Project

General

Profile

Actions

Feature #14974

closed

secureFormmail

Added by Carlos Chiari about 19 years ago. Updated about 11 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2005-09-18
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The typo3 3.8.0 secureFormmail feature makes it impossible to set recipients fields through typoscript without disabling the feature (ie: setting $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'] = false;), on class.tslib_content.php (lines 1911).

Also, it makes impossible to send mails through sendFormmail, at class.tslib_fe.php

The feature is introduced to avoid spamings.

How can someone spam through a _POST variable? The only way I can think is using the page from an external form.

Could this feature be modified, as to check REFERER as an alternative for $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'], and enable forms made through typoscript to work as well?
(issue imported from #M1458)

Actions

Also available in: Atom PDF