Opened 4 years ago
Closed 6 weeks ago
#53393 closed enhancement (invalid)
Latest version of PHPMailer no longer attaches files to emails
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 5.7.2 |
Component: | Keywords: | has-testing-info close | |
Focuses: | Cc: |
Description
I've been trying to track down why my s3 bucket files are no longer being attached to automated emails being sent out by WordPress (using the Gravity Forms Entry Automation plugin).
I've been able to identify the latest version of PHPMailer being the reason why the attachments no longer get added. From the author:
This is due to a bug fix that also closed a major security hole. PHPMailer deliberately avoids being a client for HTTP or other protocols for file attachments because it is far too risky. The solution is to take on responsibility for fetching remote files yourself. Instead of :
$mail->addAttachment('s3://file.txt', 'file.txt');
Do this:
$mail->addStringAttachment(file_get_contents('s3://file.txt'), 'file.txt');
https://github.com/PHPMailer/PHPMailer/issues/2355#issuecomment-858373284
I reached out to the Gravity Forms authors as well as the Entry Automation authors and they both have said their plugins just generate raw notification objects and then use wp_mail() to pass the generated mail object off to the rest of my server to actually handle the sending.
Is there a way to get this working again without having to roll my WP version back? Or do y'all know how others are handling this issue?
Change History (11)
#3
@
4 years ago
- Keywords needs-testing added
- Milestone changed from Awaiting Review to 5.8.1
Sorry that someone was not able to investigate this one before the deadline to include in 5.8. I'm moving this to 5.8.1 to get it some attention.
This ticket was mentioned in Slack in #core-test by hellofromtonya. View the logs.
4 years ago
#6
@
4 years ago
Introduced in [50799] and [50800] for #53114. If I recall correctly, some of these changes were ported in to earlier versions of WP too.
Given the relative popularity of using streams in WP (s3 and other storage bucket plugins are quite popular), I'd like to support streams for attaching files to email.
I'm hesitant about something as simple as:
<?php if ( is_wp_stream( /* file */ ) ) { $phpmailer->addStringAttachment( file_get_contents( /* file */ ) ); }
Such code include HTTP, FTP and several similar protocols by default. Essentially reintroducing to WP the problem the PHPMailer library was trying to avoid.
It's WP's prerogative to loosen the restrictions on streams to account for acceptable and safe use within the user base, care will need to be taken not to loosen the restrictions too far.
This ticket was mentioned in Slack in #core-test by hellofromtonya. View the logs.
4 years ago
#8
@
4 years ago
- Keywords needs-testing-info added
Hello @threeatetwo
Thank you for reporting this issue. Could you provide us with the exact instructions on how to reproduce the problem?
- Used plugins?
- How they're set up?
- What are the exact steps to reproduce the problem
With the above data, it'll be much easier for us to see the problem on our own and later confirm that the fix is correct and doesn't introduce any regressions.
Thank you!
#9
@
4 years ago
- Keywords needs-patch added
- Milestone changed from 5.8.1 to 5.8.2
This still needs a working patch and more discussion/testing. Because 5.8.1 RC is due out in less than 24 hours, I'm going to punt this to 5.8.2.
#10
@
3 years ago
- Milestone changed from 5.8.2 to Future Release
This one still needs a patch and proper review. With 5.8.2 RC due out tomorrow, I'm going to punt this to Future Release.
#11
@
6 weeks ago
- Keywords has-testing-info close added; needs-testing needs-testing-info needs-patch removed
- Resolution set to invalid
- Status changed from new to closed
- Type changed from defect (bug) to enhancement
@threeatetwo I've been analyzing this ticket to try to reach a conclusion.
✅Everything is working as expected. There is no bug here
Remember that WordPress, by default, only provides a very simple wrapper for PHPMailer that any plugin can take advantage of extending via phpmailer_init
action hook. But given the out-of-the-box mailing simple functionality of WordPress, I can't foresee an enhancement for this anytime soon.
Anyway, I provide you here with an example on how you can add attachments to the phpmailer_init
hook (for example, you should be passing the s3_path from the result of a WP_Query
or something like that or whatever idea have the plugin maintainers in mind).
Here is the plugin
https://github.com/SirLouen/amazon-s3-email-testing/archive/refs/tags/1.0.0.zip
This said, this plugin serves as testing instructions @Boniu91
I'm going to set this ticket as candidate to close + wontfix.
Would it be possible in wp_mail to add a filter to handle attachment URLs and fetch the contents? My temporary fix right now is I copied the wp_mail function into a plugin and modified it like so: