Huge problem when sending multiple mails + FIX

Hi Pete,

When the solution implemented in your plugin is used (same with the snippets on stackoverflow this is based on), the alternative text body is reused for different consecutive mails being sent. This results in recipients potentially receiving mails not meant for them. Luckily most people using HTML-enabled mail clients won’t see the text version, but it’s still a security problem in a way.

I implemented your plugin on a site with Event Espresso and found that when approving a registration for an event, EE then sends multiple mails in one go. One mail notifying the event admin, and another, obviously different mail sent to the user.

Your plugin checks, right before sending, if (1) it concerns a HTML mail and (2) if there’s no text-alternative specified. If both are yes, you provide a text alternative and let WP “hit send” on the phpmailer object.

However, since WordPress doesn’t know you added an AltBody, on sending consecutive mails, it only clears the phpmailer properties it knows of, so it leaves the previous AltBody untouched.

Since your plugin sees there’s an AltBody already present, it basically assumes everything’s fine and so each consecutive html mail will have the AltBody (text version) of the first mail that was sent.

Hope you don’t mind, but I modified your plugin to fix this problem. I added extensive comments, reformatted the code and added a few filters for flexibility.

Here’s a gist of the modified plugin, please use it as you like. I hope you decide to implement the changes so it gets pushed as an update. Thanks.

• This topic was modified 6 years, 5 months ago by y0uri.

The page I need help with: [log in to see the link]