Links in sent Newsletter not working with MailPoet 2.6.18

Really MailPoet, your performance in this fiasco has been less than stellar to put in very mildly.

Given you are trying to build a proper commercial business out of this plugin and intend on offering a paid sending service as well, you really need to lift your game if you want to get (or keep getting) paying customers

I was very seriously contemplating an upgrade of 3 of my sites to your ‘premium’ paid service but after the way you handled this incident, I will most likely start looking for an alternative paid (and PROFESSIONAL!) newsletter & ESP service.

Look guys, bugs can and do happen and this is a part of life when developing (and using) any technology.
The thing that separates the professionals from the amateurs is how those bugs are handled once they are discovered or reported by end users.
Transparency is the key. There is absolutely nothing wrong (on the contrary!) with saying:

sorry, we stuffed up. Our bad. We’ve learned our lesson. We’re working on a fix. Here is an expected time frame for it

You previously had a very serious and critical security vulnerability but on that occasion you handled yourself admirably in my opinion. You issued a fix quickly and were also very open and transparent about what happened, what you learned from it and what you intend to do to prevent it from happening again in the future.

I was very impressed by that and that’s why I kept using your product despite actually having one of my sites hacked due to that security vulnerability.
On this occasion however, I am far from being impressed. Please lift up your game!

To emphasize the need to fix this a.s.a.p. I ‘d like to comment that the latest version that still works is 2.6.16, but is NOT compatible with WP 4.3x.
So this (silly) bug is holding me – and probably millions of other WP and Mailpoet users – back in upgrading their WordPress to the latest stable and secure version!

This link Display problems? View this newsletter in your browser. is not working in sent newsletters

Here is the error message that I am seeing

WordPress database error: [Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_general_ci,COERCIBLE) for operation ‘=’]

Warning: Cannot modify header information – headers already sent by (output started at /home/bliaorg/public_html/wp-includes/wp-db.php:1319) in /home/bliaorg/public_html/wp-includes/pluggable.php on line 1207

Unsubscribe works. and email links work. Using latest version. Please help.

Whoever is still having these issues, please get in touch with us over here: https://support.mailpoet.com/wordpress-forums/

We’ll need to properly investigate your particular issues since we haven’t detected any errors on our tests with the latest release 2.6.18.

@divado try this past solution and let us know if this works for you:

Patched file for the links issue: stats.zip

Just replace this file over the existing one at wp-content/plugins/wysija-newsletters/controllers/front/stats.php
`

We’ve noted a small difference between the one shipped with the version 2.6.18 and this one, if confirmed, we’ll release 2.6.19 with this fix. Thanks for your assistance.

@mailpoet Staff
After analysis yesterday night, I have seen the small difference between the different versions (comma versus dot). The version with the dot works but I’m trying to understand why.

I had problem of broken links as well. By applying patch, that problem has been disappeared.

@wysija @khuss

Unfortunately, the patch is not the solution to the mentioned issue.

Why does the patch seem to work??
The comment in line 32, clearly states what it should do: remove within a string anything that starts with ?utm or /?utm.
The line 32 in the patch is:
$external_url = preg_replace('!/?\?utm.*!', ''. $external_url);
which doesn’t do that, but instead turns the variable $external_url to the empty string. This sets – as a side-effect – the first part of the test (IF at line 36) always to TRUE and the lines 38 and 39 are then executed, leading to the redirection to the (correct) links of the site pages, corresponding to “see newsletter in browser”, “unsubscribe” or “manage profile”.
Result: we think that it works correctly …

The correct line 32 is (comma instead of period):
$external_url = preg_replace('!/?\?utm.*!', '', $external_url);;
which turns the variable $external_url to a ‘neat’ URL without possible suffixes starting with ?utm or /?utm.

Why doesn’t the version of 2.6.18 release with the correct line 32 work for some people?

I don’t know for sure why the first part of the test (IF at line 36) is there. Can anyone tell me why?
What I know is that (in my case) this first part of the test is always FALSE. Which means that the second part of the test (IF at line 37) has to be TRUE. Otherwise lines 38 and 39 aren’t executed and the 404-message is displayed (lines 41, 42, 43).
Unfortunately for me (and some others), the second part of the test is also always FALSE.

Why does it work for some people?
Because for some people the second part of the test (IF at line 36) is TRUE.

This second part checks if the SITE_URL (meaning: something like: https://www.mysite.com) is the start of the string representing URL of redirection, i.e. the link to “see newsletter in browser”, “unsubscribe” or “manage profile”.

And there can be a difference in the settings of our sites.
In WordPress Settings (General settings), you can fill in a value for your home site (https://www.mysite.com) and a value for where you want your WordPress core files (e.g. https://www.mysite.com/wp).
See: https://codex.www.ads-software.com/Changing_The_Site_URL

The “Site Address (URL)” setting is the address you want people to type in their browser to reach your WordPress blog <– get_home_url()
get_home_url() addresses https://www.mysite.com (example)

The “WordPress Address (URL)” setting is the address where your WordPress core files reside <– get_site_url()
get_site_url() addresses https://www.mysite.com/wp (example)

*** THIS IS CONFUSING ***

People having this situation (I’m one of them), will have issues with the new release. People having both URLs set to the same value will have no problems with the new release.

The following lines are working fine for me:
=== replaced in line 33 ‘get_site_url()’ by ‘get_home_url()’ ===

$url = $this->encode_url($WJ_Stats->subscriber_clicked()); // line 30
$external_url = htmlentities($WJ_Stats->subscriber_clicked()); // line 31 escape HTML characters (that's how URLs are saved in the DB)
$external_url = preg_replace('!/?\?utm.*!', '', $external_url); // line 32 remove anything that starts with ?utm or /?utm
$internal_url = htmlentities(get_home_url()); // line 33
$model_email = WYSIJA::get('email', 'model'); // line 34
$email_object = $model_email->getOne(false,array('email_id' => $_REQUEST['email_id'])); // line 35
if (preg_match('/'. preg_quote($external_url, '/') .'/', $email_object['body']) || // line 36
preg_match('/^'. preg_quote($internal_url, '/') .'/', $url)) { // line 37
do_action('mpoet_click_stats', $WJ_Stats); // line 38
$this->redirect($url); // line 39
) // line 40
header('HTTP/1.0 404 Not Found'); // line 41
echo '<h1>404 Not Found</h1>'; // line 42
echo 'The page that you have requested could not be found.'; // line 43

@divado, thanks for the detailed feedback. I’ll ask our developers to look into it and we’ll get back to you soon with more information.

– Rafael

the above code worked for me but I had to change line 40 to be a } and NOT the ) that was listed above

Ok guys, the new version is coming tomorrow. We’ve also updated the stats.php in the .zip file linked above.

I’m glad I was able to help.
I’ve just tested the new stats.php and it worked fine for me.
Thank you in advance for the new release of tomorrow.

The new version is out. Thanks one more time @divado