Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-86

XMLUI Feedback form does not include any protection from spamming

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0, 1.5.1
    • Fix Version/s: 1.5.2
    • Component/s: XMLUI
    • Labels:
      None
    • Environment:
      Any environment
    • Attachments:
      0
    • Comments:
      2

      Description

      The XMLUI Feedback/Contact form does not include the same level of protection from spamming as the JSPUI. Within the JSPUI, there's a check (in FeedbackServlet) to ensure that the HTTP referer corresponds to the DSpace server's hostname. This is a basic attempt to block most spam messages from using the feedback form.

      However, the XMLUI has no checks of this sort. So, spammers have the ability to use the form to send spam email to the administrators.

        Attachments

          Activity

            People

            • Assignee:
              tdonohue Tim Donohue
              Reporter:
              tdonohue Tim Donohue
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: