Loading...
 
Features / Usability

Features / Usability


Disable tiki-send_blog_post.php for the Anonymous group?

posts: 13 United States

While fine tuning our tikiwiki setup (1.9.7) on our internal test server tonight, in preparation of putting it out, I noticed that for both the forum and blog areas, the Anonymous group has the privilege to 'send blog post' via e-mail.

IMHO this is not good to have (DOS etc), so I would like to turn it off for the Anonymous group. Yet, Admin-> Groups -> Anonymous -> Permission only has

  • tiki_p_forum_read
  • tiki_p_read_blog
  • tiki_p_view
  • tiki_p_wiki_view_comments


enabled. I didn't see anything related to sending blog posts via email in the big permission list. So, where and how I can disable this "feature"?

Thanks for any pointers/hints.

--Peter

posts: 13 United States

Not willing to give up before taking off from my office, I decided to grep the source tree a bit, and soon I realized that in templates/tiki-view_blog_post.tpl, the tiki-send_blog_post.php is hard coded frown

I think the following would be more secure, only readers who have posting privileges (i.e. write) can use the tikiwiki for sending out posts. Otherwise, they must use their own browser's send link to send wink

{if $tiki_p_post_comments == 'y' }
<a href='tiki-send_blog_post.php?postId={$postID}'><img src='img/icons/email.gif border='0' alt='{tr}email this post{/tr}' title='{tr}email this post{/tr}' /></a>
{/if}

Any comments about the above suggestions?

--Peter


posts: 3665 United States

>
> IMHO this is not good to have (DOS etc), so I would like to turn it off for the Anonymous group.

Or you could add a CAPTCHA to the form.

HTH,

-Rick



posts: 1630 Canada

Tiki 1.10 has a new tell-a-friend feature which works not only for blog posts, but any page.

Great idea about adding a protection though...

M ;-)


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting