It is only an issue when a user can trigger an email sent to a email they have not proven that they can receive.
So the initial account creation and changing the email from the user profile page.
In other contexts, it probably does not matter. In some cases it has to be sent such as sending the ...
Search found 3 matches
- 20 Nov 2025, 22:29
- Forum: General Discussion
- Topic: Signup UserName Valid Characters
- Replies: 5
- Views: 260
- 19 Nov 2025, 15:17
- Forum: General Discussion
- Topic: Signup UserName Valid Characters
- Replies: 5
- Views: 260
Re: Signup UserName Valid Characters
I propose that $s_new_account_greeting be changed for all languages and stop including the username.
It is not needed since the username appears at the top of the box when the verify link is clicked.
It is not needed since the username appears at the top of the box when the verify link is clicked.
- 19 Nov 2025, 10:01
- Forum: General Discussion
- Topic: Signup UserName Valid Characters
- Replies: 5
- Views: 260
Signup UserName Valid Characters
I got a security report on our forum because a malicious actor in the sign up form can enter text like:
"myfishingwebsite.com" as the user name and some potential victim as the email.
With some e-mail clients, like Gmail, anything that looks like a URL is automatically converted to a clickable ...
"myfishingwebsite.com" as the user name and some potential victim as the email.
With some e-mail clients, like Gmail, anything that looks like a URL is automatically converted to a clickable ...