No email spoofing - use wp_mail_from + wp_mail_from_name
- No spoofing. do not use admin user's email(!) when using wp_mail() - Do not set from email and name in headers - Attempt to re-create WordPress core's defaults in "from" input field. - Disabled input field "from" in not required.
This commit is contained in:
abuyoyo
parent
5ab49dd8c8
commit
44993ed048
@ -55,11 +55,12 @@ add_action('plugins_loaded', 'swpm_plugin_load_textdomain');
|
||||
* Our main function to display and process our form
|
||||
*
|
||||
* @since 0.9
|
||||
* @since 1.1 No more email spoofing - use wp_mail_from hook/default
|
||||
*/
|
||||
function swpm_plugin_main() {
|
||||
// get site info to construct 'FROM' for email
|
||||
$from_name = wp_specialchars_decode( get_option('blogname'), ENT_QUOTES );
|
||||
$from_email = get_bloginfo('admin_email');
|
||||
// get email and name from WordPress hooks if available.
|
||||
$from_name = apply_filters( 'wp_mail_from_name', '' );
|
||||
$from_email = apply_filters( 'wp_mail_from', '' );
|
||||
|
||||
// initialize
|
||||
$send_mail_message = false;
|
||||
@ -115,7 +116,7 @@ function swpm_plugin_main() {
|
||||
// send the email if no errors were found
|
||||
if ( empty($errors) ) {
|
||||
$headers[] = "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"\n";
|
||||
$headers[] = 'From: ' . $from_name . ' <' . $from_email . ">\r\n";
|
||||
// $headers[] = 'From: ' . $from_name . ' <' . $from_email . ">\r\n"; // We should let wp_mail handle the name and address. no spoofing.
|
||||
$attachments = $attachment_path;
|
||||
|
||||
if ( $group_email === 'yes' ) {
|
||||
@ -139,10 +140,28 @@ function swpm_plugin_main() {
|
||||
unlink($attachment_path);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// reconstruct wp_mail defaults.
|
||||
if ( empty( $from_email ) ) {
|
||||
$from_email = 'wordpress@';
|
||||
$domain = wp_parse_url( network_home_url(), PHP_URL_HOST );
|
||||
if ( null !== $domain ) {
|
||||
if ( str_starts_with( $domain, 'www.' ) ) {
|
||||
$domain = substr( $domain, 4 );
|
||||
}
|
||||
$from_email .= $domain;
|
||||
}
|
||||
}
|
||||
|
||||
if ( empty( $from_name ) ) {
|
||||
$from_name = 'WordPress';
|
||||
}
|
||||
|
||||
?>
|
||||
<div class="wrap" id="swpm-wrapper">
|
||||
<h1><?php _e( 'Send WP Mail', 'swpm' ); ?></h1>
|
||||
<div class="card"><?php _e( 'Send email using WordPress core <code>wp_mail()</code> directly from this website.', 'swpm' ); ?></div>
|
||||
<?php
|
||||
if ( !empty($errors) ) {
|
||||
echo '<div class="below-h2 error"><ul>';
|
||||
@ -163,7 +182,7 @@ function swpm_plugin_main() {
|
||||
<table cellpadding="0" border="0" class="form-table">
|
||||
<tr>
|
||||
<th scope=”row”>From:</th>
|
||||
<td><input type="text" disabled value="<?php echo "$from_name <$from_email>"; ?>" required><div class="note"><?php _e( 'These can be changed in Settings->General.', 'swpm' ); ?></div></td>
|
||||
<td><input type="text" disabled value="<?php echo "$from_name <$from_email>"; ?>"><div class="note"><?php _e( 'These can be changed using <code>wp_mail_from</code> and <code>wp_mail_from_name</code> hooks.', 'swpm' ); ?></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope=”row”><label for="swpm-recipient-emails">To:</label></th>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user