-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send spam through user registration #19438
Comments
the username field is only 30 characters of text - not very useful for sending spam |
While the username field has a size attribute of 30, it can be up to 150 characters long. |
@Quy the database table allows it to be 150 but the "spammer" can still only submit 30 characters |
More than 150 characters can be entered but it will be truncated at 150. I created a 150 characters username. |
I only tested in the admin where you can only submit 30 |
Ok then the issue is the front end registration allowing up to 150 characters. |
So that's a bug and will cause issues if a long username is created on the fronted and then edited in the admin. I will take a look at fixing that |
Sorry my mistake you can enter 150 characters in both admin and frontend - I must have had a different error before that was unrelated |
The Name is up to 400 characters long. Could also be shorter. Moreover, it can break the layout of the site (backend + frontend) . See the image. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19438. |
Related #14275 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19438. |
Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/19438 |
Lets discuss in #14275 as it relates to more control over username/email which would address spam abuse as mentioned in this issue. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19438. |
Steps to reproduce the issue
Set user activation to 'Admin' and allow user registration.
Submit the registration form where the name of the user is spam text and enter an email to spam (use a test email for this ofcourse)
Expected result
No email send to the user
Actual result
The email that is used to register an account receives an email and because the name of the user contains spam text this text is placed in the email.
Additional comments
Ad an option to turn off all emails after registration or putt a variable limitation on the username
The text was updated successfully, but these errors were encountered: