Post SMTP Mailer/Email Log - Version 2.1.7

Version Description

  • 2022-08-30 =
  • FIX
  • Server side request forgery
Download this release

Release Info

Developer wpexpertsio
Plugin Icon 128x128 Post SMTP Mailer/Email Log
Version 2.1.7
Comparing to
See all releases

Code changes from version 2.1.6 to 2.1.7

Files changed (4) hide show
  1. Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php +2 -2
  2. Postman/PostmanViewController.php +6 -0
  3. postman-smtp.php +2 -2
  4. readme.txt +10 -312
Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php CHANGED
@@ -278,7 +278,7 @@ class PostmanPortTestAjaxController {
278
 
279
  check_admin_referer('post-smtp', 'security');
280
 
281
- if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
282
  wp_send_json_error(
283
  array(
284
  'Message' => 'Unauthorized.'
@@ -317,7 +317,7 @@ class PostmanPortTestAjaxController {
317
 
318
  check_admin_referer('post-smtp', 'security');
319
 
320
- if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
321
  wp_send_json_error(
322
  array(
323
  'Message' => 'Unauthorized.'
278
 
279
  check_admin_referer('post-smtp', 'security');
280
 
281
+ if( !current_user_can( 'edit_plugins' ) ) {
282
  wp_send_json_error(
283
  array(
284
  'Message' => 'Unauthorized.'
317
 
318
  check_admin_referer('post-smtp', 'security');
319
 
320
+ if( !current_user_can( 'edit_plugins' ) ) {
321
  wp_send_json_error(
322
  array(
323
  'Message' => 'Unauthorized.'
Postman/PostmanViewController.php CHANGED
@@ -404,6 +404,12 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
404
  <?php echo esc_html( 'Twilio Notifications' ); ?>
405
  </a>
406
  </div>
 
 
 
 
 
 
407
  </div>
408
  <div class="ps-setting-box">
409
  <div>
404
  <?php echo esc_html( 'Twilio Notifications' ); ?>
405
  </a>
406
  </div>
407
+ <div>
408
+ <a href="<?php echo esc_url( 'https://postmansmtp.com/extensions/post-smtp-mail-control/' ); ?>" target="_blank">
409
+ <img src="<?php echo esc_url( POST_SMTP_ASSETS . 'images/icons/finger.png' ) ?>" width="15" />
410
+ <?php echo esc_html( 'Mail Control' ); ?>
411
+ </a>
412
+ </div>
413
  </div>
414
  <div class="ps-setting-box">
415
  <div>
postman-smtp.php CHANGED
@@ -6,7 +6,7 @@ if ( ! defined( 'ABSPATH' ) ) {
6
  * Plugin Name: Post SMTP
7
  * Plugin URI: https://wordpress.org/plugins/post-smtp/
8
  * Description: Email not reliable? Post SMTP is the first and only WordPress SMTP plugin to implement OAuth 2.0 for Gmail, Hotmail and Yahoo Mail. Setup is a breeze with the Configuration Wizard and integrated Port Tester. Enjoy worry-free delivery even if your password changes!
9
- * Version: 2.1.6
10
  * Author: Post SMTP
11
  * Text Domain: post-smtp
12
  * Author URI: https://postmansmtp.com
@@ -76,7 +76,7 @@ if ( ! function_exists( 'ps_fs' ) ) {
76
  define( 'POST_SMTP_BASE', __FILE__ );
77
  define( 'POST_SMTP_PATH', __DIR__ );
78
  define( 'POST_SMTP_URL', plugins_url('', POST_SMTP_BASE ) );
79
- define( 'POST_SMTP_VER', '2.1.6' );
80
  define( 'POST_SMTP_ASSETS', plugin_dir_url( __FILE__ ) . 'assets/' );
81
 
82
  $postman_smtp_exist = in_array( 'postman-smtp/postman-smtp.php', (array) get_option( 'active_plugins', array() ) );
6
  * Plugin Name: Post SMTP
7
  * Plugin URI: https://wordpress.org/plugins/post-smtp/
8
  * Description: Email not reliable? Post SMTP is the first and only WordPress SMTP plugin to implement OAuth 2.0 for Gmail, Hotmail and Yahoo Mail. Setup is a breeze with the Configuration Wizard and integrated Port Tester. Enjoy worry-free delivery even if your password changes!
9
+ * Version: 2.1.7
10
  * Author: Post SMTP
11
  * Text Domain: post-smtp
12
  * Author URI: https://postmansmtp.com
76
  define( 'POST_SMTP_BASE', __FILE__ );
77
  define( 'POST_SMTP_PATH', __DIR__ );
78
  define( 'POST_SMTP_URL', plugins_url('', POST_SMTP_BASE ) );
79
+ define( 'POST_SMTP_VER', '2.1.7' );
80
  define( 'POST_SMTP_ASSETS', plugin_dir_url( __FILE__ ) . 'assets/' );
81
 
82
  $postman_smtp_exist = in_array( 'postman-smtp/postman-smtp.php', (array) get_option( 'active_plugins', array() ) );
readme.txt CHANGED
@@ -4,7 +4,7 @@ Contributors: wpexpertsio
4
  Tags: email, mail, smtp, wordpress smtp, email log, postman smtp, postman, gmail, google apps, hotmail, yahoo, mandrill api, sendgrid api, elastic email, office365, mailgun
5
  Requires at least: 3.9
6
  Tested up to: 6.0.1
7
- Stable tag: 2.1.6
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -28,7 +28,7 @@ Post SMTP replaces the default WordPress SMTP library, PHPMailer, with the heavy
28
  * The built-in Email log is an invaluable resource for diagnosing problems with emails.
29
  * OAuth 2.0 increase the security and protection of email password by discouraging the idea of storing your email password in the WordPress database where it might be found.
30
 
31
- Even hosts that block the standard SMTP ports, like GoDaddy or Bluehost, cant stop your email as Post SMTP can deliver via HTTPS if it cant use SMTP.
32
 
33
  https://www.youtube.com/watch?v=mXDEEE9jnfw
34
 
@@ -76,7 +76,7 @@ In essence, SMTP is a set of commands that authenticates and directs the transfe
76
  [Better Email Logger Pro extension](https://postmansmtp.com/extensions/the-better-email/) allows you to design email marketing campaigns and improve email deliverability for your WordPress site.
77
 
78
  **Mail Control Pro Extension**
79
- [Mail Control Pro Extension](https://postmansmtp.com/extensions/post-smtp-mail-control/) allows you to control Post SMTPs email actions like sending email alerts to authors, webmasters, and new users.
80
 
81
  = Post SMTP Membership Plans =
82
  [Post SMTP membership plans](https://postmansmtp.com/membership-plan/) offer access to all pro extensions along with other benefits including 1-year extension updates and support, Email Reporting, Logging, and Tracking, all other SMTP Services and a 30-day money-back guarantee.
@@ -285,9 +285,13 @@ To avoid being flagged as spam, you need to prove your email isn't forged. On a
285
 
286
  == Changelog ==
287
 
 
 
 
 
288
  = 2.1.6 - 2022-08-29 =
289
- *FIX**
290
- * Server side forgery
291
 
292
  = 2.1.5 - 2022-08-25 =
293
  * **FIX**
@@ -608,310 +612,4 @@ Syntx stupid mistake
608
  * [[Ticket](https://wordpress.org/support/topic/fatal-error-internal-zend-error-missing-class-information?replies=2#post-7092317)] User reported error "Fatal error: Internal Zend error - Missing class information" - Whoops, used 'require' PostState.php instead of 'require_once' PostState.php which was causing errors. Fixed.
609
  * [[Ticket](https://wordpress.org/support/topic/error-send-mymail-email-marketing?replies=5)] [[Ticket](https://wordpress.org/support/topic/how-configure-mymail-in-plugin?replies=6)] MyMail Newsletter Plugin for WordPress refuses to use wp_mail. I don't want to make this a habit, but I've integrated Post with MyMail's proprietary delivery mechanism.
610
  * [[Ticket](https://wordpress.org/support/topic/cant-send-error-500?replies=11#post-7103035)] Found an environment where the plugin's call to new Exception was creating PHP Fatal errors. Fixed.
611
- * [[Ticket](https://wordpress.org/support/topic/error-calling-post-400-invalid-to-header?replies=4)] Perform validation on all email headers before sending message
612
- * The Gmail API transport displays a copy of the payload during the Send Email Test and saves this payload to the Email Log
613
- * No longer shows the Javascript pop-up if the error is caused by the user cancelling everything (by checking JSON response.responseText for null)
614
-
615
- = 1.6.22 - 2015-06-14 =
616
- * Finally realized that for the last five months I've been relying on register_activation_hook to fire during plugin updates - [and it doesn't](https://make.wordpress.org/core/2010/10/27/plugin-activation-hooks-no-longer-fire-for-updates/). Lovely. Well this change should eliminate all the "update doesn't work!" bugs for good.
617
- * [[Ticket](https://wordpress.org/support/topic/latest-update-conflicting-with-theme?replies=3#post-7066897)] I enable Strict mode when I code Post to ensure it's error free and I forgot to turn it off. This was causing all plugins and themes to show their warnings. Fixed.
618
- * [[Ticket](https://wordpress.org/support/topic/upgrade-to-1619-broke-contact-form?replies=2#post-7067673)] I didn't thoroughly test the Gmail API, causing "Catchable fatal error: Argument 1 passed to PostGmailApiModuleTransport::getAuthenticationType() must be an instance of PostOptions, none given." Fixed.
619
- * [[Ticket](https://wordpress.org/support/topic/gmail-api-assertion-failed-and-cannot-modify-header-information?replies=4#post-7068833)] I didn't thoroughly test the Gmail API, it wasn't warning the user if the Envelope Sender Address is missing. Fixed.
620
- * [[Ticket](https://wordpress.org/support/topic/password-corruption-issue?replies=1)][[Ticket](https://wordpress.org/support/topic/password-corruption-issue?replies=4#post-7068839)] Found a problem in the Activation Handler. It was re-encoding passwords when it shouldn't have been. Fixed.
621
-
622
- = 1.6.18 - 2015-06-13 =
623
- * 8,000 installations! Big milestone! The author of [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) has [officially endorsed Post SMTP](http://contactform7.com/faq/i-get-an-error-message-with-a-red-border-so-how-can-i-solve-this/) as the SMTP plugin of choice! You can't wipe the smile from my face :D
624
- * [[Ticket](https://wordpress.org/support/topic/subscriber-registration?replies=6)] Post is determining the current user's admin capability incorrectly. Fixed.
625
- * [[Ticket](https://wordpress.org/support/topic/using-a-google-apps-group-as-sender?replies=3)] Added an additional From field, the Envelope From Address, so users can use a different From address than the Account address (for example, to use a Google Apps' Group email address)
626
- * Added a uniqueness (based on site URL) to the lock filename in case this is shared hosting
627
- * Persistence-level updates now run across all subsites on a multisite installation
628
-
629
- = 1.6.17 - 2015-06-08 =
630
- * You know you're having a really bad day when you have to have do three releases. Fix for "Fatal error: Call to a member function addError() on a non-object". This happens when wp_mail is blocked by another plugin and a non-admin user accesses the site.
631
- * [[Ticket](https://wordpress.org/support/topic/error-after-latest-upgrade?replies=2#post-7044181)] Fixed a bug "Fatal error: Cannot redeclare IsNullOrEmptyString()" I introduced in v1.6.15
632
- * Added Cc and Bcc addresses to Email Log
633
- * [[Ticket](https://wordpress.org/support/topic/email-errors?replies=16)][[Ticket](https://wordpress.org/support/topic/Post-smtp-on-contact-form-7?replies=2#post-7043223)] Force a Logout of Google before launching the Developers Console so it's obvious to the user which account is being used
634
- * Now using Google Developers Console Gmail Wizard URL in place of Google Developers Console URL to simplify Client ID creation
635
- * [[Ticket](https://wordpress.org/support/topic/fixed-my-problem-but-broke-bbpress-notifications?replies=7#post-7038255)] Removing the BCC header in the case of the Gmail API was incorrect and causing lost recipients. Fixed.
636
- * Fixed a compatibility issue (PHP Fatal Error) with the Post Gmail API Extension
637
-
638
- = 1.6.14 - 2015-06-05 =
639
- * [[Ticket](https://wordpress.org/support/topic/large-warnings-on-site?replies=1#post-7036030)] Fixed a bug (PHP Warning) I introduced in v1.6.13
640
- * 7,000 installations!
641
- * Translated into Dutch, thank-you Louise
642
- * [[Ticket](https://wordpress.org/support/topic/bad-requestinvalid_grant?replies=13#post-6991435)] Add process-locking to make sure the OAuth2 token is refreshed synchronously
643
- * Use the Zend_Mail setReturnPath option to communicate the Mail-From and Sender as the SMTP account, allowing arbitrary addresses in the From header
644
- * [[Ticket](https://wordpress.org/support/topic/smtp-authentication-security?replies=1#post-7025445)] Added Emoji lock icons to Dashboard and Main Setting screens to indicate security
645
- * [[Ticket](https://wordpress.org/support/topic/problem-sending-mail-with-other-users?replies=19)] Emails from the [Email Users](https://wordpress.org/plugins/email-users/) plugin were causing undeliverable errors - fixed by removing the SMTP Return-Path header that *Email Users* injects
646
-
647
- = 1.6.12 - 2015-05-30 =
648
- * 6,000 installations! - 2015-05-26
649
- * Post now calls wp_mail when sending a test email. This marks the beginning of the "Post API"
650
- * Shaved admin memory use from ~6MB to ~4MB; Non-admin memory use holds at ~2MB
651
- * Now loading the Sent Email post type for all admin screens, in case other custom post type-related plugins (e.g. WordPress Importer) need it
652
- * Wasn't comfortable how plugin_data was being retrieved, so reverted back to hard-coded plugin name and version
653
- * Save original wp_mail parameters to Email Log so that a Resend action can be implemented
654
- * [[Ticket](https://wordpress.org/support/topic/578-error-authentication-failed-ugfzc3dvcmq6?replies=4#post-7008516)] Removed sanitize_text_field from the PostSanitizer to prevent corruption of some passwords
655
- * [[Ticket](https://wordpress.org/support/topic/fatal-error-after-the-latest-update?replies=9#post-6963805)] Removed the WordPress function call wp_slash - systems that don't support it can now use logging
656
- * A lot of general code clean-up and memory optimizations
657
-
658
- = 1.6.11 - 2015-05-22 =
659
- * [[Ticket](https://wordpress.org/support/topic/call-to-undefined-function-spritnf?replies=2#post-6977557)] Fix for "Fatal error: Call to undefined function spritnf() in PostEmailLogController.php on line 284" - sometimes PHP really sucks compared to Java
660
- * Added a link to a HowTo Video for configuring Google OAuth 2.0 in the OAuth2 authentication section
661
-
662
- = 1.6.10 - 2015-05-18 =
663
- * 5,000 installations!
664
- * Looks for php_openssl and php_socket in the Pre-Requisites check
665
- * [[Ticket](https://wordpress.org/support/topic/email-log-doesnt-show-up-after-upgrade?replies=2)] I hate when you have to have a fix for a fix. It means you need to hire more testers.
666
- * [[Ticket](https://wordpress.org/support/topic/send-email-failed?replies=17#post-6954616)] Changed the way Post performs the API Connectivity Test to more resemble how Google does it
667
- * [[Ticket](https://wordpress.org/support/topic/the-result-was-boolfalse-1?replies=1)] Found a host that the Connectivity Test gets confused on : send.one.com. STARTTLS detection was failing. Fixed.
668
- * [[Ticket](https://wordpress.org/support/topic/fatal-error-after-the-latest-update?replies=9#post-6963805)] Some users insist on running Post in WordPress < 3.6 which has no wp_slash function. Logging is disabled in this case.
669
-
670
- = 1.6.8 - 2015-05-14 =
671
- * [[Ticket](https://wordpress.org/support/topic/fatal-error-after-the-latest-update?replies=2#post-6948880)] Found a PHP envrionment that choked in the catch block trying to call a function (get transcript) on an object instantiated in the try (mail engine). Fixed.
672
- * [[Ticket](https://wordpress.org/support/topic/a-valid-address-is-required-issue-with-contact-form-builder-plugin?replies=2)] If wp_mail is called with a recipient list that ends in a comma, Post tries to add an empty address to the message. Fixed.
673
- * The SMTP Session Transcript was not being saved for errors! Fixed.
674
-
675
- = 1.6.6 - 2015-05-12 =
676
- * [[Ticket](https://wordpress.org/support/topic/requesting-permission?replies=14)][[Ticket](https://wordpress.org/support/topic/status-Post-is-not-sending-mail?replies=42)][[Ticket](https://wordpress.org/support/topic/Post-is-not-handling-email-delivery?replies=4)][[Ticket](https://wordpress.org/support/topic/google-request-isnt-acceptable?replies=10)][[Ticket](https://wordpress.org/support/topic/google-wont-grant-permission?replies=7)] Fixed a long-standing bug where Post would ignore the Grant Code from an OAuth provider if it wasn't in the very next HttpRequest that the site received. Changed this to use a three-minute window.
677
-
678
- = 1.6.5 - 2015-05-10 =
679
- * [[Ticket](https://wordpress.org/support/topic/problem-using-wizard?replies=4)] Fixed a Javascript bug
680
- * Added an Ajax failure handler to every Ajax post
681
-
682
- = 1.6.4 - 2015-05-08 =
683
- * SMTP transport requires a Sender Email Address be set
684
- * Wizard will not clear the hostname if it comes back null
685
- * If the host does not support "humanTime", the Email Log will fall back to an ISO date
686
- * Added a new advanced option: Transcript size to adjust how much of the transcript is saved in the log
687
- * The wizard gets confused if the user specified auth type is undefined for the newly chosen socket. for example, a gmail address, with a mailtrap.io server, toggling between the gmailapi socket and the mailtrap socket. Fixed.
688
- * Show a warning on the main setting screen if the Delivery mode is not set to Production
689
-
690
- = 1.6.2 - 2015-05-06 =
691
- * 4,000 installations!
692
- * [[Ticket](https://wordpress.org/plugins/Post-gmail-extension/)] Some of the changes released in v1.6 broke the Gmail Extension. Fixed.
693
- * [[Ticket](https://wordpress.org/support/topic/x-mailer?replies=9)] Added a new advanced option: Stealth Mode to hide the Post X-Mailer signature
694
- * Added a Transcript option in the Email Log
695
- * Fixed how the Wizard handles new GoDaddy Office-365 supported email
696
-
697
- = 1.6.1 - 2015-05-04 =
698
- * You test and test and test, and there's always a bug. Fixed a problem in the Port Recommender where it thought STARTTLS was offered when it isn't (test case: test@aol.com)
699
-
700
- = 1.6 - 2015-05-03 =
701
- * Fold all code from the Post Gmail Extension back into Post
702
- * Remove warning from main screen for sender override if it's already on
703
- * Delivery mode - production, logging, test
704
- * Help screens
705
- * Log all email attempts with error messages (if any)
706
- * Truncate logs to max amount
707
- * View all the email attempts, and view a single entry
708
- * Delete single, delete batch, and delete the entire log on pugin data purge
709
- * Highlight Logging option to users
710
- * Obscure password from front-end
711
- * Ask to see password when typing
712
- * When the wizard is looking up details on the email address, disable the smtp hostname field
713
- * Wizard check server ID and warn for MITM 'attack'
714
- * Check for GoDaddy SMTP server during Wizard and use that SMTP server
715
- * Check for Gmail during wizard and remember for gmail api option.
716
- * Present choices to user when select the auth type and socket in wizard more elegantly (radio buttons?)
717
- * Warn when using AUTH with NO encryption - done with padlock emoji
718
- * Add hostname to connectivity test table.
719
- * Remove hard-coded plugin version number
720
-
721
- = 1.5.13 - 2015-04-22 =
722
- * 3,000 installations!
723
-
724
- = 1.5.13 - 2015-04-18 =
725
- * Minor fix in Wizard: OAuth labels weren't updating dynamically (since v1.5.11)
726
- * Lots of changes at Yahoo's Developer Network required changes here: updated format of Callback Domain; updated Yahoo Developer Network portal launch link; renamed Consumer Key/Secret to Client ID/Client Secret; updated FAQ for Yahoo Client ID instructions
727
- * [[Ticket](https://wordpress.org/support/topic/re-initializing-the-plugin?replies=5)] Updated stylesheet to avoid interference from Dating Solutions Plugin (DSP)
728
-
729
- = 1.5.12 - 2015-04-14 - The Jamaican release! =
730
- * [[Ticket](https://wordpress.org/support/topic/help-mail-is-failing-in-test?replies=9)] PHP 5.2 users: fix test messages that show failures but still get delivered; fix Contact Form 7 submission freezes
731
- * Translated into Turkish, thank-you ercan yaris
732
-
733
- = 1.5.11 - 2015-04-05 =
734
- * 2,000 installations! :D
735
- * Commercial-grade improvements to Connectivity Test and Setup Wizard. The new wizard prevents misconfiguration by interrogating the MTA for capabilities and intelligently suggests the best settings for the user. Steve Jobs would be proud.
736
- * Fixed Wizard's MSA hostname guess for GoDaddy addresses (smtp.secureserver.net is the MTA not the MSA)
737
- * Fixed Wizard's MSA hostname guess for Outlook 365 addresses (smtp.live.com is for their free Hotmail service)
738
- * Added French/Italian translation for JQuery Validation
739
-
740
- = 1.5.10 - 2015-03-29 =
741
- * Fix for Fatal error: Cannot redeclare class PEAR_Common in C:\PHP5\PEAR\PEAR\Common.php - similar to [this error](https://wordpress.org/support/topic/plugin-wp-minify-cant-activate-plugin-fatal-error?replies=6) in WP Minify
742
-
743
- = 1.5.9 - 2015-03-26 =
744
- * Added JQuery tabbed UI for manual configuration screen
745
- * Added functionality to add to, cc, and bcc recipients to every message
746
- * Added functionality to add custom headers to every message - useful for [Mandrill "SMTP" headers](http://help.mandrill.com/entries/21688056-Using-SMTP-Headers-to-customize-your-messages)
747
- * [[Ticket](https://wordpress.org/support/topic/invalid-redirect-uri?replies=7)] The Setup Wizard will check for IP addresses in the site URL and warn the user when they are about to configure OAuth 2.0 that this will fail.
748
- * [[Ticket](https://wordpress.org/support/topic/from-address-for-new-site-registration-email?replies=3)] Added functionality to prevent plugins and themes from overriding both the sender name and sender email address
749
- * [[Ticket](https://wordpress.org/support/topic/problem-with-responding?replies=7#post-6723830)] Hide PHP warnings from `stream_set_timeout()` in case the host has disabled this function.
750
-
751
- = 1.5.8 - 2015-03-16 =
752
- * 1,000 installations! :D
753
- * [[Ticket](https://wordpress.org/support/topic/openssl-error-after-upgrading?replies=2#post-6699480)] Post will not shut down if it can't find OpenSSL. It will just display a warning to the user.
754
-
755
- = 1.5.7 - 2015-03-14 =
756
- * [[Ticket](https://wordpress.org/support/topic/conflict-when-used-in-conjunction-with-advanced-access-manager-by-vasyl-martyn?replies=9)] renamed Zend framework classes to prevent errors with other plugins using the Zend framework
757
- * [[Ticket](https://wordpress.org/support/topic/test-email-hangs?replies=5)] Added ajax error checks, especially for Error 502 : Bad Gateway (from WPEngine.com) when sending test e-mail
758
- * Multipart/Alternative was horribly broken, clearly no-one was using it. It's working now, and Post's new Test Message is Multipart/Alternative. Thanks to Victor Hung of [poofytoo](http://poofytoo.com) for the use of his cartoon.
759
- * Add PHP library pre-requisite checks to Binder, Dashboard widget, Admin screen and Admin screen error messages.
760
- * Translated into Italian, thank-you Andrea Greco
761
- * Obfuscated e-mail address in Diagnostic Info
762
- * Fixed Wizard's SMTP hostname guess for Apple addresses (icloud.com, me.com, mac.com)
763
-
764
- = 1.5.5 - 2015-03-11 =
765
- * Added a Dashboard Widget to display Post status
766
- * [[Ticket](https://wordpress.org/support/topic/sending-test-email-hangs?replies=9)] Added diagnostics check for iconv library
767
- * Moved the SMTP transcript to it's own step in the Send Email Test
768
- * Moved 3rd-party plugin import to the Setup Wizard
769
- * [[Ticket](https://wordpress.org/support/topic/language-file-errors-in-debug-log?replies=3)|[Ticket](https://wordpress.org/support/topic/cant-activate-plugin-37?replies=6)] Stopped writing to error log if a language file can't be found
770
- * Added the Http User Agent string to the diagnostics
771
-
772
- = 1.5.4 - 2015-03-04 - the Birthday Release =
773
- * [[Ticket](https://wordpress.org/support/topic/status-Post-is-not-sending-mail?replies=42)] Added support for the [wp_mail](http://codex.wordpress.org/Plugin_API/Filter_Reference/wp_mail) filter - this adds compatibility with plugins like email-log
774
- * Better diagnostics - includes a port check on the currently configured host:port
775
- * Fixed a bug where multiple error messages at once overwrite each other
776
- * [[Ticket](https://wordpress.org/support/topic/incorrect-authentication-data-error-220?replies=9)] Fixed a bug in Sanitizer for cases where WordPress calls sanitize twice in a row - [known WP bug](https://core.trac.wordpress.org/ticket/21989)
777
-
778
- = 1.5.3 - 2015-02-28 =
779
- * Added a dedicated screen for Diagnostics (so that I can add more intensive, slower-running checks like DNS)
780
- * Fixed port-testing race condition bug in Post Setup Wizard when using Gmail API Extension
781
- * Fix for error "Fatal error: Cannot redeclare class PostOAuthTokenInterface" when using Gmail API Extension
782
- * Checks to make sure that the hostname used for SMTP/OAuth 2.0 is one that is supported
783
