| Project: | Mime Mail |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
A fairly common misconfiguration is to have the default input format for mime_mail set to one that is not available to all users who might generate emails via the website.
Before sending mail, mimemail filters the body through the check_markup() function with the second argument set to the contents of the "mimemail_format" variable.
If the current user does not have permission to use the input format designated by the 'mimemail_format' setting, the body of the email will be set to the text 'n/a'.
This is confusing for me, let alone the average Drupal user.
The attached patch fixes this problem, by checking the result of the check_format() function, and re-trying with the FILTER_FORMAT_DEFAULT if necessary.
Perhaps it should also raise a watchdog() warning, advising the administrator to reconcile /admin/settings/mimemail with /admin/settings/filters
diff -u -p -r1.31 mimemail.module
--- mimemail.module 21 Sep 2008 02:20:56 -0000 1.31
+++ mimemail.module 23 Jan 2009 18:00:08 -0000
@@ -364,6 +364,11 @@ if (strpos(variable_get('smtp_library',
$subject = $message['subject'];
if ($format = variable_get('mimemail_format', FILTER_FORMAT_DEFAULT)) {
$body = check_markup($message['body'], $format);
+ # check_markup returns 'n/a' if the current user doesn't have
+ # permission to use $format.
+ if (($body == 'n/a') && ($format != FILTER_FORMAT_DEFAULT)) {
+ $body = check_markup($message['body'], FILTER_FORMAT_DEFAULT);
+ }
}
else {
$body = $message['body'];| Attachment | Size |
|---|---|
| mimemail.module-filter_format_check.diff | 867 bytes |
Comments
#1
added t() around 'n/a'
works for me, thanks!
#2
sorry, forget that patch, here's the next one without call to my debug function...
(if someone can delete the previous attachment, i can't)
#3
$body = check_markup($message['body'], $format);
Change that into
$body = check_markup($message['body'], $format, FALSE);
and it wont do the permission check if it is allowed to use that format or not.
#4
So in the case that the administrator specifies a mimemail format which is forbidden to the email sender, which is the best course of action?
1. (current code) Replace all messages with the static text "n/a".
2. (proposal #2) Use a format which is permitted for anonymous users.
3. (proposal #3) Use the specified format without regard to permission settings.
#5
#6
There is no real reason we'd need to check access to the selected format within the check_markup() calls within mimemail, so for consistency and simplicity sake I set $check to FALSE. This change has just been committed and will be in the next development snap shot available shortly. If you could please test this and let me know if you run into any issues.
Thanks!
Jer Davis
Advantage Labs, Inc.
#7
Automatically closed -- issue fixed for 2 weeks with no activity.
#8
If anyone is interested on how to fix this for 5.x-1.x-dev, then you need to make the following edit to the
drupal_mail_wrapperfunction in themimemail.modulefile. It is slightly different than 6.x-1.x-dev, because thecheck_markupresult needs to be stored in a new variable to use for checking purposes.function drupal_mail_wrapper($mailkey, $to, $subject, $body, $from, $headers) {
if ($format = variable_get('mimemail_format', FILTER_FORMAT_DEFAULT)) {
//$body = check_markup($body, $format); // ORIGINAL LINE -- COMMENT THIS OUT
// START - ADD NEW CODE
$chk_body = check_markup($body, $format);
# check_markup returns 'n/a' if the current user doesn't have
# permission to use $format.
if (($chk_body == t('n/a')) && ($format != FILTER_FORMAT_DEFAULT)) {
$chk_body = check_markup($body, FILTER_FORMAT_DEFAULT);
}
$body = $chk_body;
// END - ADD NEW CODE
}
return mimemail($from, $to, $subject, $body, NULL, $headers, NULL, array(), $mailkey);
}
#9
#10