Bug #17674
closed
class.tx_install.php - Install Tool mail not delivered some administration emails
0%
Description
The mails "Install Tool Login ATTEMPT" and "Install Tool Login" (maybe BE "Login Failure" also ??) can't be delivered.
That's strange beacuse I have no problem with test mails (HTML and TEXT).
[SYS][forceReturnPath] = 1 didn't help.
Looking in class.tx_install.php, I see that the "Install Tool Login" is sent with
----
mail($wEmail,
$subject,
$email_body,
'From: TYPO3 Install Tool WARNING <>'
);
Setting here an empty "From" is a problem in my case : it overrides my "sendmail_path" configuration :
sendmail_path "/usr/sbin/sendmail -t -i -F myemail@mycompany.com -f myemail@mycompany.com"
"quick and dirty fix" - class.tx_install.php - function checkPassword
----
/**
* Returns true if submitted password is ok. Else displays a form in which to enter password.
*
* @param [type] $uKey: ...
* @return [type] ...
*/
function checkPassword($uKey) {
$p = t3lib_div::_GP('password');
if ($p && md5($p)==$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']) {
$sKey = md5($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'].'|'.$uKey);
SetCookie($this->cookie_name, $sKey, 0, '/');// Sending warning email
$wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
if ($wEmail) {
$subject="Install Tool Login at '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."'";
$email_body="There has been a Install Tool login at TYPO3 site '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."' (".t3lib_div::getIndpEnv('HTTP_HOST').") from remote address \
'".t3lib_div::getIndpEnv('REMOTE_ADDR')."' (".t3lib_div::getIndpEnv('REMOTE_HOST').')';
// leave the "From" alone. In case of problem look at sendmail_path www.php.net/mail
/*
mail($wEmail,
$subject,
$email_body,
'From: TYPO3 Install Tool WARNING <>'
);
/
mail($wEmail,
$subject,
$email_body
);
}
return true;
} else {
// Bad password, send warning:
if ($p) {
$wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
if ($wEmail) {
$subject="Install Tool Login ATTEMPT at '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."'";
$email_body="There has been a Install Tool login attempt at TYPO3 site '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."' (".t3lib_div::getIndpEnv('HTTP_HOST').").
Password tried was '".$p."'
REMOTE_ADDR was '".t3lib_div::getIndpEnv('REMOTE_ADDR')."' (".t3lib_div::getIndpEnv('REMOTE_HOST').')';
// leave the "From" alone. In case of problem look at sendmail_path www.php.net/mail
/
mail($wEmail,
$subject,
$email_body,
'From: TYPO3 Install Tool WARNING <>'
);
*/
mail($wEmail,
$subject,
$email_body
);
}
}
return false;
}
}
----I then receive the mail :
----
From: myemail@mycompany.com (myemail@mycompany.com)
Return-Path: myemail@mycompany.com
----
My configuration
php -v
PHP 5.2.4 with Suhosin-Patch 0.9.6.2 (cli) (built: Oct 8 2007 18:40:26)
(running in safe_mode)
pkg_info | grep typo3
typo3-4.1.2 The typo3 content management system
Note:
With my "quick and dirty fix" and a value of
sendmail_path "/usr/sbin/sendmail t -i -f myemail@mycompany.com"
The mail I receive became
---
From: myemail@mycompany.com (World Wide Web Owner)
Return-Path: myemail@mycompany.com
----
which is better than no mail.
Setting an empty From is surely there for a good reason but those mails have to do with security !
Thanks in advance
Tobias
(issue imported from #M6510)
Updated by Rohrle Tobias over 16 years ago
pkg_info | grep postfix
postfix-2.4.5,1 A secure alternative to widely-used Sendmail
Updated by Alexander Opitz almost 11 years ago
- Status changed from New to Needs Feedback
- Target version deleted (
0)
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz over 10 years ago
- Status changed from Needs Feedback to Closed
No feedback for over 90 days.