Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
This module currently lets someone send emails to an address they choose. Someone could get a site into a spam block-list by changing their address over and over to be legitimate people's addresses.
There should be flood control to prevent someone from changing their email address more than ~5 times within a configurable time period.
Comment | File | Size | Author |
---|---|---|---|
#14 | interdiff.txt | 1.09 KB | purushotam.rai |
#14 | flood-control-2305993-14.patch | 7.35 KB | purushotam.rai |
| |||
#9 | interdiff.txt | 1.11 KB | purushotam.rai |
#9 | flood-control-2305993-9.patch | 7.35 KB | purushotam.rai |
| |||
#6 | interdiff.txt | 1.11 KB | purushotam.rai |
Comments
Comment #1
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedComment #2
gregglesThanks for the patch!
It seems like it would be good to have a test for this as well, yeah?
It seems like this is a path for cross-site-scripting security attack, isn't it?
Also, I believe the standard is to use full words, so $message instead of $msg.
Comment #3
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedhi @greggles,
I have added tests for this functionality too (Need your guidance over here), besides above correction. Kindly review.
Thanks and Regards
Comment #4
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedComment #6
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedSorry, I missed one thing. Patch updated.
Comment #8
navneet0693 CreditAttribution: navneet0693 as a volunteer and at QED42 commentedAvoid t() functions in assertion.
Form post will be unsuccessful without current password.
Comment #9
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedComment #10
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedComment #11
gregglesWhat do you think about using filter_xss or filter_xss_admin instead of check_plain here? I wonder which one is best for this message.
Comment #12
gregglesNitpicky requests:
Comments should be sentences with closing punctuation and sentence casing.
Variables should be consistent throughout a file (e.g. $max_limit instead of $maxLimit).
Comment #13
gregglesComment #14
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commentedGenerally, I avoid such mistakes, probably this mistake has been by mistake :p.
Thanks and Regards
Comment #16
purushotam.rai CreditAttribution: purushotam.rai as a volunteer and at QED42 commented