Project

General

Profile

Actions

Feature #14974

closed

secureFormmail

Added by Carlos Chiari about 19 years ago. Updated about 11 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2005-09-18
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The typo3 3.8.0 secureFormmail feature makes it impossible to set recipients fields through typoscript without disabling the feature (ie: setting $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'] = false;), on class.tslib_content.php (lines 1911).

Also, it makes impossible to send mails through sendFormmail, at class.tslib_fe.php

The feature is introduced to avoid spamings.

How can someone spam through a _POST variable? The only way I can think is using the page from an external form.

Could this feature be modified, as to check REFERER as an alternative for $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'], and enable forms made through typoscript to work as well?
(issue imported from #M1458)

Actions #1

Updated by Michiel Roos almost 17 years ago

Brilliant idea!

Just added a comment to pop this issue to the top as 'modded'.

This has been new for two years.

Actions #2

Updated by Alexander Opitz about 11 years ago

  • Status changed from New to Closed
  • Target version deleted (0)
  • TYPO3 Version changed from 3.8.0 to 3.8
  • PHP Version deleted (4)

I would like to close this issue.

- We have now Formhandler
- Testing the Referer or check for POST vars is no way to hint spammers, as everybody can send data like they want you don't need to be on the previous page. Spammers have extra tools which do such requests for them, they don't use standard browsers and do every click with their mouse.

Please reopen a new issue and link to this one, if you feel the closing wasn't right.

Actions #3

Updated by Alexander Opitz about 11 years ago

  • Status changed from Closed to Rejected
Actions

Also available in: Atom PDF