF8 som påkrævet for at sende til Unicode adresser';
+$PHPMAILER_LANG['imap_recommended']     = 'Brug af forenklet adresseparser anbefales ikke. Installer PHP IMAP udvidelsen for fuld RFC822 parsing.';
+$PHPMAILER_LANG['deprecated_argument']  = 'Udfaset argument: ';

language/phpmailer.lang-eo.php

@@ -3,24 +3,35 @@
 /**
  * Esperanto PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
+ * @author Robin van der Vliet <info@robinvandervliet.com>
  */
 
-$PHPMAILER_LANG['authenticate']         = 'Eraro de servilo SMTP : aŭtentigo malsukcesis.';
-$PHPMAILER_LANG['connect_host']         = 'Eraro de servilo SMTP : konektado al servilo malsukcesis.';
-$PHPMAILER_LANG['data_not_accepted']    = 'Eraro de servilo SMTP : neĝustaj datumoj.';
-$PHPMAILER_LANG['empty_message']        = 'Teksto de mesaĝo mankas.';
+$PHPMAILER_LANG['authenticate']         = 'SMTP-eraro: Ne eblis aŭtentigi.';
+$PHPMAILER_LANG['buggy_php']            = 'Via versio de PHP estas trafita de cimo, kiu povas kaŭzi difektitajn mesaĝojn. Por ripari tion, ŝanĝu al sendado per SMTP, malŝaltu la opcion mail.add_x_header en via php.ini, ŝanĝu al MacOS aŭ Linux, aŭ ĝisdatigu vian PHP al versio 7.0.17+ aŭ 7.1.3+.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP-eraro: Ne eblis konektiĝi al la SMTP-gastiganto.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP-eraro: Datumoj ne akceptitaj.';
+$PHPMAILER_LANG['empty_message']        = 'Mesaĝokorpo malplena';
 $PHPMAILER_LANG['encoding']             = 'Nekonata kodoprezento: ';
-$PHPMAILER_LANG['execute']              = 'Lanĉi rulumadon ne eblis: ';
-$PHPMAILER_LANG['file_access']          = 'Aliro al dosiero ne sukcesis: ';
-$PHPMAILER_LANG['file_open']            = 'Eraro de dosiero: malfermo neeblas: ';
-$PHPMAILER_LANG['from_failed']          = 'Jena adreso de sendinto malsukcesis: ';
-$PHPMAILER_LANG['instantiate']          = 'Genero de retmesaĝa funkcio neeblis.';
-$PHPMAILER_LANG['invalid_address']      = 'Retadreso ne validas: ';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mesaĝilo ne subtenata.';
-$PHPMAILER_LANG['provide_address']      = 'Vi devas tajpi almenaŭ unu recevontan retadreson.';
-$PHPMAILER_LANG['recipients_failed']    = 'Eraro de servilo SMTP : la jenaj poŝtrecivuloj kaŭzis eraron: ';
-$PHPMAILER_LANG['signing']              = 'Eraro de subskribo: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP konektado malsukcesis.';
-$PHPMAILER_LANG['smtp_error']           = 'Eraro de servilo SMTP : ';
-$PHPMAILER_LANG['variable_set']         = 'Variablo ne pravalorizeblas aŭ ne repravalorizeblas: ';
-$PHPMAILER_LANG['extension_missing']    = 'Mankas etendo: ';
+$PHPMAILER_LANG['execute']              = 'Ne eblis plenumi: ';
+$PHPMAILER_LANG['extension_missing']    = 'Kromprogramo mankas: ';
+$PHPMAILER_LANG['file_access']          = 'Ne eblis aliri la dosieron: ';
+$PHPMAILER_LANG['file_open']            = 'Dosiera eraro: Ne eblis malfermi la dosieron: ';
+$PHPMAILER_LANG['from_failed']          = 'La sekva(j) sendinto(j) malsukcesis: ';
+$PHPMAILER_LANG['instantiate']          = 'Ne eblis funkciigi la retpoŝtan funkcion.';
+$PHPMAILER_LANG['invalid_address']      = 'Nevalida adreso: ';
+$PHPMAILER_LANG['invalid_header']       = 'Nevalida kaplinia nomo aŭ valoro';
+$PHPMAILER_LANG['invalid_hostentry']    = 'Nevalida enigo de gastiganto: ';
+$PHPMAILER_LANG['invalid_host']         = 'Nevalida gastiganto: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' retpoŝtilo ne estas subtenata.';
+$PHPMAILER_LANG['provide_address']      = 'Vi devas provizi almenaŭ unu retpoŝtadreson de ricevonto.';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP-eraro: La sekva(j) ricevonto(j) malsukcesis: ';
+$PHPMAILER_LANG['signing']              = 'Subskriba eraro: ';
+$PHPMAILER_LANG['smtp_code']            = 'SMTP-kodo: ';
+$PHPMAILER_LANG['smtp_code_ex']         = 'Pliaj SMTP-informoj: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'La SMTP-konektiĝo malsukcesis.';
+$PHPMAILER_LANG['smtp_detail']          = 'Informoj: ';
+$PHPMAILER_LANG['smtp_error']           = 'Eraro de SMTP-servilo: ';
+$PHPMAILER_LANG['variable_set']         = 'Ne eblas agordi aŭ reagordi la variablon: ';
+$PHPMAILER_LANG['no_smtputf8']          = 'La servilo ne subtenas SMTPUTF8, kiu estas bezonata por sendi al Unicode-adresoj.';
+$PHPMAILER_LANG['imap_recommended']     = 'Uzado de la simpligita adresanalizilo ne estas rekomendita. Instalu la IMAP-kromprogramon por PHP por plena RFC822-analizado.';
+$PHPMAILER_LANG['deprecated_argument']  = 'Malrekomendita argumento: ';

