Follow-up Comment #4, sr #110592 (project administration):
I don't see a point in the whole "# User details." block.
If the savannah frontend has been used to create spam in the past it should be
catched before actually sending the mail (limiting notifications for new
users, denying them to add mail addresses to CC or similar).
Adding some kind of personal data identifiers from the sender so recipients
can filter spam based on those seems somewhat backwards to me.
As a side note:
I don't remember if PHP allows \n in $_SERVER['HTTP_USER_AGENT'] but if yes
everybody could inject their own mail headers into the notification mails and
possibly replace the body by adding two \n in a row.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/support/?110592>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
