Bug 3280 : Restrict Send basket feature
In order to prevent spamming using sendbasket.pl, some counter-measure are done:
- permit send basket only for authenticated user
- permit send basket only if basket contains items
- use username & email for 'Reply-To' field (with fallback to KohaAdminEmailAddress)
- add field X-Orig-IP with IP of sender
- add field X-Abuse-Report with KohaAdminEmailAddress
Note: we don't use forged 'To' address with patron email in order to
prevent be marked as spam (by SPF for example).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
projects / koha.git / commit