Synchro
Repos
134
Followers
661
Following
13

Events

Created at 12 hours ago
closed issue
isValidHost: don't try to validate hostnames

https://github.com/PHPMailer/PHPMailer/blob/bf99c202a92daa6d847bc346d554a4727fd802a5/src/PHPMailer.php#L4093 is simply a bad practice. You're trying to validate hostnames with a regex that doesn't conform to all past or future RFCs. It's good to validate against the empty string, and to classify ip4, ipv6, etc, but the regex here doesn't conform to valid hostnames used outside of DNS. And there are plenty of reasons to use hostnames that are not used with DNS, for instance, docker hosts, internal or unroutable hosts, etc.

Created at 5 days ago

GH Actions: Bump github/codeql-action from 2.1.22 to 2.1.24

Bumps github/codeql-action from 2.1.22 to 2.1.24.


updated-dependencies:

  • dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #2770 from PHPMailer/dependabot/github_actions/github/codeql-action-2.1.24

GH Actions: Bump github/codeql-action from 2.1.22 to 2.1.24

Created at 5 days ago
pull request closed
GH Actions: Bump github/codeql-action from 2.1.22 to 2.1.24

Bumps github/codeql-action from 2.1.22 to 2.1.24.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 5 days ago
Silver Surfer

Hooray! Thank you!

Created at 5 days ago
issue comment
GH Actions: Bump github/codeql-action from 2.1.22 to 2.1.24

@dependabot rebase

Created at 5 days ago
issue comment
Don't try to issue RSET on connection errors

Nice catch, thanks

Created at 5 days ago

Don't try to issue RSET on connection errors

In case of errors, keep-alive SMTP connections are always reset, but when the error happened while establishing the connection, trying to reset the connection is pointless and just produces another error.

Merge pull request #2773 from dotdash/dont_rset_on_connection_error

Don't try to issue RSET on connection errors

Created at 5 days ago
pull request closed
Don't try to issue RSET on connection errors

In case of errors, keep-alive SMTP connections are always reset, but when the error happened while establishing the connection, trying to reset the connection is pointless and just produces another error.

Created at 5 days ago

GH Actions: Bump ossf/scorecard-action from 2.0.2 to 2.0.3

Bumps ossf/scorecard-action from 2.0.2 to 2.0.3.


updated-dependencies:

  • dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #2771 from PHPMailer/dependabot/github_actions/ossf/scorecard-action-2.0.3

GH Actions: Bump ossf/scorecard-action from 2.0.2 to 2.0.3

Created at 5 days ago
pull request closed
GH Actions: Bump ossf/scorecard-action from 2.0.2 to 2.0.3

Bumps ossf/scorecard-action from 2.0.2 to 2.0.3.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 5 days ago

build: harden docs.yaml permissions Signed-off-by: Alex aleksandrosansan@gmail.com

build: harden tests.yml permissions Signed-off-by: Alex aleksandrosansan@gmail.com

Merge pull request #2772 from sashashura/patch-1

GitHub Workflows security hardening

Created at 5 days ago
issue comment
GitHub Workflows security hardening

Thanks

Created at 5 days ago
pull request closed
GitHub Workflows security hardening

This PR adds explicit permissions section to workflows. This is a security best practice because by default workflows run with extended set of permissions (except from on: pull_request from external forks). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection or compromised third party tool or action) is restricted. It is recommended to have most strict permissions on the top level and grant write permissions on job level case by case.

Created at 5 days ago
Created at 1 week ago
issue comment
Oversize submissions are not reported in a useful way

Oh, that's interesting, thanks for looking. Suggests it might be a translation issue and not detection of the oversize request. I'll see if I can make a clean repro example.

Created at 1 week ago
closed issue
Add gmail XOAUTH2 with access_token

Can you add feature Gmail XOAUTH2 with access token? Access token expires in short time, it is safe, while refresh token (OAuth2 provider) is not so, it is not suitable for some environments. Thank!

Created at 1 week ago
issue comment
Add gmail XOAUTH2 with access_token

This is entirely up to the OAuth library that you use with PHPMailer, not PHPMailer itself. Consult their documentation for how to use a refresh token to get an access token. PHPMailer will just use what you give it.

Created at 1 week ago
closed issue
The term composer not recognised

composer : The term 'composer' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1

  • composer require phpmailer/phpmailer
  •   + CategoryInfo          : ObjectNotFound: (composer:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException
    
    
Created at 1 week ago
issue comment
The term composer not recognised

You need to install composer first, just like you install PHP to run PHPMailer too. It's nothing to do with PHPMailer otherwise.

Created at 1 week ago
issue comment
IP rotation

I wouldn't bother responding to this. As you say, this is unusual for a mail server because it's not something a mail server should be doing. A client script may want to spread load across multiple servers, but 99% of the time the only real-life use for this is a script (known colloquially as a "mailer") distributing spam sends across botnets of compromised machines. It's not something mailinabox should be contemplating.

Created at 1 week ago
issue comment
No way to clear a nullable date field in Safari

Uh, yes, that's why I suggested a Nova workaround, that's consistent with what Nova does for other field types, that will work independent of browser implementations. Meanwhile it renders Nova partly unusable on some browsers.

Created at 1 week ago
opened issue
Oversize submissions are not reported in a useful way
  • Laravel Version: 8.83.23
  • Nova Version: 4.13
  • PHP Version: 8.0.23
  • Operating System and Version: macOS 12.6
  • Browser type and version: Safari 16

Description:

If you try to upload an image that is too large for the server's config, the way it is reported is not helpful:

image

There was a problem submitting the form. ""

Looking in the browser's dev console, it shows a 413 error from a URL like https://example.com/nova-api/locations/82?viaResource=&viaResourceId=&viaRelationship=&editing=true&editMode=update. 413 is "Entity too large", which makes sense, but it doesn't actually say that in the console so it's not immediately obvious what the problem is.

Created at 1 week ago
opened issue
No way to clear a nullable date field in Safari
  • Laravel Version: 8.83.23
  • Nova Version: 4.13
  • PHP Version: 8.0.23
  • Operating System and Version: macOS 12.6
  • Browser type and version: Safari 16

I have republished resources and cleared views.

Description:

When I have a nullable Date field, there is no way to clear it.

            Date::make('Service end')
                ->nullable()
                ->default(null),

results in:

image

If I delete each of the date components in the field, they turn grey (as I have done in the first of these):

image

but on saving it reverts to its original value.

The database field is nullable and defaults to null.

I have seen #2606 that supposedly fixed this, but it's not fixed for me. Also the help() workaround doesn't work for me as it fails to find its target – I guess the structure has changed since then. It looks like as implemented this is subject to a Safari limitation, however, I think it would be better to use an x field suffix button as is used on other field types to provide a consistent UX.

Chrome does show a "clear" option:

image

however, it clears it to dd/mm/yyyy rather than an empty field or , which is unexpected.

Created at 1 week ago
issue comment
Incorrect behavior of StringClassNameToClassConstantRector

Just FYI, the links to the rector demo above are throwing 500s

Created at 2 weeks ago

GH Actions: Bump ossf/scorecard-action from 1.1.2 to 2.0.2

Bumps ossf/scorecard-action from 1.1.2 to 2.0.2.


updated-dependencies:

  • dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #2765 from PHPMailer/dependabot/github_actions/ossf/scorecard-action-2.0.2

GH Actions: Bump ossf/scorecard-action from 1.1.2 to 2.0.2

Created at 2 weeks ago
pull request closed
GH Actions: Bump ossf/scorecard-action from 1.1.2 to 2.0.2

Bumps ossf/scorecard-action from 1.1.2 to 2.0.2.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 2 weeks ago

Explicitly add codecov token to action, see https://github.com/codecov/codecov-action/issues/557

Created at 2 weeks ago