PHP Pro Bid

  • Status Closed
  • Percent Complete
    100%
  • Task Type Bug Report
  • Category User End
  • Assigned To
    Mr Super User
  • Operating System
  • Severity Critical
  • Priority Very Low
  • Reported Version 7.8
  • Due in Version 7.10
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: PHP Pro Bid
Opened by Antar - 27.02.2017
Last edited by Mr Super User - 14.11.2017

FS#383 - Email to Friend Flawed and Possible Spam Tool

We tested the email listing to a friend feature and it is possible to repeat the same email address hundreds of times in the Email Addresses field and the page will take a while but process all the requests in the form.

1- Same email address was addressed 100 times - Script allowed it to go through and we received 100 emails to same email. Not good!
2- Works the same way even if a list of comma delimited emails is pasted there. Not good either!

This opens up the server operator to grey and blacklisting when this feature is abused either intentionally or not. It’s like having an open relay!

The form should not allow the same email address more than once, it should remove dupes. Also a limit on the number of email addresses allowed, perhaps the easiest fix is a max length on the email addresses field itself.

Closed by  Mr Super User
14.11.2017 07:30
Reason for closing:  Fixed
Antar commented on 28.02.2017 16:37

Easiest way to enable maxlength="100" on the field

This is about 4 email addresses

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing