Woocommerce email attachments 403 forbiden

  • Resolved faramirezs

    (@faramirezs)


    3 years, 11 months ago

    Hi!!

    I sell documents in my store. After payment, I send a confirmation email with download links. The user can download without login. Recently we started to test this code for send the documents not as a Link but as email attachtments to the order confirmation email.

    (I am using Postman to send these emails)

    We used this code, from here:

    add_filter( 'woocommerce_email_attachments', 'attach_downloadable_files_to_customer_completed_email', 10, 3 );
function attach_downloadable_files_to_customer_completed_email( $attachments, $email_id, $order ) {
    if( isset( $email_id ) && $email_id === 'customer_completed_order' ){
        // Loop through order items
        foreach( $order->get_items() as $item ) {
            $product = $item->get_product(); // The product Object

            if ( $product->is_downloadable() && ( $downloads = $product->get_downloads() ) ) {
                // Loop through product downloads
                foreach( $downloads as $download ) {
                    $attachments[] = $download->get_file();
                }
            }
        }
    }
    return $attachments;
}

    I create a stage website of my site and I tested the code. The code worked perfect, and my customer could get the attachments with the confirmation order email.

    When I did the same in my production website, my customers rececived the confirmation email with empty files… the attachments were there but with 0 kb.

    When I read the logs of my hosting provider (closte.com) there was several security alerts: https://a.cl.ly/jkuLZ7OG

    Also PHP warnings saying that the URL of the downloable product was blocked, 403 forbidden https://a.cl.ly/8LubPx2O

    The support service of closte said that I should whitelist the false positive alert in .htaccess file, their suggestion was to include this line on top of the content:

    SecRuleRemoveByID 210730

    I did this but the problem remained.

    The Closte support does not identify why the code was working in the stage website but not in the production site. However they provide this solution:

    The issue is not related to the hosting service but actually your code.

    By default, you cannot make a GET request to the /wp-content/uploads/woocomerce_uploads directory because that directory is protected by WooCommre by default (because users cannot view other users attachment, this is for a security purpose.)…

    …You need to change the code, instead of reading the file from the URL, read it from the local disk, something like:

    $test = file_get_contents('relative path to the file');

    Also they send KB about my issue: https://closte.com/support/wordpress/troubleshooting#403-http-error
    According to them the issue is related to this: https://a.cl.ly/rRuG7Ozx

    Let’s say the file URL is this: w-content/upload/woocommerce_upload/2020/02/file.docx

    Should I put 775 permissions on:
    /w-content
    /upload
    /woocommerce_upload
    /2020
    /02
    and 644 permission on /file.docx ?

    Could you please help me to fix the code in order to apply the solution provided?

    thank you in advance for your attention.

Viewing 1 replies (of 1 total)
  • Thread Starter faramirezs

    (@faramirezs)

    The problem is solved:

    • In woocommerce_upload folder
    • Replace the .htaccess content with this:
      • order deny,allow
deny from all
allow from <your ip or server IP or hosting IP>
Viewing 1 replies (of 1 total)
  • The topic ‘Woocommerce email attachments 403 forbiden’ is closed to new replies.