0005206: Bots submitting blank member contact form is irksome

ID	Project	Category	View Status	Date Submitted	Last Update

0005206	Composr	cns_contact_member	public	2022-12-28 03:06	2022-12-28 03:07

Reporter	Chris Graham	Assigned To	Chris Graham
Severity	Trivial-bug
Status	resolved	Resolution	fixed
Product Version	10.0.43
Fixed in Version	10.0.44

Summary	0005206: Bots submitting blank member contact form is irksome
Description	Bots may submit corrupt blank member contact forms, and it will send a blank email to a member. There are two coalescing reasons for this: 1) The form only has 2 parameters, with obvious names, so a spam bot can fairly easily manipulate the form into just those two fields by coincidence, throwing away the hidden fields used to mark those two fields as not supporting blank values. 2) The form can be submitted as guest on some sites. Add extra validation code.
Tags	No tags attached.

Time estimation (hours)
Sponsorship open

admin 2022-12-28 03:06 administrator ~0007845	Fixed in git commit a26e9baaec (https://gitlab.com/composr-foundation/composr/commit/a26e9baaec - link will become active once code pushed to GitLab) A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). hotfix-5206, 2022-12-28 3am.tar (15,872 bytes)

Date Modified	Username	Field	Change
2022-12-28 03:07	Chris Graham	Relationship added	related to 0004912