[wp-trac] [WordPress Trac] #18493: HTML E-Mails
WordPress Trac
wp-trac at lists.automattic.com
Mon Dec 12 12:17:03 UTC 2011
#18493: HTML E-Mails
---------------------------+-----------------------------
Reporter: aaroncampbell | Owner: westi
Type: enhancement | Status: reviewing
Priority: normal | Milestone: Future Release
Component: Mail | Version: 3.2
Severity: normal | Resolution:
Keywords: 3.4-early |
---------------------------+-----------------------------
Comment (by kitchin):
This patch still has a bug. The variable $phpmailer->AltBody is not
initialized. If you send an html email and then a plain email, the second
email gets the first email's attachment. This can be a security problem if
sending one email with privileged content, followed by another email with
public information. Suggest in wp_mail():
wp-includes/pluggable.php
{{{
$phpmailer->ClearCCs();
$phpmailer->ClearCustomHeaders();
$phpmailer->ClearReplyTos();
+ $phpmailer->Body= '';
+ $phpmailer->AltBody= '';
// From email and name
// If we don't have a name from the input headers
if ( !isset( $from_name ) )
}}}
I'd also suggest clearing $phpmailer at the end of the function wp_mail().
It could be holding some lengthy strings. Best would be a clear method for
$phpmailer. But the code above is a minimal fix.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18493#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list