Summary
DrupalのPHPMailerのリモートコード実行脆弱性対策を行う。sites/all/libraries/PHPMailer
cd sites/all/libraries
git clone https://github.com/PHPMailer/PHPMailer
ln -s PHPMailer phpmailer
sites/all/modules/smtp/smtp.module
include するファイルを class.phpmailer.php から PHPMailerAutoload.php に変更する。/**
* Load the PHPMailer library.
*
* @return
* TRUE if the PHPMailer library is loaded, FALSE otherwise.
*/
function smtp_load_library() {
// Include the PHPMailer class (which includes the SMTP class).
if (!class_exists('PHPMailer')) {
// First try using the libraries module.
if (module_exists('libraries')) {
// $smtp_phpmailer_library = module_invoke('libraries', 'get_path', 'phpmailer') . '/class.phpmailer.php';
$smtp_phpmailer_library = module_invoke('libraries', 'get_path', 'phpmailer') . '/PHPMailerAutoload.php';
}
//If you aren't using libraries, then check a couple other places.
else {
//Look in the default libraries location
// $smtp_phpmailer_library = 'sites/all/libraries/phpmailer/class.phpmailer.php';
$smtp_phpmailer_library = 'sites/all/libraries/phpmailer/PHPMailerAutoload.php';
//If the default libraries doesn't exist, then try the old module location.
if (!file_exists($smtp_phpmailer_library)) {
// $smtp_phpmailer_library = drupal_get_path('module', 'smtp') .'/phpmailer/class.phpmailer.php';
$smtp_phpmailer_library = drupal_get_path('module', 'smtp') .'/phpmailer/PHPMailerAutoload.php';
}
}
//Now include whatever you found.
if (file_exists($smtp_phpmailer_library)) {
require_once($smtp_phpmailer_library);
}
}
// Tell the caller if PHPMailer class exists.
return class_exists('PHPMailer');
}
Reference
github.com - PHPMailerhttps://github.com/PHPMailer/PHPMailer
Drupal.org - PHPmailer 3rd party library - DRUPAL-SA-PSA-2016-004
https://www.drupal.org/psa-2016-004
Qiita - PHPMailerのリモートコード実行脆弱性(CVE-2016-10033)の影響範囲
http://qiita.com/ichikaway/items/d2d9205c57f35b618951