[wp-trac] [WordPress Trac] #43542: Duplicate MIME-Version header
WordPress Trac
noreply at wordpress.org
Sat May 5 10:32:49 UTC 2018
#43542: Duplicate MIME-Version header
-------------------------------------------------+-------------------------
Reporter: junktrunk | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Mail | Version: 4.9.4
Severity: normal | Resolution:
Keywords: needs-patch good-first-bug | Focuses:
reporter-feedback 2nd-opinion |
-------------------------------------------------+-------------------------
Description changed by SergeyBiryukov:
Old description:
> Issue: Duplicate "MIME-Version" header information can be sent via
> pluggable.php and class-phpmailer.php via plugins, causing the mail to
> fail to be delivered when using a service like AWS SMTP that rejects this
> duplicate header element.
>
> I see that this issue has been reported in the past but closed as an
> invalid bug (e.g. https://core.trac.wordpress.org/ticket/22492 from 5
> years ago). But I argue that that may not be the correct conclusion.
>
> Wordpress plugin developer guidance on the use of wp_mail() doesn't
> prohibit including MIME-Version in $headers , and does otherwise offer
> to "build the proper Mime header automagically". I have read an argument
> online that it may be proper for the plugin to build out the full header
> including the mandatory MIME-Version in the event the administrator has
> configured their site to use a different email service besides WP/PHP,
> though I haven't substantiated that fully.
>
> Personally I think this should be a configurable option within any
> plugin, defaulted to off, if included at all. But in googling this
> issue, I see that this problem occurs in a large number of plugins, and
> for years, going unfixed, resulting in probably millions of unsent
> messages. For example, the following bug report for Email Subscription
> (the plugin I am working with that caused me to re-re-discover this
> problem) is from 2014, where it's still a problem today:
> https://github.com/Nyholm/Wordpress-Email-Subscription/issues/10
>
> Regardless of the best component where this element should be added, the
> default installation of WP should have checks to avoid duplication that
> causes failures, especially given there is an easy fix. In
> pluggable.php, in the loop processing each of the $headers the plugin
> supplied, we can check to see whether any of those will be duplicated by
> class-phpmailer.php, omitting them if so:
>
> {{{
> // Set custom headers
> if ( !empty( $headers ) ) {
> foreach ( (array) $headers as $name => $content ) {
> // Only add custom header if not one that will be
> added automatically
> // by wp-includes/class-phpmailer.php
> if (('MIME-Version' !== $name) && ('X-Mailer' !==
> $name))
> $phpmailer->addCustomHeader( sprintf(
> '%1$s: %2$s', $name, $content ) );
> }
>
> }}}
>
> (In my code snippet above I included X-Mailer too because that's also
> added automatically by class-phpmailer.php and doesn't make sense to
> duplicate, though it is not causing the same mail delivery failure when
> duplicated.)
New description:
Issue: Duplicate "MIME-Version" header information can be sent via
pluggable.php and class-phpmailer.php via plugins, causing the mail to
fail to be delivered when using a service like AWS SMTP that rejects this
duplicate header element.
I see that this issue has been reported in the past but closed as an
invalid bug (e.g. #22492 from 5 years ago). But I argue that that may not
be the correct conclusion.
Wordpress plugin developer guidance on the use of wp_mail() doesn't
prohibit including MIME-Version in $headers , and does otherwise offer to
"build the proper Mime header automagically". I have read an argument
online that it may be proper for the plugin to build out the full header
including the mandatory MIME-Version in the event the administrator has
configured their site to use a different email service besides WP/PHP,
though I haven't substantiated that fully.
Personally I think this should be a configurable option within any plugin,
defaulted to off, if included at all. But in googling this issue, I see
that this problem occurs in a large number of plugins, and for years,
going unfixed, resulting in probably millions of unsent messages. For
example, the following bug report for Email Subscription (the plugin I am
working with that caused me to re-re-discover this problem) is from 2014,
where it's still a problem today: https://github.com/Nyholm/Wordpress-
Email-Subscription/issues/10
Regardless of the best component where this element should be added, the
default installation of WP should have checks to avoid duplication that
causes failures, especially given there is an easy fix. In pluggable.php,
in the loop processing each of the $headers the plugin supplied, we can
check to see whether any of those will be duplicated by class-
phpmailer.php, omitting them if so:
{{{
// Set custom headers
if ( !empty( $headers ) ) {
foreach ( (array) $headers as $name => $content ) {
// Only add custom header if not one that will be
added automatically
// by wp-includes/class-phpmailer.php
if (('MIME-Version' !== $name) && ('X-Mailer' !==
$name))
$phpmailer->addCustomHeader( sprintf(
'%1$s: %2$s', $name, $content ) );
}
}}}
(In my code snippet above I included X-Mailer too because that's also
added automatically by class-phpmailer.php and doesn't make sense to
duplicate, though it is not causing the same mail delivery failure when
duplicated.)
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43542#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list