[wp-trac] [WordPress Trac] #40576: Sending emails broken in 4.7.2
WordPress Trac
noreply at wordpress.org
Mon May 1 02:46:03 UTC 2017
#40576: Sending emails broken in 4.7.2
--------------------------------+------------------------------
Reporter: pavelevap | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version: 4.7.2
Severity: normal | Resolution:
Keywords: close | Focuses:
--------------------------------+------------------------------
Changes (by dd32):
* keywords: has-patch => close
* component: Mail => External Libraries
* milestone: 4.7.5 => Awaiting Review
Comment:
Unfortunately simply switching from `escapeshellcmd()` to
`escapeshellarg()` isn't viable here, and likely introduces security
concerns. They were introduced to fix the issues surrounging
CVE-2016-10033 & CVE-2016-10045.
https://github.com/PHPMailer/PHPMailer/issues/966 &
https://github.com/PHPMailer/PHPMailer/issues/948 are the upstream issues
for this problem, which have unfortunately been closed as wontfix.
`escapeshelllcmd()` does not introduce any security implications for an
install, and is used to protect against them instead - the ideal solution
here will be for you contacting your host and asking them to remove that
from the `disable_functions` list, as they're specifically preventing us
from sending email securely.
If you wish to attempt to fix this, it should be fixed
[https://github.com/PHPMailer/PHPMailer upstream within PHPMailer], and
not within WordPress directly.
I'm removing this from the 4.7.x milestone as it's not something we can
fix directly, and can be milestoned in the event a new PHPMailer build
becomes available which can be used here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40576#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list