Send mail not working on php 7.4 or higher

andrea.falco · July 29, 2022, 7:38am

Hi.
I changed the php version from 7.3 to 7.4 on the server and the contact form using ‘mailer / send mail’ stopped working.
It doesn’t work with version 8.0 either.
In order to use it, I had to restore the 7.3 version indicated as ‘obsolete’.
The server reports error 500.
Any idea to solve this?

Teodor · July 29, 2022, 7:39am

andrea.falco · July 29, 2022, 8:02am

I’ve already activate the debug.
This is the respons:

403 Forbidden

Forbidden

You don't have permission to access /dmxConnect/api/contatti/contactform.php on this server.

Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request.

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator to inform of the time the error occurred and of anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

And this is the server log response:
[client 79.24.41.57] ModSecurity: Access denied with code 403 (phase 3). Match of “validateByteRange 0-31” against “ARGS:input1” required. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf”] [line “6649”] [id “243420”] [rev “4”] [msg “COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||www.eumeda.net|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “OtherApps”] [hostname “www.eumeda.net”] [uri “/dmxConnect/api/contatti/contactform.php”] [unique_id “YuOS79-dhMjrST-OkXrcVgAAAAg”], referer: https://www.eumeda.net/it/contatti_logged.php

s.alpaslan · July 29, 2022, 8:06am

@andrea.falco
Can you try again with mod_security turned off? ( on your hosting settings )

andrea.falco · July 29, 2022, 8:26am

Turning off the mod_security on server, it stops the validation of the form

Apple · July 29, 2022, 9:03am

Just to be clear, you have 2 issues here

One is the mod_security one
The other one is it gives a “500 Internal Server Error”

The 500 Internal Server Error is probably caused due to a missing PHP mail extension - you can enable it near your PHP selector in your hosting control panel

The mod_security might be worth contacting your hosting provider to determine why such rule is being tripped, although it’s unlikely to be related to the issue you’re trying to solve

andrea.falco · July 29, 2022, 9:18am

It can’t be a problem of missing PHP mail extension because it works on PHP 7.3. It’s something concerning the updated security the stops the execution of PHPMailer.php in dmxConnectLib

Apple · July 29, 2022, 9:26am

Resolution path:

For testing purposes, disable mod_security
See what error is behind the 500 Internal Server Error (it should tell you the error if you followed Teodor’s instructions):
Debugging Server Connect Errors
Post the error here, or if you’re able to fix it feel free to do it
Re-enable mod_security
Fix the mod_security issue

s.alpaslan · July 29, 2022, 9:43am

@andrea.falco ,
yes, @Apple explained what you need to do very well.
With this method , it will be possible to detect the error exactly . @Teodor may have another idea.

andrea.falco · January 16, 2023, 1:11pm

That is the error code
{“code”:0,“file”:“D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\PHPMailer\PHPMailer\PHPMailer.php”,“line”:1797,“message”:“Call to undefined function PHPMailer\PHPMailer\escapeshellcmd()”,“trace”:"#0 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\PHPMailer\PHPMailer\PHPMailer.php(1893): PHPMailer\PHPMailer\PHPMailer::isShellSafe()\n#1 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\PHPMailer\PHPMailer\PHPMailer.php(1650): PHPMailer\PHPMailer\PHPMailer->mailSend()\n#2 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\PHPMailer\PHPMailer\PHPMailer.php(1486): PHPMailer\PHPMailer\PHPMailer->postSend()\n#3 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\modules\mail.php(133): PHPMailer\PHPMailer\PHPMailer->send()\n#4 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\lib\App.php(197): modules\mail->send()\n#5 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\lib\App.php(169): lib\App->execSteps()\n#6 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\lib\App.php(137): lib\App->execSteps()\n#7 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\lib\App.php(126): lib\App->exec()\n#8 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnectLib\lib\App.php(104): lib\App->exec()\n#9 D:\home\z08352-linux01.winp013.arubabusiness.it\irq10.net\dmxConnect\api\utenti\modulocontatti.php(8): lib\App->define()\n#10 {main}"}

Teodor · January 16, 2023, 1:34pm

What hosting are you using? It seems for some reason the https://www.php.net/manual/en/function.escapeshellcmd.php function is maybe disabled by your hosting provider.

andrea.falco · January 16, 2023, 3:09pm

Hosting Windows with PHP 8.0.
It all works fine untill the end of last summer.
I’d hopened a ticket to the host provider, but they had reply that nothing has been changen on server

Teodor · January 16, 2023, 3:14pm

How is your mailer set up exactly?

andrea.falco · January 16, 2023, 3:31pm

I’ve tried both, Server Default or SMTP.
The SD has always work fine till september

Teodor · January 16, 2023, 4:24pm

Please try using SMTP and see how it goes.

andrea.falco · January 31, 2023, 7:18am

After several attempts, I solved it by editing the PHPMailer.php file (in dmxConnectLib/PHPMailer/PHPMailer) adding this to line 1796:
//Future-proof
if (!function_exists(‘escapeshellarg’) || !function_exists(‘escapeshellcmd’)) {
return false;
}

     if (.....