[wp-trac] [WordPress Trac] #18493: HTML E-Mails

WordPress Trac wp-trac at lists.automattic.com
Mon Dec 12 12:17:03 UTC 2011


#18493: HTML E-Mails
---------------------------+-----------------------------
 Reporter:  aaroncampbell  |       Owner:  westi
     Type:  enhancement    |      Status:  reviewing
 Priority:  normal         |   Milestone:  Future Release
Component:  Mail           |     Version:  3.2
 Severity:  normal         |  Resolution:
 Keywords:  3.4-early      |
---------------------------+-----------------------------

Comment (by kitchin):

 This patch still has a bug. The variable $phpmailer->AltBody is not
 initialized. If you send an html email and then a plain email, the second
 email gets the first email's attachment. This can be a security problem if
 sending one email with privileged content, followed by another email with
 public information. Suggest in wp_mail():

 wp-includes/pluggable.php
 {{{
         $phpmailer->ClearCCs();
         $phpmailer->ClearCustomHeaders();
         $phpmailer->ClearReplyTos();

 +       $phpmailer->Body= '';
 +       $phpmailer->AltBody= '';

         // From email and name
         // If we don't have a name from the input headers
         if ( !isset( $from_name ) )

 }}}

 I'd also suggest clearing $phpmailer at the end of the function wp_mail().
 It could be holding some lengthy strings. Best would be a clear method for
 $phpmailer. But the code above is a minimal fix.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18493#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list