| Index: trunk/phase3/includes/SpecialEmailuser.php |
| — | — | @@ -143,15 +143,43 @@ |
| 144 | 144 | } |
| 145 | 145 | |
| 146 | 146 | function doSubmit() { |
| 147 | | - global $wgOut, $wgUser; |
| | 147 | + global $wgOut, $wgUser, $wgUserEmailUseReplyTo; |
| 148 | 148 | |
| 149 | 149 | $to = new MailAddress( $this->target ); |
| 150 | 150 | $from = new MailAddress( $wgUser ); |
| 151 | 151 | $subject = $this->subject; |
| 152 | 152 | |
| 153 | 153 | if( wfRunHooks( 'EmailUser', array( &$to, &$from, &$subject, &$this->text ) ) ) { |
| | 154 | + |
| | 155 | + if( $wgUserEmailUseReplyTo ) { |
| | 156 | + // Put the generic wiki autogenerated address in the From: |
| | 157 | + // header and reserve the user for Reply-To. |
| | 158 | + // |
| | 159 | + // This is a bit ugly, but will serve to differentiate |
| | 160 | + // wiki-borne mails from direct mails and protects against |
| | 161 | + // SPF and bounce problems with some mailers (see below). |
| | 162 | + global $wgEmergencyContact; |
| | 163 | + $mailFrom = new MailAddress( $wgEmergencyContact ); |
| | 164 | + $replyTo = $from; |
| | 165 | + } else { |
| | 166 | + // Put the sending user's e-mail address in the From: header. |
| | 167 | + // |
| | 168 | + // This is clean-looking and convenient, but has issues. |
| | 169 | + // One is that it doesn't as clearly differentiate the wiki mail |
| | 170 | + // from "directly" sent mails. |
| | 171 | + // |
| | 172 | + // Another is that some mailers (like sSMTP) will use the From |
| | 173 | + // address as the envelope sender as well. For open sites this |
| | 174 | + // can cause mails to be flunked for SPF violations (since the |
| | 175 | + // wiki server isn't an authorized sender for various users' |
| | 176 | + // domains) as well as creating a privacy issue as bounces |
| | 177 | + // containing the recipient's e-mail address may get sent to |
| | 178 | + // the sending user. |
| | 179 | + $mailFrom = $from; |
| | 180 | + $replyTo = null; |
| | 181 | + } |
| 154 | 182 | |
| 155 | | - $mailResult = userMailer( $to, $from, $subject, $this->text ); |
| | 183 | + $mailResult = UserMailer::send( $to, $mailFrom, $subject, $this->text, $replyTo ); |
| 156 | 184 | |
| 157 | 185 | if( WikiError::isError( $mailResult ) ) { |
| 158 | 186 | $wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult); |
| Index: trunk/phase3/includes/DefaultSettings.php |
| — | — | @@ -510,6 +510,16 @@ |
| 511 | 511 | $wgEnableUserEmail = true; |
| 512 | 512 | |
| 513 | 513 | /** |
| | 514 | + * Set to true to put the sending user's email in a Reply-To header |
| | 515 | + * instead of From. ($wgEmergencyContact will be used as From.) |
| | 516 | + * |
| | 517 | + * Some mailers (eg sSMTP) set the SMTP envelope sender to the From value, |
| | 518 | + * which can cause problems with SPF validation and leak recipient addressses |
| | 519 | + * when bounces are sent to the sender. |
| | 520 | + */ |
| | 521 | +$wgUserEmailUseReplyTo = false; |
| | 522 | + |
| | 523 | +/** |
| 514 | 524 | * Minimum time, in hours, which must elapse between password reminder |
| 515 | 525 | * emails for a given account. This is to prevent abuse by mail flooding. |
| 516 | 526 | */ |
| Index: trunk/phase3/RELEASE-NOTES |
| — | — | @@ -136,6 +136,10 @@ |
| 137 | 137 | * (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki |
| 138 | 138 | * (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon |
| 139 | 139 | * Add option to include templates in Special:Export. |
| | 140 | +* (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender |
| | 141 | + address in Reply-To instead of From for user-to-user emails. |
| | 142 | + This protects against SPF problems and privacy-leaking bounce messages |
| | 143 | + when using mailers that set the envelope sender to the From header value. |
| 140 | 144 | |
| 141 | 145 | |
| 142 | 146 | === Bug fixes in 1.12 === |