In the last week two critical issues where discovered by
Dawid Golunski in
PHPMailer, a library to facilitate sending email messages using PHP.
The disclosures can be found here:
You can read PHPMailer's response about it in the PHPMailer Wiki article
"About the CVE 2016 10033 and CVE 2016 10045 vulnerabilities".
In order to prevent me from having to write all my customers to have them update the library and hope that they are going to do so, I wrote a simple shell script that updates the PHPMailer core files (
class.phpmailer.php,
class.pop3.php,
class.smtp.php) that are found in the directories that you supply.
The script is called
upgrade-phpmailer.sh and can be found as
GitHub gist upgrade-phpmailer.sh (
download upgrade-phpmailer.sh [use right-click and
Save]).
The usage of the script
upgrade-phpmailer.sh:
phpmailer-upgrade.sh v1.0.0 - Copyright (c) 2016 Derks.IT / Jeroen Derks
Upgrades PHPMailer files automatically to last version
usage: upgrade-phpmailer.sh [-d] [-n] [-v] [-x] [-B branch] [-C checkout] [-D backup ]
[-K] [-M extension] [-N] [-O] directory [ directory [...] ]
-d Enable debug output
-n Dry-run mode
-v Enable verbose output
-x Enable shell debug output
-B PHPMailer GitHub branch name to use (default: master)
-C Directory containing cloned repository with branch to use
-D Backup directory to use (default: /phpmailer.backup)
-K Keep temporary directory
-M Rename original files using supplied extension (default: .BACKUP)
-N Do not create backup directory
-O Compare only, do not actually upgrade
If you have any improvements or suggestions, please leave a message below or
create a pull request.
Blog
