Does Magento 1.9 Use PHPMailer to Handle Emails?

emailmagento-1.9

Recently a critical remote code execution vulnerability in PHPMailer has been discovered, and that has been reported on https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/?utm_source=list&utm_campaign=122816&utm_medium=email which focuses on WordPress sites.

However I'd like to know if this can affect somehow Magento installations as well or not.

Best Answer

Magento uses Zend\Mail by default. Magento is built upon the Zend framework, and as such uses many of its components.

So, in short, this PHPMailer vulnerability doesn't apply to Magento.

Related Solutions

Magento 1.7 – Does Magento Send Order Cancellation Emails?

Magento does send a number of transactional emails, including cancellation (e.g. order status change); the only issue with a cancellation email, requires the customer service agent cancelling to click "Notify Customer". You can edit this to be the default.

To enable emails on order comments, go to System > Config > Sales Emails and make sure it's enabled:

enter image description here

The email template is located in app/locale/[en_US]/template/email/sales/order_update.html by default, replacing en_US with your actual locale, of course, if you're using another language pack.

This line:

<p style="font-size:12px; line-height:16px; margin:0 0 10px 0;">
    Your order # {{var order.increment_id}} has been <br/>
    <strong>{{var order.getStatusLabel()}}</strong>.
</p>

Provides the output for the 'status' update. You can create custom styling with control-flow statements like if or depends:

<p style="font-size:12px; line-height:16px; margin:0 0 10px 0;">
    Your order # {{var order.increment_id}} has been <br/>
    {{if order.getStatusLabel()=='canceled'}}
        <strong>CANCELED - THERE, ARE YOU HAPPY?!</strong>
    {{else}}
        {{var order.getStatusLabel()}}.
    {{/if}}
</p>

Magento – How to Send File Attachments in Emails

Try to use Zend_Mail. See:

public function sendMail($errorCod = "", $errorMsg = "")
{

    $mail = new Zend_Mail('utf-8');

    $recipients = array(
        Mage::getStoreConfig('trans_email/ident_custom1/name') => Mage::getStoreConfig('trans_email/ident_custom1/email'),
        Mage::getStoreConfig('trans_email/ident_custom2/name') => Mage::getStoreConfig('trans_email/ident_custom2/email'),
    );
    $mailBody   = "<b>Error Code: </b>" . $errorCod . "<br />";
    $mailBody .= "<b>Error Massage: </b>" . $errorMsg . "<br />";
    $mail->setBodyHtml($mailBody)
        ->setSubject('Lorem Ipsum')
        ->addTo($recipients)
        ->setFrom(Mage::getStoreConfig('trans_email/ident_general/email'), "FromName");

    //file content is attached
    $file       = Mage::getBaseDir('var') . DS . 'log' . DS . 'exception.log';
    $attachment = file_get_contents($file);
    $mail->createAttachment(
        $attachment,
        Zend_Mime::TYPE_OCTETSTREAM,
        Zend_Mime::DISPOSITION_ATTACHMENT,
        Zend_Mime::ENCODING_BASE64,
        'attachment_1.log'
    );
    $file       = Mage::getBaseDir('var') . DS . 'log' . DS . 'system.log';
    $attachment = file_get_contents($file);
    $mail->createAttachment(
        $attachment,
        Zend_Mime::TYPE_OCTETSTREAM,
        Zend_Mime::DISPOSITION_ATTACHMENT,
        Zend_Mime::ENCODING_BASE64,
        'attachment_2.log'
    );

    try {
        $mail->send();
    } catch (Exception $e) {
        Mage::logException($e);
    }
}

Best Answer

Related Solutions

Magento 1.7 – Does Magento Send Order Cancellation Emails?

Magento – How to Send File Attachments in Emails

Related Topic