Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Newsletter Module, security concern unsubscription link


Reply


856 Views

Avatar
TF-35Lightning

Community Member, 137 Posts

16 May 2010 at 11:34pm

Hi all I have just got the Newsletter module running for the first time and have noticed that I can simply unsubscribe any email address that I desire (if I guess the correct email) via the link

http://localhost/silverstripe/silverstripe-v2.4.0/unsubscribe/index/myemail@gmail.com/1

(I put in the email address I guess)
etc.

I presume it is up to us to come up with some kind of unique identifier to check an id and an email address against each other to help secure the unsubscription, or is that built into it somewhere or?

There's not much point in having the Newsletter module if people can unsubscribe each other so easily etc.

Any help would be great