#37548 closed defect (bug) (duplicate)
wp_mail can result in improperly formatted domain when using default 'from' address
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Keywords: | ||
| Focuses: | Cc: |
Description
As it stands the wp_mail function has a method to fall back onto wordpress@example.org (replace example.org with the sites domain) when no 'From' email address is provided, however the use of $_SERVER['SERVER_NAME'] can result in an invalid domain being used, causing a fatal error when performing actions like creating a new site in Multisite.
For instance, in my local development with nginx the $_SERVER['SERVER_NAME'] is being reported as ~^(.*).edd\\.dev$ when requested, in order to handle some multisite configurations.
Since this super global can be configured differently in different environments, it should be sanitized or checked before trying to use it. There have been some tickets in the past that have raised concerns here and I'm not opposed to the SERVER_NAME approach, but there should be a fallback if that is not a valid option. Locally I have the following added (I can work up a patch later if anyone is interested):
if ( ! filter_var( $sitename, FILTER_VALIDATE_URL ) ) {
$sitename = preg_replace( '#^http(s)?://#', '', get_home_url() );
}
In context, this is the section I've modified:
if ( !isset( $from_email ) ) { // Get the site domain and get rid of www. $sitename = strtolower( $_SERVER['SERVER_NAME'] ); if ( substr( $sitename, 0, 4 ) == 'www.' ) { $sitename = substr( $sitename, 4 ); } if ( ! filter_var( $sitename, FILTER_VALIDATE_URL ) ) { $sitename = preg_replace( '#^http(s)?://#', '', get_home_url() ); } $from_email = 'wordpress@' . $sitename; }