language/phpmailer.lang-es.php

@@ -35,4 +35,4 @@ $PHPMAILER_LANG['smtp_detail']          = 'Detalle: ';
 $PHPMAILER_LANG['smtp_error']           = 'Error del servidor SMTP: ';
 $PHPMAILER_LANG['variable_set']         = 'No se pudo configurar la variable: ';
 $PHPMAILER_LANG['imap_recommended']     = 'No se recomienda usar el analizador de direcciones simplificado. Instala la extensión IMAP de PHP para un análisis RFC822 más completo.';
-$PHPMAILER_LANG['deprecated_argument']  = 'El argumento $useimap ha quedado obsoleto';
+$PHPMAILER_LANG['deprecated_argument']  = 'Argumento obsoleto: ';

language/phpmailer.lang-nb.php

@@ -3,20 +3,21 @@
 /**
  * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
+ * @author Wera AS <wordpress@wera.no>
  */
 
- $PHPMAILER_LANG['authenticate']         = 'SMTP-feil: Kunne ikke autentiseres.';
- $PHPMAILER_LANG['buggy_php']            = 'Din versjon av PHP er berørt av en feil som kan føre til ødelagte meldinger. For å løse problemet kan du bytte til SMTP, deaktivere alternativet mail.add_x_header i php.ini, bytte til MacOS eller Linux eller oppgradere PHP til versjon 7.0.17+ eller 7.1.3+.';
+ $PHPMAILER_LANG['authenticate']         = 'SMTP-feil: Kunne ikke autentisere.';
+ $PHPMAILER_LANG['buggy_php']            = 'Din versjon av PHP er påvirket av en feil som kan føre til ødelagte meldinger. For å løse problemet kan du bytte til sending via SMTP, deaktivere mail.add_x_header-alternativet i php.ini, bytte til MacOS eller Linux, eller oppgradere PHP til versjon 7.0.17+ eller 7.1.3+.';
  $PHPMAILER_LANG['connect_host']         = 'SMTP-feil: Kunne ikke koble til SMTP-vert.';
  $PHPMAILER_LANG['data_not_accepted']    = 'SMTP-feil: data ikke akseptert.';
- $PHPMAILER_LANG['empty_message']        = 'Meldingstekst mangler';
+ $PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
  $PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
  $PHPMAILER_LANG['execute']              = 'Kunne ikke utføres: ';
  $PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';
  $PHPMAILER_LANG['file_access']          = 'Kunne ikke få tilgang til filen: ';
  $PHPMAILER_LANG['file_open']            = 'Feil i fil: Kunne ikke åpne filen: ';
- $PHPMAILER_LANG['from_failed']          = 'Følgende Fra-adresse mislyktes: ';
- $PHPMAILER_LANG['instantiate']          = 'Kunne ikke instansiere e-postfunksjonen.';
+ $PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse mislyktes: ';
+ $PHPMAILER_LANG['instantiate']          = 'Kunne ikke starte e-postfunksjonen.';
  $PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
  $PHPMAILER_LANG['invalid_header']       = 'Ugyldig headernavn eller verdi';
  $PHPMAILER_LANG['invalid_hostentry']    = 'Ugyldig vertsinngang: ';
@@ -31,3 +32,6 @@
  $PHPMAILER_LANG['smtp_detail']          = 'Detaljer: ';
  $PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
  $PHPMAILER_LANG['variable_set']         = 'Kan ikke angi eller tilbakestille variabel: ';
+ $PHPMAILER_LANG['no_smtputf8']          = 'Serveren støtter ikke SMTPUTF8, som er nødvendig for å sende til Unicode-adresser.';
+ $PHPMAILER_LANG['imap_recommended']     = 'Det anbefales ikke å bruke forenklet adresseanalyse. Installer PHP IMAP-utvidelsen for full RFC822-analyse.';
+ $PHPMAILER_LANG['deprecated_argument']  = 'Avviklet argument: ';

language/phpmailer.lang-nl.php

@@ -4,10 +4,11 @@
  * Dutch PHPMailer language file: refer to PHPMailer.php for definitive list.
  * @package PHPMailer
  * @author Tuxion <team@tuxion.nl>
+ * @author Robin van der Vliet <info@robinvandervliet.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP-fout: authenticatie mislukt.';
-$PHPMAILER_LANG['buggy_php']            = 'PHP versie gededecteerd die onderhavig is aan een bug die kan resulteren in gecorrumpeerde berichten. Om dit te voorkomen, gebruik SMTP voor het verzenden van berichten, zet de mail.add_x_header optie in uw php.ini file uit, gebruik MacOS of Linux, of pas de gebruikte PHP versie aan naar versie 7.0.17+ or 7.1.3+.';
+$PHPMAILER_LANG['buggy_php']            = 'PHP-versie gedetecteerd die onderhevig is aan een bug die kan resulteren in gecorrumpeerde berichten. Om dit te voorkomen, gebruik SMTP voor het verzenden van berichten, zet de optie mail.add_x_header in uw php.ini uit, gebruik MacOS of Linux, of pas de gebruikte PHP-versie aan naar versie 7.0.17+ or 7.1.3+.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP-fout: kon niet verbinden met SMTP-host.';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP-fout: data niet geaccepteerd.';
 $PHPMAILER_LANG['empty_message']        = 'Berichttekst is leeg';
@@ -16,19 +17,22 @@ $PHPMAILER_LANG['execute']              = 'Kon niet uitvoeren: ';
 $PHPMAILER_LANG['extension_missing']    = 'Extensie afwezig: ';
 $PHPMAILER_LANG['file_access']          = 'Kreeg geen toegang tot bestand: ';
 $PHPMAILER_LANG['file_open']            = 'Bestandsfout: kon bestand niet openen: ';
-$PHPMAILER_LANG['from_failed']          = 'Het volgende afzendersadres is mislukt: ';
+$PHPMAILER_LANG['from_failed']          = 'Het volgende afzenderadres is mislukt: ';
 $PHPMAILER_LANG['instantiate']          = 'Kon mailfunctie niet initialiseren.';
 $PHPMAILER_LANG['invalid_address']      = 'Ongeldig adres: ';
-$PHPMAILER_LANG['invalid_header']       = 'Ongeldige header naam of waarde';
+$PHPMAILER_LANG['invalid_header']       = 'Ongeldige headernaam of -waarde';
 $PHPMAILER_LANG['invalid_hostentry']    = 'Ongeldige hostentry: ';
 $PHPMAILER_LANG['invalid_host']         = 'Ongeldige host: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer wordt niet ondersteund.';
 $PHPMAILER_LANG['provide_address']      = 'Er moet minstens één ontvanger worden opgegeven.';
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP-fout: de volgende ontvangers zijn mislukt: ';
 $PHPMAILER_LANG['signing']              = 'Signeerfout: ';
-$PHPMAILER_LANG['smtp_code']            = 'SMTP code: ';
-$PHPMAILER_LANG['smtp_code_ex']         = 'Aanvullende SMTP informatie: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Verbinding mislukt.';
+$PHPMAILER_LANG['smtp_code']            = 'SMTP-code: ';
+$PHPMAILER_LANG['smtp_code_ex']         = 'Aanvullende SMTP-informatie: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP-verbinding mislukt.';
 $PHPMAILER_LANG['smtp_detail']          = 'Detail: ';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfout: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan de volgende variabele niet instellen of resetten: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan de volgende variabele niet instellen of herstellen: ';
+$PHPMAILER_LANG['no_smtputf8']          = 'De server ondersteunt geen SMTPUTF8 dat nodig is om naar Unicode-adressen te sturen.';
+$PHPMAILER_LANG['imap_recommended']     = 'Het gebruik van de vereenvoudigde adresparser is niet aanbevolen. Installeer de IMAP-extensie voor PHP voor volledige RFC822-ondersteuning.';
+$PHPMAILER_LANG['deprecated_argument']  = 'Verouderd argument: ';

language/phpmailer.lang-pl.php

@@ -5,29 +5,29 @@
  * @package PHPMailer
  */
 
-$PHPMAILER_LANG['authenticate']         = 'Błąd SMTP: Nie można przeprowadzić uwierzytelnienia.';
-$PHPMAILER_LANG['buggy_php']            = 'Twoja wersja PHP zawiera błąd, który może powodować uszkodzenie wiadomości. Aby go naprawić, przełącz się na wysyłanie za pomocą SMTP, wyłącz opcję mail.add_x_header w php.ini, przełącz się na MacOS lub Linux lub zaktualizuj PHP do wersji 7.0.17+ lub 7.1.3+.';
-$PHPMAILER_LANG['connect_host']         = 'Błąd SMTP: Nie można połączyć się z wybranym hostem.';
-$PHPMAILER_LANG['data_not_accepted']    = 'Błąd SMTP: Dane nie zostały przyjęte.';
-$PHPMAILER_LANG['empty_message']        = 'Wiadomość jest pusta.';
-$PHPMAILER_LANG['encoding']             = 'Błędny sposób kodowania znaków: ';
-$PHPMAILER_LANG['execute']              = 'Nie można uruchomić: ';
-$PHPMAILER_LANG['extension_missing']    = 'Brakujące rozszerzenie: ';
+$PHPMAILER_LANG['authenticate']         = 'Błąd SMTP: nie udało się przeprowadzić uwierzytelnienia.';
+$PHPMAILER_LANG['buggy_php']            = 'Używana wersja PHP zawiera błąd, który może powodować uszkodzenie wiadomości. Aby temu zapobiec, użyj wysyłki przez SMTP, wyłącz opcję mail.add_x_header w php.ini, przejdź na macOS lub Linux, lub zaktualizuj PHP do wersji 7.0.17+ albo 7.1.3+.';
+$PHPMAILER_LANG['connect_host']         = 'Błąd SMTP: nie udało się połączyć z serwerem (hostem).';
+$PHPMAILER_LANG['data_not_accepted']    = 'Błąd SMTP: dane wiadomości nie zostały przyjęte przez serwer.';
+$PHPMAILER_LANG['empty_message']        = 'Nie można wysłać pustej wiadomości.';
+$PHPMAILER_LANG['encoding']             = 'Nieobsługiwane kodowanie znaków: ';
+$PHPMAILER_LANG['execute']              = 'Nie udało się uruchomić polecenia: ';
+$PHPMAILER_LANG['extension_missing']    = 'Brak wymaganego rozszerzenia PHP: ';
 $PHPMAILER_LANG['file_access']          = 'Brak dostępu do pliku: ';
-$PHPMAILER_LANG['file_open']            = 'Nie można otworzyć pliku: ';
-$PHPMAILER_LANG['from_failed']          = 'Następujący adres nadawcy jest nieprawidłowy lub nie istnieje: ';
-$PHPMAILER_LANG['instantiate']          = 'Nie można wywołać funkcji mail(). Sprawdź konfigurację serwera.';
-$PHPMAILER_LANG['invalid_address']      = 'Nie można wysłać wiadomości, ' . 'następujący adres odbiorcy jest nieprawidłowy lub nie istnieje: ';
-$PHPMAILER_LANG['invalid_header']       = 'Nieprawidłowa nazwa lub wartość nagłówka';
+$PHPMAILER_LANG['file_open']            = 'Nie udało się otworzyć pliku: ';
+$PHPMAILER_LANG['from_failed']          = 'Nieprawidłowy adres nadawcy: ';
+$PHPMAILER_LANG['instantiate']          = 'Nie można zainicjować funkcji mail(). Sprawdź konfigurację serwera.';
+$PHPMAILER_LANG['invalid_address']      = 'Nie można wysłać wiadomości. Nieprawidłowy adres odbiorcy: ';
+$PHPMAILER_LANG['invalid_header']       = 'Nieprawidłowa nazwa lub wartość nagłówka.';
 $PHPMAILER_LANG['invalid_hostentry']    = 'Nieprawidłowy wpis hosta: ';
-$PHPMAILER_LANG['invalid_host']         = 'Nieprawidłowy host: ';
-$PHPMAILER_LANG['provide_address']      = 'Należy podać prawidłowy adres email odbiorcy.';
+$PHPMAILER_LANG['invalid_host']         = 'Nieprawidłowa nazwa hosta: ';
+$PHPMAILER_LANG['provide_address']      = 'Musisz podać co najmniej jeden prawidłowy adres e-mail odbiorcy.';
 $PHPMAILER_LANG['mailer_not_supported'] = 'Wybrana metoda wysyłki wiadomości nie jest obsługiwana.';
-$PHPMAILER_LANG['recipients_failed']    = 'Błąd SMTP: Następujący odbiorcy są nieprawidłowi lub nie istnieją: ';
-$PHPMAILER_LANG['signing']              = 'Błąd podpisywania wiadomości: ';
-$PHPMAILER_LANG['smtp_code']            = 'Kod SMTP: ';
-$PHPMAILER_LANG['smtp_code_ex']         = 'Dodatkowe informacje SMTP: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'Wywołanie funkcji SMTP Connect() zostało zakończone niepowodzeniem.';
-$PHPMAILER_LANG['smtp_detail']          = 'Szczegóły: ';
-$PHPMAILER_LANG['smtp_error']           = 'Błąd SMTP: ';
+$PHPMAILER_LANG['recipients_failed']    = 'Błąd SMTP: nie udało się wysłać do następujących odbiorców: ';
+$PHPMAILER_LANG['signing']              = 'Błąd podpisywania wiadomości cyfrowo: ';
+$PHPMAILER_LANG['smtp_code']            = 'Kod odpowiedzi SMTP: ';
+$PHPMAILER_LANG['smtp_code_ex']         = 'Dodatkowe informacje serwera SMTP: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Nie udało się nawiązać połączenia za pomocą SMTP Connect().';
+$PHPMAILER_LANG['smtp_detail']          = 'Szczegóły błędu: ';
+$PHPMAILER_LANG['smtp_error']           = 'Błąd serwera SMTP: ';
 $PHPMAILER_LANG['variable_set']         = 'Nie można ustawić lub zmodyfikować zmiennej: ';

phpcs.xml.dist

@@ -27,14 +27,7 @@
         <exclude name="PSR2.Methods.MethodDeclaration.Underscore"/>
         <exclude name="PSR12.Properties.ConstantVisibility.NotFound"/>
     </rule>
-    <rule ref="PHPCompatibility">
-        <exclude name="PHPCompatibility.Constants.NewConstants.stream_crypto_method_tlsv1_1_clientFound"/>
-        <exclude name="PHPCompatibility.Constants.NewConstants.stream_crypto_method_tlsv1_2_clientFound"/>
-        <exclude name="PHPCompatibility.Constants.RemovedConstants.intl_idna_variant_2003Deprecated"/>
-        <exclude name="PHPCompatibility.FunctionUse.NewFunctions.random_bytesFound"/>
-        <exclude name="PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated"/>
-        <exclude name="PHPCompatibility.ParameterValues.NewIDNVariantDefault.NotSet"/>
-    </rule>
+    <rule ref="PHPCompatibility"/>
 
 
     <!--

src/PHPMailer.php

@@ -768,7 +768,7 @@ class PHPMailer
      *
      * @var string
      */
-    const VERSION = '7.0.0';
+    const VERSION = '7.0.2';
 
     /**
      * Error severity: message only, continue processing.
@@ -876,6 +876,7 @@ class PHPMailer
     private function mailPassthru($to, $subject, $body, $header, $params)
     {
         //Check overloading of mail function to avoid double-encoding
+        // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecatedRemoved
         if ((int)ini_get('mbstring.func_overload') & 1) {
             $subject = $this->secureHeader($subject);
         } else {
@@ -987,6 +988,54 @@ class PHPMailer
         $this->Mailer = 'mail';
     }
 
+    /**
+     * Extract sendmail path and parse to deal with known parameters.
+     *
+     * @param string $sendmailPath The sendmail path as set in php.ini
+     *
+     * @return string The sendmail path without the known parameters
+     */
+    private function parseSendmailPath($sendmailPath)
+    {
+        $sendmailPath = trim((string)$sendmailPath);
+        if ($sendmailPath === '') {
+            return $sendmailPath;
+        }
+
+        $parts = preg_split('/\s+/', $sendmailPath);
+        if (empty($parts)) {
+            return $sendmailPath;
+        }
+
+        $command = array_shift($parts);
+        $remainder = [];
+
+        // Parse only -t, -i, -oi and -f parameters.
+        for ($i = 0; $i < count($parts); ++$i) {
+            $part = $parts[$i];
+            if (preg_match('/^-(i|oi|t)$/', $part, $matches)) {
+                continue;
+            }
+            if (preg_match('/^-f(.*)$/', $part, $matches)) {
+                $address = $matches[1];
+                if ($address === '' && isset($parts[$i + 1]) && strpos($parts[$i + 1], '-') !== 0) {
+                    $address = $parts[++$i];
+                }
+                $this->Sender = $address;
+                continue;
+            }
+
+            $remainder[] = $part;
+        }
+
+        // The params that are not parsed are added back to the command.
+        if (!empty($remainder)) {
+            $command .= ' ' . implode(' ', $remainder);
+        }
+
+        return $command;
+    }
+
     /**
      * Send messages using $Sendmail.
      */
@@ -995,10 +1044,9 @@ class PHPMailer
         $ini_sendmail_path = ini_get('sendmail_path');
 
         if (false === stripos($ini_sendmail_path, 'sendmail')) {
-            $this->Sendmail = '/usr/sbin/sendmail';
-        } else {
-            $this->Sendmail = $ini_sendmail_path;
+            $ini_sendmail_path = '/usr/sbin/sendmail';
         }
+        $this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
         $this->Mailer = 'sendmail';
     }
 
@@ -1010,10 +1058,9 @@ class PHPMailer
         $ini_sendmail_path = ini_get('sendmail_path');
 
         if (false === stripos($ini_sendmail_path, 'qmail')) {
-            $this->Sendmail = '/var/qmail/bin/qmail-inject';
-        } else {
-            $this->Sendmail = $ini_sendmail_path;
+            $ini_sendmail_path = '/var/qmail/bin/qmail-inject';
         }
+        $this->Sendmail = $this->parseSendmailPath($ini_sendmail_path);
         $this->Mailer = 'qmail';
     }
 
@@ -1242,7 +1289,9 @@ class PHPMailer
      * @see https://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation
      *
      * @param string $addrstr The address list string
-     * @param null   $useimap Deprecated argument since 6.11.0.
+     * @param null   $useimap Unused. Argument has been deprecated in PHPMailer 6.11.0.
+     *                        Previously this argument determined whether to use
+     *                        the IMAP extension to parse the list and accepted a boolean value.
      * @param string $charset The charset to use when decoding the address list string.
      *
      * @return array
@@ -1250,13 +1299,15 @@ class PHPMailer
     public static function parseAddresses($addrstr, $useimap = null, $charset = self::CHARSET_ISO88591)
     {
         if ($useimap !== null) {
-            trigger_error(self::lang('deprecated_argument'), E_USER_DEPRECATED);
+            trigger_error(self::lang('deprecated_argument') . '$useimap', E_USER_DEPRECATED);
         }
         $addresses = [];
         if (function_exists('imap_rfc822_parse_adrlist')) {
             //Use this built-in parser if it's available
+            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.imap_rfc822_parse_adrlistRemoved -- wrapped in function_exists()
             $list = imap_rfc822_parse_adrlist($addrstr, '');
             // Clear any potential IMAP errors to get rid of notices being thrown at end of script.
+            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.imap_errorsRemoved -- wrapped in function_exists()
             imap_errors();
             foreach ($list as $address) {
                 if (
@@ -1583,9 +1634,11 @@ class PHPMailer
                     );
                 } elseif (defined('INTL_IDNA_VARIANT_2003')) {
                     //Fall back to this old, deprecated/removed encoding
+                    // phpcs:ignore PHPCompatibility.Constants.RemovedConstants.intl_idna_variant_2003DeprecatedRemoved
                     $punycode = idn_to_ascii($domain, $errorcode, \INTL_IDNA_VARIANT_2003);
                 } else {
                     //Fall back to a default we don't know about
+                    // phpcs:ignore PHPCompatibility.ParameterValues.NewIDNVariantDefault.NotSet
                     $punycode = idn_to_ascii($domain, $errorcode);
                 }
                 if (false !== $punycode) {
@@ -1853,25 +1906,27 @@ class PHPMailer
             //PHP config has a sender address we can use
             $this->Sender = ini_get('sendmail_from');
         }
-        //CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+
+        $sendmailArgs = [];
+
+        // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+        // Also don't add the -f automatically unless it has been set either via Sender
+        // or sendmail_path. Otherwise it can introduce new problems.
+        // @see http://github.com/PHPMailer/PHPMailer/issues/2298
         if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
-            if ($this->Mailer === 'qmail') {
-                $sendmailFmt = '%s -f%s';
-            } else {
-                $sendmailFmt = '%s -oi -f%s -t';
-            }
-        } elseif ($this->Mailer === 'qmail') {
-            $sendmailFmt = '%s';
-        } else {
-            //Allow sendmail to choose a default envelope sender. It may
-            //seem preferable to force it to use the From header as with
-            //SMTP, but that introduces new problems (see
-            //<https://github.com/PHPMailer/PHPMailer/issues/2298>), and
-            //it has historically worked this way.
-            $sendmailFmt = '%s -oi -t';
+            $sendmailArgs[] = '-f' . $this->Sender;
         }
 
-        $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
+        // Qmail doesn't accept all the sendmail parameters
+        // @see https://github.com/PHPMailer/PHPMailer/issues/3189
+        if ($this->Mailer !== 'qmail') {
+            $sendmailArgs[] = '-i';
+            $sendmailArgs[] = '-t';
+        }
+
+        $resultArgs = (empty($sendmailArgs) ? '' : ' ' . implode(' ', $sendmailArgs));
+
+        $sendmail = trim(escapeshellcmd($this->Sendmail) . $resultArgs);
         $this->edebug('Sendmail path: ' . $this->Sendmail);
         $this->edebug('Sendmail command: ' . $sendmail);
         $this->edebug('Envelope sender: ' . $this->Sender);
@@ -2055,7 +2110,8 @@ class PHPMailer
             $this->Sender = ini_get('sendmail_from');
         }
         if (!empty($this->Sender) && static::validateAddress($this->Sender)) {
-            if (self::isShellSafe($this->Sender)) {
+            $phpmailer_path = ini_get('sendmail_path');
+            if (self::isShellSafe($this->Sender) && strpos($phpmailer_path, ' -f') === false) {
                 $params = sprintf('-f%s', $this->Sender);
             }
             $old_from = ini_get('sendmail_from');
@@ -2482,7 +2538,7 @@ class PHPMailer
             'no_smtputf8' => 'Server does not support SMTPUTF8 needed to send to Unicode addresses',
             'imap_recommended' => 'Using simplified address parser is not recommended. ' .
                 'Install the PHP IMAP extension for full RFC822 parsing.',
-            'deprecated_argument' => 'Argument $useimap is deprecated',
+            'deprecated_argument' => 'Deprecated Argument: ',
         ];
         if (empty($lang_path)) {
             //Calculate an absolute path so it can work if CWD is not here
@@ -2956,6 +3012,7 @@ class PHPMailer
         $bytes = '';
         if (function_exists('random_bytes')) {
             try {
+                // phpcs:ignore PHPCompatibility.FunctionUse.NewFunctions.random_bytesFound -- Wrapped in function_exists.
                 $bytes = random_bytes($len);
             } catch (\Exception $e) {
                 //Do nothing
@@ -4590,10 +4647,10 @@ class PHPMailer
      * Converts data-uri images into embedded attachments.
      * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly.
      *
-     * @param string        $message  HTML message string
-     * @param string        $basedir  Absolute path to a base directory to prepend to relative paths to images
-     * @param bool|callable $advanced Whether to use the internal HTML to text converter
-     *                                or your own custom converter
+     * @param string        $message    HTML message string
+     * @param string        $basedir    Absolute path to a base directory to prepend to relative paths to images
+     * @param bool|callable $advanced   Whether to use the internal HTML to text converter
+     *                                  or your own custom converter
      * @return string The transformed message body
      *
      * @throws Exception
@@ -4602,6 +4659,12 @@ class PHPMailer
      */
     public function msgHTML($message, $basedir = '', $advanced = false)
     {
+        $cid_domain = 'phpmailer.0';
+        if (filter_var($this->From, FILTER_VALIDATE_EMAIL)) {
+            //prepend with a character to create valid RFC822 string in order to validate
+            $cid_domain = substr($this->From, strrpos($this->From, '@') + 1);
+        }
+
         preg_match_all('/(?<!-)(src|background)=["\'](.*)["\']/Ui', $message, $images);
         if (array_key_exists(2, $images)) {
             if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) {
@@ -4623,7 +4686,7 @@ class PHPMailer
                     }
                     //Hash the decoded data, not the URL, so that the same data-URI image used in multiple places
                     //will only be embedded once, even if it used a different encoding
-                    $cid = substr(hash('sha256', $data), 0, 32) . '@phpmailer.0'; //RFC2392 S 2
+                    $cid = substr(hash('sha256', $data), 0, 32) . '@' . $cid_domain; //RFC2392 S 2
 
                     if (!$this->cidExists($cid)) {
                         $this->addStringEmbeddedImage(
@@ -4657,7 +4720,7 @@ class PHPMailer
                         $directory = '';
                     }
                     //RFC2392 S 2
-                    $cid = substr(hash('sha256', $url), 0, 32) . '@phpmailer.0';
+                    $cid = substr(hash('sha256', $url), 0, 32) . '@' . $cid_domain;
                     if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) {
                         $basedir .= '/';
                     }
@@ -5105,12 +5168,14 @@ class PHPMailer
         }
         if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
             if (\PHP_MAJOR_VERSION < 8) {
+                // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.openssl_pkey_freeDeprecated
                 openssl_pkey_free($privKey);
             }
 
             return base64_encode($signature);
         }
         if (\PHP_MAJOR_VERSION < 8) {
+            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.openssl_pkey_freeDeprecated
             openssl_pkey_free($privKey);
         }
 

src/POP3.php

@@ -45,8 +45,9 @@ class POP3
      * The POP3 PHPMailer Version number.
      *
      * @var string
+     * @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
      */
-    const VERSION = '7.0.0';
+    const VERSION = '7.0.2';
 
     /**
      * Default POP3 port number.

src/SMTP.php

@@ -34,8 +34,9 @@ class SMTP
      * The PHPMailer SMTP version number.
      *
      * @var string
+     * @deprecated This constant will be removed in PHPMailer 8.0. Use `PHPMailer::VERSION` instead.
      */
-    const VERSION = '7.0.0';
+    const VERSION = '7.0.2';
 
     /**
      * SMTP line break constant.
@@ -494,7 +495,9 @@ class SMTP
         //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
         //so add them back in manually if we can
         if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
+            // phpcs:ignore PHPCompatibility.Constants.NewConstants.stream_crypto_method_tlsv1_2_clientFound
             $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+            // phpcs:ignore PHPCompatibility.Constants.NewConstants.stream_crypto_method_tlsv1_1_clientFound
             $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
         }
 
@@ -633,7 +636,13 @@ class SMTP
                 if (null === $OAuth) {
                     return false;
                 }
-                $oauth = $OAuth->getOauth64();
+                try {
+                    $oauth = $OAuth->getOauth64();
+                } catch (\Exception $e) {
+                    // We catch all exceptions and convert them to PHPMailer exceptions to be able to
+                    // handle them correctly later
+                    throw new Exception("SMTP authentication error", 0, $e);
+                }
                 /*
                  * An SMTP command line can have a maximum length of 512 bytes, including the command name,
                  * so the base64-encoded OAUTH token has a maximum length of:
@@ -761,6 +770,25 @@ class SMTP
         }
     }
 
+    private function iterateLines($s)
+    {
+        $start = 0;
+        $length = strlen($s);
+
+        for ($i = 0; $i < $length; $i++) {
+            $c = $s[$i];
+            if ($c === "\n" || $c === "\r") {
+                yield substr($s, $start, $i - $start);
+                if ($c === "\r" && $i + 1 < $length && $s[$i + 1] === "\n") {
+                    $i++;
+                }
+                $start = $i + 1;
+            }
+        }
+
+        yield substr($s, $start);
+    }
+
     /**
      * Send an SMTP DATA command.
      * Issues a data command and sends the msg_data to the server,
@@ -789,15 +817,16 @@ class SMTP
          * NOTE: this does not count towards line-length limit.
          */
 
-        //Normalize line breaks before exploding
-        $lines = explode("\n", str_replace(["\r\n", "\r"], "\n", $msg_data));
+        //Iterate over lines with normalized line breaks
+        $lines = $this->iterateLines($msg_data);
 
         /* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
          * of the first line (':' separated) does not contain a space then it _should_ be a header, and we will
          * process all lines before a blank line as headers.
          */
 
-        $field = substr($lines[0], 0, strpos($lines[0], ':'));
+        $first_line = $lines->current();
+        $field = substr($first_line, 0, strpos($first_line, ':'));
         $in_headers = false;
         if (!empty($field) && strpos($field, ' ') === false) {
             $in_headers = true;

test/Fixtures/LocalizationTest/phpmailer.lang-yz.php

@@ -8,6 +8,8 @@
  * Note: this test fixture uses a syntax (backticks) which has been deprecated in PHP 8.5 and
  * is slated for removal in PHP 9.0.
  * For that reason, the file is excluded from the linting check on PHP 8.5 and above.
+ *
+ * @phpcs:disable PHPCompatibility.LanguageConstructs.RemovedLanguageConstructs.t_backtickDeprecated
  */
 
 $PHPMAILER_LANG['extension_missing'] = 'Confirming that test fixture was loaded correctly (yz).';

test/PHPMailer/DKIMTest.php

@@ -14,7 +14,6 @@
 namespace PHPMailer\Test\PHPMailer;
 
 use PHPMailer\PHPMailer\Exception;
-use PHPMailer\PHPMailer\PHPMailer;
 use PHPMailer\Test\SendTestCase;
 
 /**

test/PHPMailer/DKIMWithoutExceptionsTest.php

@@ -13,7 +13,6 @@
 
 namespace PHPMailer\Test\PHPMailer;
 
-use PHPMailer\PHPMailer\PHPMailer;
 use PHPMailer\Test\TestCase;
 
