Update on mail function/command: So far I've done a good bit or reworking of the core mail function including these upgrades:
* Optional return & reply parameters. If not set, uses from parameter correctly in both. * Added a simply html=true mode to send html messages, processing markup. * Overhaul of how demo display looks. Now shows entire message, with all headers. * Added a BCC option which can call a page with a list of emails or member ids Now the security issues: Currently, to send an email, you must set mailmode to active or demo in site.config. (Active to send, demo for display). Then if a site.auth.email page exists, permissions are checked. I don't like this particularly, because if someone sets the mode to active and forgets to create a site.auth.email page, someone could send email from a comment box, or even a sandbox, etc. Not good. Also, if you want to test an email, you have to remember to set mode=demo, rather than it automatically testing the message first until you remember to set mode=active. Plus having a mode parameter and a config mailmode is probably a bit confusing... Proposed: 1) to send emails you have to manually create a site.auth.email page and specify permissions. That essentially turns things on. To use BCC you will have to manually create a site.auth.email.bcc. 2) all mail functions automatically go to demo mode until mode=active is specifically set. This means you always get a test output until you are certain it is ready to go. These two changes should tighten security and simplify development of email based functions. Of course the disadvantage is you would have to go through all your existing mail forms/functions and add mode=active. What does everyone think? Cheers, Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
