WordPress.org

Ready to get started?Download WordPress

Forums

Mail On Update
[resolved] E-Mail Addresses resetet on update to newest version (18 posts)

  1. dmsolutions
    Member
    Posted 1 year ago #

    Since Update on Version 5.2.0 all E-Mail adresses are resetet to the WordPress Admin E-Mail and there also is no field anymore to change the notification address.

    Best regards
    Danijel

    http://wordpress.org/extend/plugins/mail-on-update/

  2. kubi23
    Member
    Plugin Author

    Posted 1 year ago #

    That is correct. Please check the changelog.

  3. dmsolutions
    Member
    Posted 1 year ago #

    You mean this comes from version 5.0:

    - Notification is only send to users with update permission

    Is there any chance to set a notification to another mail adress than to send the notification to all admin users? We have some blogs with about 15 admin users but they should not get informed everytime there is an update.

  4. kubi23
    Member
    Plugin Author

    Posted 1 year ago #

    Sorry, just saw that i missed the notice in the changelog.

    The changes came with 5.2.0
    - Fixed slightly possible CSFR Bug

    The "Fix" was to remove the possible to speicify other e-mail adresses for recievers. As of version 5.2.0 the notification will go to all admin users.

  5. joelkriteman
    Member
    Posted 1 year ago #

    Hello

    Can I just double check please?

    Your recent fix has removed the functionality to specify additional email addresses to be notified.

    You have said:

    As of version 5.2.0 the notification will go to all admin users.

    Does this mean that anybody who is set as "administrator" should get email notifications?

    I have several sites where I installed your plugin and it seems that whichever email address is in the email box on the WordPress settings page will get notifications (regardless of user level) and nobody else even if other people do have the administrator access level.

    I usually put a client's own email address in there so that they get notified about comments etc but would want plugin update emails to come to me.

    Do you have any plans to fix it again / further please?

    Thanks

    Joel

  6. kubi23
    Member
    Plugin Author

    Posted 1 year ago #

    @joelkriteman

    The implementation after the fix greps the wp-option get_option("admin_email"); and sends the notification to this address. Per WordPress Codex this "Retrieves the e-mail of the blog administrator".

    Currently I have no time to refactore the function to its original handling with custom email addresses.

    You can of course downgrade to 5.1.0 - check the CVE (http://www.openwall.com/lists/oss-security/2013/05/16/8) if you can live with that.

  7. joelkriteman
    Member
    Posted 1 year ago #

    Thanks kubi.

    Not sure if I could ;-)

    I like up to date plugins - hence why I used your plugn!

    Thanks anyway

    Joel

  8. worthdesigning
    Member
    Posted 1 year ago #

    Same issue here too.
    I was wondering why I wasn't getting email updates.

    Have to create some new admins on my sites now.
    If you can add back that functionality - choose where the emails go - that would be great.

    But great plugin - thanks

  9. cr33dog
    Member
    Posted 1 year ago #

    This little workaround mails all admins, around line 195:

    function mailonupdate_listOfCommaSeparatedRecipients() {
    			//return get_option("admin_email");
    			$emails = array();
    			$admins = get_users('role=administrator');
    			foreach ($admins as $admin){
    				array_push($emails, $admin->user_email);
    			}
    			return implode($emails, ',');
    
    		}
  10. pulk99
    Member
    Posted 10 months ago #

    I must say, I don't like that change, I administrate a lot of blogs, where the wordpress admin isn't the person who updates the software, but we need that worpdress email admin set to an "official email address", so I don't get the mails anymore, instead a lot of other persons are spamed with it.

    I would like to see the option to enter an alternative address to come back, because it is and was a very helpful plugin, but it's now missing pretty much all the functionality I used it for.

  11. kubi23
    Member
    Plugin Author

    Posted 10 months ago #

    @pulk99
    The problem is that specifying an external email address is the hole bug in the first place. See http://www.openwall.com/lists/oss-security/2013/05/16/8

  12. geeks2rent
    Member
    Posted 10 months ago #

    Hello Pulk99 and all the others

    I share the very same problem.
    Clients are the WP-admin but I am the geek2rent to look after things.
    like an digital housekeeper.

    So I need to receive the emails on a different emailaddress

    I did read the link provided by kubi23 concerning the security issue.
    As I do not share the view that this is a real risk I took the liberty to put the very much desired code back into kubi23 plugin.

    It Works for me! just replace the content of mail-on-update.php
    with the code below.

    ---code---code---code---

    [ 429 lines of code moderated. Please use pastebin.com instead. ]

  13. geeks2rent
    Member
    Posted 10 months ago #

    Hello All,

    As I can't post the FIX for the desired function here. I made it available via our server.
    http://geeks2rent.co.uk/mail-on-update/mail-on-update.txt

  14. kubi23
    Member
    Plugin Author

    Posted 10 months ago #

    @geek2rent
    No need for a Fix ;-) As I sad 4 month ago:

    "You can of course downgrade to 5.1.0 - check the CVE (http://www.openwall.com/lists/oss-security/2013/05/16/8) if you can live with that."

  15. geeks2rent
    Member
    Posted 10 months ago #

    Hello Kubi23,

    Why downgrade? When I can use it inside the current version.
    Works neat! As to the concernes of security.
    The form can not be accessed in that way on my installations.

    The funktion to change or at least add an different email recipient is IMHO important - extremly usefull.

    I merely intended to help as I can understand the needs of those other supporters in their daily struggle in maintenance work.
    Also the Client side ( the actual admin ) gets bombarded with infos but fails to forward them.

    Till now I had manually hack in a different mail recipient - which gets overruled by every new release.
    e.g. (I went for the lasy tweak in the past.)
    //notifier list
    function mailonupdate_
    listOfCommaSeparatedRecipients() {
    // return get_option("admin_email");
    return (string) "WP-support@geeks2rent.co.uk";
    }

    just to explain my intentions

    Greetings from
    ΛΕΥΚΆΔΑ
    Ελλάδα

  16. pulk99
    Member
    Posted 10 months ago #

    @kubi23
    ok, what about specifying a wordpress user who can recieve the update mails, so only already registered users (with admin rights) can be selected.

  17. kubi23
    Member
    Plugin Author

    Posted 10 months ago #

    @pulk99
    That idea sound good to me.

    However, I cant promise you anything, but there might be a solution coming up in the next days.

    On a side note, as WP 3.7.1 ships with automatic core updates, I think there will be automatic plugin updates soon.

  18. geeks2rent
    Member
    Posted 10 months ago #

    Hello All,

    Here now the mended version (extended of the much desired function).
    http://geeks2rent.co.uk/mail-on-update/mail-on-update-5.2.4.txt

    be aware:
    A CSRF vulnerability is not a big deal if one knows how to protect the files beyond the publicly facing website. If not protected it indeed poses a threat and may reveals as much as the program WP-Scan does.

    ps
    I left in the comments in the source code as this enhances the readability of the code.

    pps
    I don't look forward to an automated plug-in update function, as kubi23 mentioned. Unfortunately a lot of programmers are working in the plugin-code directly.
    All that would get lost in an indiscriminate upgrade.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.