This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Newsletter Module, security concern unsubscription link

1227 Views

TF-35Lightning

Community Member, 137 Posts

16 May 2010 at 11:34pm

Hi all I have just got the Newsletter module running for the first time and have noticed that I can simply unsubscribe any email address that I desire (if I guess the correct email) via the link

http://localhost/silverstripe/silverstripe-v2.4.0/unsubscribe/index/myemail@gmail.com/1

(I put in the email address I guess)
etc.

I presume it is up to us to come up with some kind of unique identifier to check an id and an email address against each other to help secure the unsubscription, or is that built into it somewhere or?

There's not much point in having the Newsletter module if people can unsubscribe each other so easily etc.

Any help would be great

Return to top