]> git.koha-community.org Git - koha.git/commit
Bug 3280 : Restrict Send basket feature
authorFrère Sébastien Marie <semarie-koha@latrappe.fr>
Mon, 5 Dec 2011 09:11:46 +0000 (10:11 +0100)
committerChris Cormack <chrisc@catalyst.net.nz>
Mon, 9 Jul 2012 18:40:07 +0000 (06:40 +1200)
commitd8feddd48ac88c33a8dea8b7522f15bdc5aff39d
treec3802ead9b873e3904ebdd6e636c09c984bba4da
parentb0d735a0a6d29838de2a4116e6a8b92d0affc7f6
Bug 3280 : Restrict Send basket feature

In order to prevent spamming using sendbasket.pl, some counter-measure are done:
 - permit send basket only for authenticated user
 - permit send basket only if basket contains items
 - use username & email for 'Reply-To' field (with fallback to KohaAdminEmailAddress)
 - add field X-Orig-IP with IP of sender
 - add field X-Abuse-Report with KohaAdminEmailAddress

Note: we don't use forged 'To' address with patron email in order to
prevent be marked as spam (by SPF for example).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
opac/opac-sendbasket.pl