Opened 11 years ago
Closed 11 years ago
#25651 closed defect (bug) (duplicate)
wp_mail() not setting Sender and Reply-To headers, exposing hosting account info on some cPanel servers
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 3.6.1 |
Component: | Keywords: | ||
Focuses: | Cc: |
Description
When WordPress and WordPress plugins send emails using wp_mail() in wp-includes/pluggable.php, the "Sender:" and "Reply-to:" headers are not being set. When this happens on cPanel based hosting services, the mail headers on the resulting emails expose the hosting account login name and the hosting server in the hosting service's name space (something like myccount@… ). This provides everything necessary to access the hosting account as the owner of the account, except the password. Registrants on a site should not be provided this information.
Change History (4)
Note: See
TracTickets for help on using
tickets.
Replying to MaximumResults:
I have a suggested solution. The PHPMailer class provides a method SetFrom(), and the code there has a paramter, "auto" which will automatically set the "Sender:" and "Reply-To:" header information from the email name/address.
So, a possible solution would be, at line 340 of pluggable.php, put these three lines:
In place of the current line 340-341: