[wp-trac] [WordPress Trac] #47352: Take into account the current admin email address when rate limiting the recovery mode email

WordPress Trac noreply at wordpress.org
Mon Sep 19 17:02:18 UTC 2022 

#47352: Take into account the current admin email address when rate limiting the
recovery mode email
-------------------------------------------------+-------------------------
 Reporter:  johnbillion                          |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Site Health                          |     Version:  5.2
 Severity:  normal                               |  Resolution:
 Keywords:  servehappy dev-feedback has-patch    |     Focuses:
  needs-testing                                  |
-------------------------------------------------+-------------------------
Changes (by Clorith):

 * milestone:  6.1 => Future Release


Comment:

 I had initially planned for this to go in with 6.1, but some more
 considerations came up in testing, which is not currently accounted for.

 I opted not to hash the email, there's nothing secret here, and if
 anything it can be helpful to know where the email was sent if you need to
 look up the last recipient for whatever reason.

 My main concern came from looking over the dev notes from when the fatal
 error recovery mode was introduced, and folks wanting to customize the
 recipient, where they would filter the `$email` variable, which contains
 the recipient, subject, etc (an array of all the pieces that go into an
 email), and change the recipient. With the current implementation, this
 would trigger the recovery mode email to be sent out every single time,
 since the email would never match what the core function expects (from the
 `get_recovery_mode_email_address()` function), and what actually ends up
 in the `$email['to']` array key.

 To resolve this, core would need to introduce a filter in the
 `get_recovery_mode_email_address()` function instead, allowing for the
 recipient to be changed in the canonical way of fetching who should get
 the emails, that way the function can be used for comparison later down
 the line "safely" (any code that modified the `$email['to']` would need to
 be updated, to not cause a lot of recovery emails going out, but they
 would still work, and I think we need a proper way for these to change the
 recipient before finalizing this.

 Are there any scenarios I may have missed in my above outline, or
 different implementations we should instead consider?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47352#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list