Ticket #1684 (closed defect: fixed)
orderpanel needs coverage
|Reported by:||haeber||Owned by:||tomdooley|
|Priority:||major||Milestone:||ispCP ω 1.0.3|
|Component:||Frontend (GUI)||Version:||ispCP ω 1.0.0 - RC7|
Currently it's possible that anonym users can abuse the address/e-mail form of the orderpanel to annoy the reseller/admin (the one which makes hosting plans) with bogus orders. Furthermore it's possible to send anonym message through this order-form to the entered e-mail address. This is in my opinion not acceptable and is not far away from a spam relay. So there are some recommendation I would like to see in the orderpanel, as soon as possible after 1.0.0.
- add a captcha to prevent stupid cracker robots
- add an opt-in service, which demands the none fake users to confirm the order, foremost than the reseller/admin should get the note about the order
- add a (optional) configurable variable, for an customised entry to the orderpanel. For example every ispcp installation should have the variable $_GETcustom_orderpanel_id?. Only if this variable is given in the url, the client gets access to the orderpanel. This prevents default and not customized cracker robots to attack and abuse the orderpanel, cause every ispcp installation can have it's own value for $_GETcustom_order_id?.
Best Regards Haeber
- Owner set to tomdooley
- Status changed from new to assigned
- Status changed from assigned to closed
- Resolution set to fixed