PHPMailer 5.2.1 bundled with WordPress 3.4 can not send mail with php safe mode on.

[sumindmitriy]

When sending mail from WP 3.4 using php mail() function and with php safe mode on, receiving "PHP Warning: mail(): SAFE MODE Restriction in effect." and mail can not be send.
This bug described at ​http://code.google.com/a/apache-extras.org/p/phpmailer/issues/detail?id=68
Patch attached.

This certainly works for a quick hack to get it working again in safe mode, however, this actually removes PHP Mailer's ability to set the envelope sender address and it will no longer use -oi with the sendmail binary changing the behavior of how it handles certain emails.

Optimally, it should only do this if safe_mode is in fact on since that is the only situation where those features won't be available.

I would attach a patch to do that, but I also think this is something that should come from an upstream PHP Mailer release where they have done the appropriate testing.

Replying to bpetty:

Optimally, it should only do this if safe_mode is in fact on

That's the case. There's a check for that earlier:
http://core.trac.wordpress.org/browser/tags/3.4/wp-includes/class-phpmailer.php#L744
The patch only removes $params from the else branch.

Ah, you're right, it does. I didn't catch that earlier.

I'll leave this for core devs to look at, and apply assuming this doesn't need to wait for upstream first.

Yes, external libraries generally should be fixed upstream first.

Seems that the upstream repository hasn't been updated since January though.

I'm fine with 20970.patch​ for 3.4.1. Let's see what we can do to get upstream to pay attention.

It appears Jim Jagielski at Red Hat is the sole developer on the PHP Mailer project, so he would be the person to contact on this, however, there is an open ticket already (as noted in this ticket's description) with plenty of info necessary to address this, and I'll give him the benefit of the doubt and not bother him beyond that ticket for now.

If that ticket still hasn't been addressed when we come close to the 3.4.1 release, I would suggest poking him at his personal email address.

Since this actually is high priority now, I've assigned this to myself since I have now reached out to Jim, however, someone with commit access needs to apply this in the meantime for 3.4.1 as discussed in the dev chat.

Via bpetty, this appeared to bite Joomla too: ​http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=28722.

Jim just got back to me, and he's taking a look at it now, so we should see something in upstream soon here.

I looked at [19849] and was trying to figure out why only one $params was added, but here we're adding two. So the first one (that already existed) is only when more than one email is sent, which is something wp_mail() supports (as of late) but core never uses. 20970.patch​ looks good. If for some reason it's not fixed upstream before we decide to release 3.4.1, we can go with it.

​http://php.net/mail is clear as day: "The additional_parameters parameter is disabled in safe_mode and the mail() function will expose a warning message and return FALSE when used."

In [21128]:

Do not pass mail() a fourth argument when safe_mode is in effect.

Fixes the sending of mail when in safe_mode. There is a bug report being addressed upstream with PHPMailer.

props sumindmitriy. see #20970 for trunk.

In [21129]:

Do not pass mail() a fourth argument when safe_mode is in effect.

Fixes the sending of mail when in safe_mode. There is a bug report being addressed upstream with PHPMailer.

props sumindmitriy. see #20970 for 3.4.

I opened #21074 to track upstream progress. Thanks sumindmitriy and bpetty.