[Bug 3280] opac/opac-sendbasket.pl security leaky
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3280 Kyle M Hall <kyle.m.hall@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #6576|0 |1 is obsolete| | --- Comment #4 from Kyle M Hall <kyle.m.hall@gmail.com> --- Created attachment 10027 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=10027&action=edit Bug 3280 Restrict Send basket feature In order to prevent spamming using sendbasket.pl, some counter-measure are done: - permit send basket only for authenticated user - permit send basket only if basket contains items - use username & email for 'To' field (with fallback to KohaAdminEmailAddress) - add field X-Orig-IP with IP of sender - add field X-Abuse-Report with KohaAdminEmailAddress -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org