[Koha-bugs] [Bug 3280] opac/opac-sendbasket.pl security leaky
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Jun 9 15:36:25 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3280
Kyle M Hall <kyle.m.hall at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #6576|0 |1
is obsolete| |
--- Comment #4 from Kyle M Hall <kyle.m.hall at gmail.com> ---
Created attachment 10027
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=10027&action=edit
Bug 3280 Restrict Send basket feature
In order to prevent spamming using sendbasket.pl, some counter-measure are
done:
- permit send basket only for authenticated user
- permit send basket only if basket contains items
- use username & email for 'To' field (with fallback to KohaAdminEmailAddress)
- add field X-Orig-IP with IP of sender
- add field X-Abuse-Report with KohaAdminEmailAddress
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list