|
|
| Reporter | Chris Graham | Assigned To | Chris Graham | |
|---|
| Priority | normal | Severity | feature | |
|---|
| Status | resolved | Resolution | fixed | |
|---|
|
|
| Summary | 2177: Make auto-acknowledge emails optional |
|---|
| Description | The auto-emails (lang strings YOUR_MESSAGE_WAS_SENT_SUBJECT and YOUR_MESSAGE_WAS_SENT_BODY) are sent out when you post a contact request.
However, if you disable CAPTCHA for these forms, these emails can effectively be used as an open relay - as you can put in a fraudulent from address, and the system sends out an email to that address. |
|---|
| Tags | Type: Security |
|---|
| Attach Tags |
|
|---|
|
|
| Time estimation (hours) | 1 |
|---|
| Sponsorship open | |
|---|
|
|