 /**

test/PHPMailer/MailTransportTest.php

@@ -20,6 +20,23 @@ use PHPMailer\Test\SendTestCase;
  */
 final class MailTransportTest extends SendTestCase
 {
+    /** @var string */
+    private $originalSendmailFrom = '';
+
+    protected function set_up()
+    {
+        parent::set_up();
+
+        $from = ini_get('sendmail_from');
+        $this->originalSendmailFrom = $from === false ? '' : $from;
+    }
+
+    protected function tear_down()
+    {
+        ini_set('sendmail_from', $this->originalSendmailFrom);
+        parent::tear_down();
+    }
+
     /**
      * Test sending using SendMail.
      *
@@ -65,12 +82,6 @@ final class MailTransportTest extends SendTestCase
      */
     public function testMailSend()
     {
-        $sendmail = ini_get('sendmail_path');
-        // No path in sendmail_path.
-        if (strpos($sendmail, '/') === false) {
-            ini_set('sendmail_path', '/usr/sbin/sendmail -t -i ');
-        }
-
         $this->Mail->Body = 'Sending via mail()';
         $this->buildBody();
         $this->Mail->Subject = $this->Mail->Subject . ': mail()';
@@ -105,4 +116,146 @@ final class MailTransportTest extends SendTestCase
         $msg = $this->Mail->getSentMIMEMessage();
         self::assertStringNotContainsString("\r\n\r\nMIME-Version:", $msg, 'Incorrect MIME headers');
     }
+
+    /**
+     * Test sending using PHP mail() function with Sender address
+     * and explicit sendmail_from ini set.
+     * Test running required with:
+     * php -d sendmail_path="/usr/sbin/sendmail -t -i -frpath@example.org" ./vendor/bin/phpunit
+     *
+     * @group sendmailparams
+     * @covers \PHPMailer\PHPMailer\PHPMailer::isMail
+     */
+    public function testMailSendWithSendmailParams()
+    {
+        $sender = 'rpath@example.org';
+
+        if (strpos(ini_get('sendmail_path'), $sender) === false) {
+            self::markTestSkipped('Custom Sendmail php.ini not available');
+        }
+
+        $this->Mail->Body = 'Sending via mail()';
+        $this->buildBody();
+        $this->Mail->Subject = $this->Mail->Subject . ': mail()';
+        $this->Mail->clearAddresses();
+        $this->setAddress('testmailsend@example.com', 'totest');
+
+        ini_set('sendmail_from', $sender);
+        $this->Mail->createHeader();
+        $this->Mail->isMail();
+
+        self::assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);
+    }
+
+    /**
+     * Test sending using SendMail with Sender address
+     * and explicit sendmail_from ini set.
+     * Test running required with:
+     * php -d sendmail_path="/usr/sbin/sendmail -t -i -frpath@example.org" ./vendor/bin/phpunit
+     *
+     * @group sendmailparams
+     * @covers \PHPMailer\PHPMailer\PHPMailer::isSendmail
+     */
+    public function testSendmailSendWithSendmailParams()
+    {
+        $sender = 'rpath@example.org';
+
+        if (strpos(ini_get('sendmail_path'), $sender) === false) {
+            self::markTestSkipped('Custom Sendmail php.ini not available');
+        }
+
+        $this->Mail->Body = 'Sending via sendmail';
+        $this->buildBody();
+        $subject = $this->Mail->Subject;
+
+        $this->Mail->Subject = $subject . ': sendmail';
+        ini_set('sendmail_from', $sender);
+        $this->Mail->isSendmail();
+
+        self::assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);
+    }
+
+    /**
+     * Test parsing of sendmail path and with certain parameters.
+     *
+     * @group sendmailparams
+     * @covers \PHPMailer\PHPMailer\PHPMailer::parseSendmailPath
+     * @dataProvider sendmailPathProvider
+     *
+     * @param string $sendmailPath The sendmail path to parse.
+     * @param string $expectedCommand The expected command after parsing.
+     * @param string  $expectedSender The expected Sender (-f parameter) after parsing.
+     */
+    public function testParseSendmailPath($sendmailPath, $expectedCommand, $expectedSender)
+    {
+        $mailer = $this->Mail;
+
+        $parseSendmailPath = \Closure::bind(
+            function ($path) {
+                return $this->{'parseSendmailPath'}($path);
+            },
+            $mailer,
+            \PHPMailer\PHPMailer\PHPMailer::class
+        );
+        $command = $parseSendmailPath($sendmailPath);
+
+        self::assertSame($expectedCommand, $command, 'Sendmail command not parsed correctly');
+        self::assertSame($expectedSender, $mailer->Sender, 'Sender property not set correctly');
+    }
+
+    /**
+     * Data provider for testParseSendmailPath.
+     *
+     * @return array{
+     *   0: string, // The sendmail path to parse.
+     *   1: string, // The expected command after parsing.
+     *   2: string  // The expected Sender (-f parameter) after parsing.
+     * }
+     */
+
+    public function sendmailPathProvider()
+    {
+        return [
+            'path only' => [
+                '/usr/sbin/sendmail',
+                '/usr/sbin/sendmail',
+                ''
+            ],
+            'with i and t' => [
+                '/usr/sbin/sendmail -i -t',
+                '/usr/sbin/sendmail',
+                ''
+            ],
+            'with f concatenated' => [
+                '/usr/sbin/sendmail -frpath@example.org -i',
+                '/usr/sbin/sendmail',
+                'rpath@example.org'
+            ],
+            'with f separated' => [
+                '/usr/sbin/sendmail -f rpath@example.org -t',
+                '/usr/sbin/sendmail',
+                'rpath@example.org',
+            ],
+            'with extra flags preserved' => [
+                '/opt/sendmail -x -y -fuser@example.org',
+                '/opt/sendmail -x -y',
+                'user@example.org',
+            ],
+            "extra flags with values preserved" => [
+                '/opt/sendmail -X /path/to/logfile -fuser@example.org',
+                '/opt/sendmail -X /path/to/logfile',
+                'user@example.org',
+            ],
+            "extra flags concatenated preserved" => [
+                '/opt/sendmail -X/path/to/logfile -t -i',
+                '/opt/sendmail -X/path/to/logfile',
+                '',
+            ],
+            "option values with regular parameters" => [
+                '/opt/sendmail -oi -t',
+                '/opt/sendmail',
+                '',
+            ],
+        ];
+    }
 }

test/PHPMailer/PHPMailerTest.php

@@ -597,6 +597,7 @@ EOT;
      */
     public function testEmbeddedImage()
     {
+        $this->Mail->From = '';
         $this->Mail->msgHTML('<!DOCTYPE html>
 <html lang="en">
   <head>
@@ -615,6 +616,32 @@ EOT;
         );
     }
 
+    /**
+     * An embedded attachment test with custom cid domain.
+     */
+    public function testEmbeddedImageCustomCidDomain()
+    {
+        $result = $this->Mail->setFrom('test@example.com');
+        self::assertTrue($result, 'setFrom failed');
+
+        $this->Mail->msgHTML('<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>E-Mail Inline Image Test</title>
+  </head>
+  <body>
+    <p><img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="></p>
+  </body>
+</html>', '', false);
+        $this->Mail->preSend();
+        self::assertStringContainsString(
+            'Content-ID: <bb229a48bee31f5d54ca12dc9bd960c6@example.com>',
+            $this->Mail->getSentMIMEMessage(),
+            'Embedded image header encoding incorrect.'
+        );
+    }
+
     /**
      * An embedded attachment test.
      */