- * Removed display_errors=On, Mr. Space Cadet here left it in the previous release by accident
784
-
785
- = 1.5.1 - 2015-02-23 =
786
- * Bugs slipped through. In the Wizard, choosing port 465 was not hiding the authentication label. Worse, choosing port 587 was not showing the authentication buttons.
787
- * In the wizard, if no ports are available for use, the error message was not being displayed.
788
-
789
- = 1.5 - 2015-02-22 =
790
- * [[Ticket](https://wordpress.org/support/topic/oh-bother-connection-refused?replies=12)|[Ticket](https://wordpress.org/support/topic/impossible-to-send-mail?replies=6)] Added support for modular transports. The first external transport is the Post Gmail Extension, which uses the Gmail API to send mail out on the HTTPS port, a convenient way around traditional TCP port blocks for Gmail users
791
- * [[Ticket](https://wordpress.org/support/topic/display-error-on-plugin-activation?replies=33)] Made my debug logging "less agressive" so that broken systems (those that pipe warning messages to STDOUT regardless of the WordPress WP_DEBUG_DISPLAY setting or PHP's display_errors settings) will no longer experience the Port Test hanging during a check
792
- * Fixed a bug in the Setup Wizard where it would not use OAuth 2.0 on port 587
793
- * Fixed a bug where Post refused to send mail with Password authentication and no encryption (who does that??)
794
-
795
- = 1.4.1 - 2015-02-17 =
796
- * All text has been [externalized](http://plugins.svn.wordpress.org/Post-smtp/trunk/Post/languages/Post-smtp.pot) in prep for [I18N Internationalization and localization](http://codex.wordpress.org/I18n_for_WordPress_Developers)
797
- * Fixed a bug where the Setup Wizard would force OAuth 2.0 configuration, instead of falling back to Password, even if the required port was closed
798
- * Added more error checking, and more warning messages.
799
- * Translated into French, thank-you Etienne Provost
800
-
801
- = 1.4 - 2015-02-15 =
802
- * Happy Valentine's Day! Sending Yahoo email now supported with OAuth 2.0 authentication! If the Wizard detects that a Yahoo server has been entered, it automatically configures OAuth 2.0
803
- * First time users may choose to import settings from any of the Big Four WordPress SMTP plugins (five if you count Easy SMTP Mail, a clone of WP Mail SMTP): Easy WP SMTP, WP Mail Bank, WP Mail SMTP and WP SMTP
804
- * [[Ticket](https://wordpress.org/support/topic/display-error-on-plugin-activation?replies=33)] Suppressed warning messages generated by calls to fsockopen - they were causing the remote Ajax queries to hang
805
- * The wizard was resetting some settings by accident, namely Connection Timeout, Read Timeout and Reply-To
806
- * [[Ticket](https://wordpress.org/support/topic/display-error-on-plugin-activation?replies=33)] Found an environment where calls to error_log were being displayed in the HTML even after display_errors was disabled. Therefore, disabled error_log calls by default. The log may be re-enabled in Advanced Settings
807
- * The Bad, Post! screen was messing with the Port Test Ajax call when fsockopen generated an error and debug level is set to E_ALL in php.ini. Therefore added a switch in the configuration "Show Error Screen" that is off by default. When it is off, Port Test works perfect but errors generate a WSOD. When it is on, errors are displayed in the "Bad, Post!" screen but Port Test fails.
808
- * I heard that some hosts, like WPEngine, do not allow writing to the Http Session. Well that's balls. I've modified the code to write to the database instead.
809
-
810
- = 1.3.4 - 2015-02-11 =
811
- * 500 downloads and six 5-star ratings in only three weeks! Cool! 8-)
812
- * Replaced the Google OAuth API with pure PHP code. No more unexpected Google API errors.
813
- * [[Ticket](https://wordpress.org/support/topic/contact-7-and-activation-error?replies=16)] Enabled overriding of the timeouts in the configuration screen. If Post is intermittently sending mail, doubling the TCP Read Timeout may help
814
- * Added the SMTP session transcript output when a test message fails to send.
815
- * Fixed the error: Class 'Zend_Mail_Protocol_Smtp_Auth_Plain' not found in /Post/Post-Mail/Zend-1.12.10/Mail/Transport/Smtp.php on line 198
816
- * Passwords in the database are now Base64-encoded so casual viewing of the database won't reveal them
817
- * Fixed a couple minor database upgrade bugs: for new users who use Password Authentication, and for old users that don't have an expiry token stored
818
- * Added a version shortcode, mostly for promotion of Post on my own websites
819
- * Serveal minor tweaks to the user interface, including focus, style, validation, and enabling/disabling inputs where applicable
820
-
821
- = 1.3.2 - 2015-02-10 =
822
- * [[Ticket](https://wordpress.org/support/topic/contact-7-and-activation-error?replies=16)] Fixed the error: PHP Fatal error: Call to private PostAuthorizationToken::__construct() This occurs when upgrading from a pre-v1.0 version of Post (when PostAuthorizationToken had a public constructor) to v1.0 or higher
823
- * [[Ticket](https://wordpress.org/support/topic/404-not-found-79?replies=17)] Fixed the error PHP Fatal error: Class 'Google_IO_Stream' not found in /Post/Post-Auth/google-api-php-client-1.1.2/src/Google/Client.php on line 600 by including Google/IO/Stream.php
824
- * Post now has a modest fatal error screen, rather than a dreaded white screen of death
825
-
826
- = 1.3 - 2015-02-09 =
827
- * Sending Hotmail/Windows Live/Outlook.com email now supported with OAuth 2.0 authentication! If Wizard detects that a Hotmail server has been entered, it automatically configures OAuth 2.0.
828
- * Separated Authentication input from Encryption input for finer configuration control
829
- * Added additional authentication types: plain and CRAM-MD5. 'basic' became 'login'
830
- * Added Ajax to manual config and wizard screens to allow dynamic OAuth2 redirect url + help text changes in response to hostname changes
831
- * Removed 'Allow Plugin to Override Sender' user input
832
- * Added Online Support link in menu
833
- * Clarified text in 'Run a Port Test' so people won't continue to ask me about connection problems (hopefully)
834
-
835
- = 1.2 - 2015-02-04 =
836
- * Support for Sender Name and Reply-To. Turns out Google no longer honours the MUA Return-Path header due to Spam. Makes sense, so I've decided not to add a Return-Path field to Post's configuration.
837
- * Support for WordPress filters [wp_mail_from](http://codex.wordpress.org/Plugin_API/Filter_Reference/wp_mail_from) and [wp_mail_from_name](http://codex.wordpress.org/Plugin_API/Filter_Reference/wp_mail_from_name)
838
- * Disable stats-keeping for email sent by the test function
839
- * Minor tweaks to the Wizard to support WordPress v3.9
840
-
841
- = 1.1.1 - 2015-02-03 =
842
- * [[Ticket](https://wordpress.org/support/topic/contact-form-7-not-sending-after-update-of-Post-smtp?replies=5)] Fixed a bug I introduced in 1.1. Thanks to user derrey for catching this one. Zend_Mail crashes when attempting to throw an exception when the 'from' standard header was added as a header : "Zend_Mail_Exception code=0 message=Cannot set standard header from addHeader()"
843
-
844
- = 1.1 - 2015-02-03 =
845
- * [[Ticket](https://wordpress.org/support/topic/charset-problem-6?replies=4)] Added support for international characters (the WordPress default is UTF-8) which can be specified with headers or the [wp_mail_charset](http://codex.wordpress.org/Plugin_API/Filter_Reference/wp_mail_charset) filter
846
- * Added support for multi-part content type which can be specified with headers or the [wp_mail_content_type](http://codex.wordpress.org/Plugin_API/Filter_Reference/wp_mail_content_type) filter
847
-
848
- = 1.0 - 2015-02-02 =
849
- * Overhaul of the UI - A navigation pane is shown at the top of each page and each major function has been separated into its own screen
850
- * Post now supports sending with basic auth and no auth just like the other SMTP plugins
851
- * Added a Port Test function so users can have peace of mind whether the plugin is failing (never!) or whether the host has firewalled them
852
- * [[Ticket](https://wordpress.org/support/topic/emails-not-sending-in-html-format?replies=5)] Now supports email headers, such as a text/html content-type
853
- * Now supports email attachments
854
- * Added a warning if the user has configured OAuth but not requested permission from Google
855
- * Added a warning if the user is using Google with Basic auth (or worse) and a suggestion to enable OAuth 2.0
856
- * Recording of successful/failure tally
857
-
858
- = 0.2.7 - 2015-01-29 =
859
- * Fixed error: "Undefined variable: authorizationToken" was preventing mail delivery outside of the admin screen.
860
- * Fixed warning message that Post couldn't bind to wp_mail immediately after Activation
861
- * Added prerequisite checks to make sure the PHP environment can handle Post
862
- * Moved the screenshots and icons out of /trunk and into /assets
863
-
864
- = 0.2.6 - 2015-01-28 =
865
- * [[Ticket](https://wordpress.org/support/topic/parse-error-syntax-error-unexpected-t_string-63?replies=24)] Fixed "Configure and Authorize the plugin" missing the link address. Thanks to user kaorw for catching ths one.
866
- * [[Ticket](https://wordpress.org/support/topic/parse-error-syntax-error-unexpected-t_string-63?replies=24)] Fixed "Warning: Missing argument 2 for update_option()". Thanks to user kaorw for catching ths one. Fixed by calling delete_option instead of update_option().
867
- * [[Ticket](https://wordpress.org/support/topic/call-to-undefined-function-str_getcsv?replies=12)] Fixed "Fatal error: Call to undefined function str_getcsv()". Thanks to user micb for catching ths one. This function is not available before PHP 5.3. Fixed by replacing str_getdsv() with custom implementation.
868
-
869
- = 0.2.5 - 2015-01-27 =
870
- * [[Ticket](https://wordpress.org/support/topic/parse-error-syntax-error-unexpected-t_string-63?replies=24)] Removed the namespace for users with older version of PHP
871
- * Changed the Post Redirect URI (now includes a trailing ?page=Post) - this means Client ID's from 0.2.4 or earlier MUST be updated with the new Redirect URI or re-created from scratch.
872
-
873
- = 0.2.4 - 2015-01-25 =
874
- * Fixed issues on servers where the plugin is installed as a symbolic link.
875
- * Better error handling/debugging with php logging and assertions.
876
-
877
- = 0.2.1 - 2015-01-23 =
878
- * Fixed an environment-specific error that prevented Post reloading the setting screen after sending a test email
879
-
880
- = 0.2 - 2015-01-20 =
881
- * wp_mail() accepts multiple recipients (array and string)
882
- * display a warning to the user if another plugin is preventing Post from overriding wp_mail
883
- * paired down the external libraries to only what was required - from 3,700 files to just 75
884
- * default Gmail port corrected to 465 - previously 465 was hardcoded but 587 was saved to the database
885
- * Added 'Delete All Data' button to erase the stored tokens
886
- * OpenShift production problem: This environment didn't like the callback and there were possibly invalid characters in the source script
887
-
888
- = 0.1 - 2015-01-19 =
889
- * First release. Happy Fig Newton Day! It was a grueling week-end, studying PHP and OAuth and Googling like a Boss, but it's done and it works!
890
-
891
-
892
-
893
- == Upgrade Notice ==
894
-
895
- = 1.7 =
896
- Integration with Mandrill API, SendGrid API, Import/Export, Resend Emails
897
-
898
- = 1.6 =
899
- Introducing Email Logging.
900
-
901
- = 1.5 =
902
- Added support for external transports, such as the new Post Gmail Extension.
903
-
904
- = 1.4 =
905
- Now supporting Yahoo Mail via OAuth 2.0!
906
-
907
- = 1.3 =
908
- Now supporting Hotmail via OAuth 2.0!
909
-
910
- = 1.2 =
911
- Support for Sender Name and the Reply-To header.
912
-
913
- = 1.1 =
914
- Support for international characters and multipart/mime mail
915
-
916
- = 1.0 =
917
- Major overhaul of the UI including a Setup Wizard and a TCP Port Tester!
4
  Tags: email, mail, smtp, wordpress smtp, email log, postman smtp, postman, gmail, google apps, hotmail, yahoo, mandrill api, sendgrid api, elastic email, office365, mailgun
5
  Requires at least: 3.9
6
  Tested up to: 6.0.1
7
+ Stable tag: 2.1.7
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
28
  * The built-in Email log is an invaluable resource for diagnosing problems with emails.
29
  * OAuth 2.0 increase the security and protection of email password by discouraging the idea of storing your email password in the WordPress database where it might be found.
30
 
31
+ Even hosts that block the standard SMTP ports, like GoDaddy or Bluehost, can’t stop your email as Post SMTP can deliver via HTTPS if it can’t use SMTP.
32
 
33
  https://www.youtube.com/watch?v=mXDEEE9jnfw
34
 
76
  [Better Email Logger Pro extension](https://postmansmtp.com/extensions/the-better-email/) allows you to design email marketing campaigns and improve email deliverability for your WordPress site.
77
 
78
  **Mail Control Pro Extension**
79
+ [Mail Control Pro Extension](https://postmansmtp.com/extensions/post-smtp-mail-control/) allows you to control Post SMTP’s email actions like sending email alerts to authors, webmasters, and new users.
80
 
81
  = Post SMTP Membership Plans =
82
  [Post SMTP membership plans](https://postmansmtp.com/membership-plan/) offer access to all pro extensions along with other benefits including 1-year extension updates and support, Email Reporting, Logging, and Tracking, all other SMTP Services and a 30-day money-back guarantee.
285
 
286
  == Changelog ==
287
 
288
+ = 2.1.7 - 2022-08-30 =
289
+ * **FIX**
290
+ * Server side request forgery
291
+
292
  = 2.1.6 - 2022-08-29 =
293
+ * **FIX**
294
+ * Server side request forgery
295
 
296
  = 2.1.5 - 2022-08-25 =
297
  * **FIX**
612
  * [[Ticket](https://wordpress.org/support/topic/fatal-error-internal-zend-error-missing-class-information?replies=2#post-7092317)] User reported error "Fatal error: Internal Zend error - Missing class information" - Whoops, used 'require' PostState.php instead of 'require_once' PostState.php which was causing errors. Fixed.
613
  * [[Ticket](https://wordpress.org/support/topic/error-send-mymail-email-marketing?replies=5)] [[Ticket](https://wordpress.org/support/topic/how-configure-mymail-in-plugin?replies=6)] MyMail Newsletter Plugin for WordPress refuses to use wp_mail. I don't want to make this a habit, but I've integrated Post with MyMail's proprietary delivery mechanism.
614
  * [[Ticket](https://wordpress.org/support/topic/cant-send-error-500?replies=11#post-7103035)] Found an environment where the plugin's call to new Exception was creating PHP Fatal errors. Fixed.
615
+ * [[Ticket](https://wordpress.org/support/topic/error-calling-post-400-invalid-to-header?replies=4)] Perform validation on all email headers before s