-
Notifications
You must be signed in to change notification settings - Fork 7.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mails are sent even if failure to log throws exception #7875
Comments
Isn't the problem here that PHP is issuing a non-fatal warning and your error handler is interpreting that as a fatal error? |
It is correct that this issue would not happen with the error handler converting the warning into an Exception. However an error handler like that certainly is nothing out of the usual. In fact such an error handler is an example within the official PHP manual (that's the source of the error handler in my example script). Large Frameworks such as Laravel also use an error handler similar to our error handler. In many cases it is helpful to treat PHP warnings and notices as exceptions, because they indicate some programming error more often than not. However this issue would not happen if this error handler would actually throw the exception and thus abort execution at the place where the warning is emitted, instead of proceeding with the execution of the native function and only then throwing the exception. This is a behavior that differs from userland functions [1] and certainly is unexpected. There's also no easy way to work around this issue, except switching out the error handler before calling [1] I understand why that might be: The error handler itself might call |
We explicitly check for an exception after the logging attempt, and bail out in that case.
It is debatable whether this qualifies as bug, but the fix would be trivial. |
* PHP-8.0: Fix GH-7875: mails are sent even if failure to log throws exception
* PHP-8.1: Fix GH-7875: mails are sent even if failure to log throws exception
Description
Our software employs a background queue system with automated retries in case of task failures (an Exception being thrown within the task callable). It implements an at-least-once queuing logic. The software also converts all errors/warnings/notices into exceptions using a custom error handler.
One of the background tasks in the software is sending emails with support for the
mail()
function as the email transport. We throw an exception whenevermail()
returns false, and also whenever a warning is emitted using the global error handler:https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/email/transport/PhpEmailTransport.class.php
We noticed that a broken
mail.log
configuration is unsafe with this setup. Emails might be multiple times, because our software detects an error during the sending of an email.Consider the set-up:
mail.log = /log/sendmail.php.log
inphp.ini
.Now when attempting to send an email using
mail()
the following appears to happen:EACCES
being returned:mail()
returnstrue
.catch()
block.Now our background queuing logic believes the job failed, because an exception was thrown, causing it to re-queue the job. However the email was sent (in step (3)) and thus will be delivered a second time during the next attempt.
The task itself did not have a chance to detect this situation, because the return value from
mail()
is unavailable (step 4) when an exception is thrown. It would need to prevent the global error handler from converting the warning into an Exception. However this might hide other notices/warnings/errors and thus is undesirable.In the ideal case, the execution of the native
mail()
function would stop after (2) when the configured error handler throws an exception, actually preventing thesendmail
binary from being invoked. However I'm not sure whether this is feasible with the current architecture of PHP's internals.I'm happy to provide additional information on request. A simple reproducer script is the following:
PHP Version
8.0.13
Operating System
Docker on Ubuntu 20.04
The text was updated successfully, but these errors were encountered: