Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-86

XMLUI Feedback form does not include any protection from spamming

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0, 1.5.1
    • Fix Version/s: 1.5.2
    • Component/s: XMLUI
    • Labels:
      None
    • Environment:
      Any environment
    • Attachments:
      0
    • Comments:
      2

      Description

      The XMLUI Feedback/Contact form does not include the same level of protection from spamming as the JSPUI. Within the JSPUI, there's a check (in FeedbackServlet) to ensure that the HTTP referer corresponds to the DSpace server's hostname. This is a basic attempt to block most spam messages from using the feedback form.

      However, the XMLUI has no checks of this sort. So, spammers have the ability to use the form to send spam email to the administrators.

        Attachments

          Activity

            People

            Assignee:
            tdonohue Tim Donohue
            Reporter:
            tdonohue Tim Donohue
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: