[wp-trac] [WordPress Trac] #25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
WordPress Trac
noreply at wordpress.org
Mon May 8 13:57:45 UTC 2017
#25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
-------------------------------------------------+-------------------------
Reporter: layotte | Owner:
Type: defect (bug) | SergeyBiryukov
Priority: normal | Status: reviewing
Component: Mail | Milestone: Future
Severity: normal | Release
Keywords: has-patch dev-feedback needs- | Version: 3.8
testing | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by tsimmons):
Replying to [comment:82 pigdog234]:
> Hi,
>
> Seems like a very short term way to address the CVE is to just drop
something like the following in:
>
> {{{
> add_filter( 'wp_mail_from', function( $email ) {
> return 'wordpress at example.com';
> });
>
> }}}
>
> Right?
The problem with this approach is it doesn't work with a multi-domain site
where the from address should be domain-specific.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25239#comment:83>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list