Feature #14974
secureFormmail
| Status: | New | Start date: | 2005-09-18 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Frontend | |||
| Target version: | - | |||
| TYPO3 Version: | 3.8.0 | Complexity: | ||
| PHP Version: | 4 | |||
| Votes: | 0 |
Description
The typo3 3.8.0 secureFormmail feature makes it impossible to set recipients fields through typoscript without disabling the feature (ie: setting $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'] = false;), on class.tslib_content.php (lines 1911).
Also, it makes impossible to send mails through sendFormmail, at class.tslib_fe.php
The feature is introduced to avoid spamings.
How can someone spam through a _POST variable? The only way I can think is using the page from an external form.
Could this feature be modified, as to check REFERER as an alternative for $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'], and enable forms made through typoscript to work as well?
(issue imported from #M1458)
History
Updated by Michiel Roos over 5 years ago
Brilliant idea!
Just added a comment to pop this issue to the top as 'modded'.
This has been new for two years.