Thread: Alert; Critical Bug discovered

Alert; Critical Bug discovered

Hi folks, 2 months ago I discovered a critical bug in classipress;
Since Yahoo and AOL updated their security protocols in January, none of the emails of your customers with these email providers have been arriving.
The user gets the "your email was sent succesfully" message, but the mail simply disappears into the ether. No warning or error goes out to anyone.

I recommend everyone to test your site against this bug!
please report your findings below.


For reference, here's the support thread with a more detailed report of what's happening:
Appthemes does not guarantee that classipress actualy delivers the email when someone responds to a classified ad; all emails of all interestees using @aol.com accounts and possibly all @yahoo.com accounts do not arrive. The theme does not provide any error message when this happens. Instead displays a message to the interestee saying that the message was sent succesfully, nobody else receives any confirmation or any notification whatsoever.

This is happening because they try to fake the sender. (the design is that the interestee's email is in the "from" field, but the mail is not send via their ISPs which the ISPs don't like - understandably so)
A hotfix would be to change the form and send as the wordpress main email with the contact details in the body of the mail, just like every other form, but this seems not to be under consideration and we need to wait for an undertermined "next release"