Skip to content

Exempt backend emails from mail_security filtering#64

Open
Copilot wants to merge 3 commits intomainfrom
copilot/fix-mail-security-frontend-only
Open

Exempt backend emails from mail_security filtering#64
Copilot wants to merge 3 commits intomainfrom
copilot/fix-mail-security-frontend-only

Conversation

Copy link
Contributor

Copilot AI commented Nov 19, 2025
edited
Loading

Mail security was filtering all PHPMailer emails, blocking backend administrative actions. Per issue description, filtering should only apply to frontend requests.

Changes

Core Logic (lib/MailSecurityFilter.php)

  • Added backend check in filterMail() to bypass filtering for rex::isBackend() requests
  • Backend emails now skip badword filtering, rate limiting, IP blocklists, and code injection detection
public static function filterMail(rex_extension_point $ep): mixed
{
    if (!self::isMailSecurityActive()) {
        return $ep->getSubject();
    }

    // Mail Security soll nur im Frontend gelten, nicht im Backend
    if (rex::isBackend()) {
        return $ep->getSubject();
    }
    
    // ... filtering logic continues for frontend requests
}

Documentation

  • Updated MAIL_SECURITY.md and README.md to clarify frontend-only filtering scope
Original prompt

This section details on the original issue you should resolve

<issue_title>mail_security soll nur im Frontend gelten</issue_title>
<issue_description>Aktuell blockt mail_security auch backend aktionen. Das sollte nicht der Fall sein. </issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Fix mail_security to apply only to frontend Exempt backend emails from mail_security filtering Nov 19, 2025
Copilot AI requested a review from skerbis November 19, 2025 09:42
@skerbis skerbis marked this pull request as ready for review November 19, 2025 11:09
Copilot AI review requested due to automatic review settings November 19, 2025 11:09
Copilot AI reviewed Nov 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR exempts backend emails from mail security filtering to prevent administrative emails from being blocked. The change adds a simple backend check that bypasses all mail security filtering (badword detection, rate limiting, IP blocklists, and code injection detection) for emails sent from REDAXO backend requests.

Key changes:

  • Added rex::isBackend() check in MailSecurityFilter::filterMail() to bypass filtering for backend contexts
  • Updated documentation in README.md and MAIL_SECURITY.md to clarify frontend-only filtering scope

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
lib/MailSecurityFilter.php Added backend check to exempt backend emails from all security filtering
README.md Added note clarifying that mail security only applies to frontend emails
MAIL_SECURITY.md Added important notice about frontend-only filtering scope in German documentation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@skerbis skerbis Awaiting requested review from skerbis

Assignees

@skerbis skerbis

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

mail_security soll nur im Frontend gelten

2 participants

@skerbis