Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
I noticed traffic in my logs to the url https://mysite/print/printmail/printmail/ so I started poking around at it. I notice some strange behavior that does not adversely affect my site but thought it might be worth looking at since I don't think it is an intended result. If you go to anysiteusingprint.org/print/printmail/printmail, you get a screen of what looks like junk, at least to the browser/human eye (I tested this on several different sites). If you add /[anything] to the end of that, the "response" you get appears to be static per URL, which kind of makes it seem like it's returning what might be real data of some kind. I have attached a screenshot of one such result. I just wanted to put it out here in case there actually is some kind of security implication to this. I don't know enough to say.
Proposed resolution
I am just redirecting any calls to /print/printmail/ to my 404 in my htaccess
Remaining tasks
Someone with a better idea of what is going on should take a look and see if there is a security implication, and maybe it would be worth patching the module just to send these requests to a 404
| Comment | File | Size | Author |
|---|---|---|---|
| printmail.png | 182.69 KB | jeramy |
Comments
Comment #2
jeramy CreditAttribution: jeramy as a volunteer commentedComment #3
jeramy CreditAttribution: jeramy as a volunteer commented